Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Dennis Hoppe
infrastructure
Commits
419d6559
Verified
Commit
419d6559
authored
Mar 02, 2018
by
Florian Pritz
Browse files
postgres: Merge config differences from soyuz
Signed-off-by:
Florian Pritz
<
bluewind@xinu.at
>
parent
22c0af69
Changes
2
Hide whitespace changes
Inline
Side-by-side
roles/postgres/templates/pg_hba.conf.j2
View file @
419d6559
...
...
@@ -42,10 +42,10 @@
# or "samenet" to match any address in any subnet that the server is
# directly connected to.
#
# METHOD can be "trust", "reject", "md5", "password", "
gss", "sspi
",
# "ident", "peer", "pam", "ldap", "radius" or "cert".
Note that
# "password" sends passwords in clear text; "md5"
is preferred since
#
it
send
s
encrypted passwords.
# METHOD can be "trust", "reject", "md5", "password", "
scram-sha-256
",
#
"gss", "sspi",
"ident", "peer", "pam", "ldap", "radius" or "cert".
#
Note that
"password" sends passwords in clear text; "md5"
or
#
"scram-sha-256" are preferred since they
send encrypted passwords.
#
# OPTIONS are a set of options for the authentication in the format
# NAME=VALUE. The available options depend on the different
...
...
@@ -59,11 +59,11 @@
# its special character, and just match a database or username with
# that name.
#
# This file is read on server startup and when the
postmast
er receives
#
a
SIGHUP signal. If you edit the file on a running system, you have
#
to
SIGHUP the
postmast
er for the changes to take effect
. You can
#
use "pg_ctl reload" to do that
.
# This file is read on server startup and when the
serv
er receives
a
# SIGHUP signal. If you edit the file on a running system, you have
to
# SIGHUP the
serv
er for the changes to take effect
, run "pg_ctl reload",
#
or execute "SELECT pg_reload_conf()"
.
#
# Put your actual configuration here
# ----------------------------------
#
...
...
@@ -72,10 +72,6 @@
# listen on a non-local interface via the listen_addresses
# configuration parameter, or via the -i or -h command line switches.
# CAUTION: Configuring the system for local "trust" authentication
# allows any local user to connect as any PostgreSQL user, including
# the database superuser. If you do not trust all your local users,
# use another authentication method.
# TYPE DATABASE USER ADDRESS METHOD
...
...
@@ -91,9 +87,9 @@ host all postgres ::1/128 md5
host sameuser all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication
postgres
trust
#host replication
postgres
127.0.0.1/32
trust
#host replication
postgres
::1/128
trust
#local replication
all
peer
#host replication
all
127.0.0.1/32
md5
#host replication
all
::1/128
md5
{% for host in postgres_ssl_hosts %}
hostssl all all {{ host }} md5
{% endfor %}
roles/postgres/templates/postgresql.conf.j2
View file @
419d6559
...
...
@@ -16,9 +16,9 @@
#
# This file is read on server startup and when the server receives a SIGHUP
# signal. If you edit the file on a running system, you have to SIGHUP the
# server for the changes to take effect,
or use
"pg_ctl reload"
. Som
e
# parameters, which are marked below,
require a server shutdown and restart to
# take effect.
# server for the changes to take effect,
run
"pg_ctl reload"
, or execut
e
#
"SELECT pg_reload_conf()". Some
parameters, which are marked below,
#
require a server shutdown and restart to
take effect.
#
# Any parameter can also be given as a command-line option to the server, e.g.,
# "postgres -c log_connections=on". Some parameters can be changed at run time
...
...
@@ -56,7 +56,7 @@
# - Connection Settings -
listen_addresses = {{ postgres_listen_addresses }} # what IP address(es) to listen on;
listen_addresses =
'
{{ postgres_listen_addresses }}
'
# what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
...
...
@@ -78,14 +78,14 @@ max_connections = {{ postgres_max_connections }} # (change requires restart)
#authentication_timeout = 1min # 1s-600s
ssl = {{ postgres_ssl }} # (change requires restart)
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
# (change requires restart)
ssl_
prefer_server_ciphers = {{ postgres_ssl_prefer_server_ciphers }} # (change requires restart)
#ssl_
ec
dh_
curve = 'prime256v1' # (change requires restart)
ssl_cert_file = '{{ postgres_ssl_cert_file }}'
# (change requires restart)
ssl_key_file = '{{ postgres_ssl_key_file }}'
# (change requires restart)
ssl_ca_file = '{{ postgres_ssl_ca_file }}'
# (change requires restart)
#ssl_crl_file = ''
# (change requires restart)
#password_encryption =
on
ssl_prefer_server_ciphers = {{ postgres_ssl_prefer_server_ciphers }}
#
ssl_
ecdh_curve = 'prime256v1'
#ssl_dh_
params_file = ''
ssl_cert_file = '{{ postgres_ssl_cert_file }}'
ssl_key_file = '{{ postgres_ssl_key_file }}'
ssl_ca_file = '{{ postgres_ssl_ca_file }}'
#ssl_crl_file = ''
#password_encryption =
md5 # md5 or scram-sha-256
#db_user_namespace = off
#row_security = on
...
...
@@ -131,6 +131,7 @@ dynamic_shared_memory_type = posix # the default is the first option
# windows
# mmap
# use none to disable dynamic shared memory
# (change requires restart)
# - Disk -
...
...
@@ -156,17 +157,18 @@ dynamic_shared_memory_type = posix # the default is the first option
#bgwriter_delay = 200ms # 10-10000ms between rounds
#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round
#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round
#bgwriter_flush_after = 0 # 0 disables,
# default is 512kB on linux, 0 otherwise
#bgwriter_flush_after = 512kB # measured in pages, 0 disables
# - Asynchronous Behavior -
#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
#max_worker_processes = 8 # (change requires restart)
#max_parallel_workers_per_gather = 0 # taken from max_worker_processes
#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers
#max_parallel_workers = 8 # maximum number of max_worker_processes that
# can be used in parallel queries
#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate
# (change requires restart)
#backend_flush_after = 0 #
0 disables, default is 0
# (change requires restart)
#backend_flush_after = 0 #
measured in pages, 0 disables
#------------------------------------------------------------------------------
...
...
@@ -175,11 +177,11 @@ dynamic_shared_memory_type = posix # the default is the first option
# - Settings -
#wal_level =
minimal
# minimal, replica, or logical
#wal_level =
replica
# minimal, replica, or logical
# (change requires restart)
#fsync = on # flush data to disk for crash safety
# (turning this off can cause
# unrecoverable data corruption)
# (turning this off can cause
# unrecoverable data corruption)
#synchronous_commit = on # synchronization level;
# off, local, remote_write, remote_apply, or on
#wal_sync_method = fsync # the default is the first option
...
...
@@ -196,7 +198,7 @@ dynamic_shared_memory_type = posix # the default is the first option
#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
# (change requires restart)
#wal_writer_delay = 200ms # 1-10000 milliseconds
#wal_writer_flush_after = 1MB # 0 disables
#wal_writer_flush_after = 1MB #
measured in pages,
0 disables
#commit_delay = 0 # range 0-100000, in microseconds
#commit_siblings = 5 # range 1-1000
...
...
@@ -207,8 +209,7 @@ dynamic_shared_memory_type = posix # the default is the first option
#max_wal_size = 1GB
#min_wal_size = 80MB
#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0
#checkpoint_flush_after = 0 # 0 disables,
# default is 256kB on linux, 0 otherwise
#checkpoint_flush_after = 256kB # measured in pages, 0 disables
#checkpoint_warning = 30s # 0 disables
# - Archiving -
...
...
@@ -231,12 +232,12 @@ dynamic_shared_memory_type = posix # the default is the first option
# Set these on the master and on any standby that will send replication data.
#max_wal_senders = 0 # max number of walsender processes
#max_wal_senders =
1
0 # max number of walsender processes
# (change requires restart)
#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables
#wal_sender_timeout = 60s # in milliseconds; 0 disables
#max_replication_slots = 0 # max number of replication slots
#max_replication_slots =
1
0 # max number of replication slots
# (change requires restart)
#track_commit_timestamp = off # collect timestamp of transaction commit
# (change requires restart)
...
...
@@ -246,7 +247,8 @@ dynamic_shared_memory_type = posix # the default is the first option
# These settings are ignored on a standby server.
#synchronous_standby_names = '' # standby servers that provide sync rep
# number of sync standbys and comma-separated list of application_name
# method to choose sync standbys, number of sync standbys,
# and comma-separated list of application_name
# from standby(s); '*' = all
#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
...
...
@@ -254,7 +256,7 @@ dynamic_shared_memory_type = posix # the default is the first option
# These settings are ignored on a master server.
#hot_standby = o
ff
# "o
n"
allows queries during recovery
#hot_standby = o
n
# "o
ff" dis
allows queries during recovery
# (change requires restart)
#max_standby_archive_delay = 30s # max delay before canceling queries
# when reading WAL from archive;
...
...
@@ -272,6 +274,14 @@ dynamic_shared_memory_type = posix # the default is the first option
#wal_retrieve_retry_interval = 5s # time to wait before retrying to
# retrieve WAL after a failed attempt
# - Subscribers -
# These settings are ignored on a publisher.
#max_logical_replication_workers = 4 # taken from max_worker_processes
# (change requires restart)
#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers
#------------------------------------------------------------------------------
# QUERY TUNING
...
...
@@ -300,7 +310,8 @@ dynamic_shared_memory_type = posix # the default is the first option
#cpu_operator_cost = 0.0025 # same scale as above
#parallel_tuple_cost = 0.1 # same scale as above
#parallel_setup_cost = 1000.0 # same scale as above
#min_parallel_relation_size = 8MB
#min_parallel_table_scan_size = 8MB
#min_parallel_index_scan_size = 512kB
#effective_cache_size = 4GB
# - Genetic Query Optimizer -
...
...
@@ -342,7 +353,7 @@ dynamic_shared_memory_type = posix # the default is the first option
# (change requires restart)
# These are only used if logging_collector is on:
#log_directory = '
pg_
log' # directory where log files are written,
#log_directory = 'log'
# directory where log files are written,
# can be absolute or relative to PGDATA
#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
# can include strftime() escapes
...
...
@@ -369,6 +380,7 @@ dynamic_shared_memory_type = posix # the default is the first option
#syslog_split_messages = on
# This is only relevant when logging to eventlog (win32):
# (change requires restart)
#event_source = 'PostgreSQL'
# - When to Log -
...
...
@@ -430,7 +442,7 @@ dynamic_shared_memory_type = posix # the default is the first option
#log_duration = off
#log_error_verbosity = default # terse, default, or verbose messages
#log_hostname = off
#log_line_prefix = ''
# special values:
#log_line_prefix = '
%m [%p]
' # special values:
# %a = application name
# %u = user name
# %d = database name
...
...
@@ -538,7 +550,7 @@ log_timezone = 'UTC'
#session_replication_role = 'origin'
#statement_timeout = 0 # in milliseconds, 0 is disabled
#lock_timeout = 0 # in milliseconds, 0 is disabled
#idle_in_transaction_session_timeout = 0
# in milliseconds, 0 is disabled
#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
#vacuum_freeze_min_age = 50000000
#vacuum_freeze_table_age = 150000000
#vacuum_multixact_freeze_min_age = 5000000
...
...
@@ -566,11 +578,11 @@ timezone = 'UTC'
# encoding
# These settings are initialized by initdb, but they can be changed.
lc_messages = 'en_US.
UTF
-8' # locale for system error message
lc_messages = 'en_US.
utf
-8' # locale for system error message
# strings
lc_monetary = 'en_US.
UTF
-8' # locale for monetary formatting
lc_numeric = 'en_US.
UTF
-8' # locale for number formatting
lc_time = 'en_US.
UTF
-8' # locale for time formatting
lc_monetary = 'en_US.
utf
-8' # locale for monetary formatting
lc_numeric = 'en_US.
utf
-8' # locale for number formatting
lc_time = 'en_US.
utf
-8' # locale for time formatting
# default configuration for text search
default_text_search_config = 'pg_catalog.english'
...
...
@@ -591,6 +603,10 @@ default_text_search_config = 'pg_catalog.english'
# (change requires restart)
#max_pred_locks_per_transaction = 64 # min 10
# (change requires restart)
#max_pred_locks_per_relation = -2 # negative values mean
# (max_pred_locks_per_transaction
# / -max_pred_locks_per_relation) - 1
#max_pred_locks_per_page = 2 # min 0
#------------------------------------------------------------------------------
...
...
@@ -606,7 +622,6 @@ default_text_search_config = 'pg_catalog.english'
#lo_compat_privileges = off
#operator_precedence_warning = off
#quote_all_identifiers = off
#sql_inheritance = on
#standard_conforming_strings = on
#synchronize_seqscans = on
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment