postgres: Merge config differences from soyuz

Signed-off-by: Florian Pritz <bluewind@xinu.at>

postgres: Merge config differences from soyuz
Signed-off-by: Florian Pritz <bluewind@xinu.at>
419d6559 · Florian Pritz · 22c0af69 · 419d6559 · 419d6559
Verified Commit 419d6559 authored Mar 02, 2018 by Florian Pritz
--- a/roles/postgres/templates/pg_hba.conf.j2
+++ b/roles/postgres/templates/pg_hba.conf.j2
@@ -42,10 +42,10 @@
 # or "samenet" to match any address in any subnet that the server is
 # directly connected to.
 #
-# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
-# "ident", "peer", "pam", "ldap", "radius" or "cert".  Note that
-# "password" sends passwords in clear text; "md5" is preferred since
-# it sends encrypted passwords.
+# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
+# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
+# Note that "password" sends passwords in clear text; "md5" or
+# "scram-sha-256" are preferred since they send encrypted passwords.
 #
 # OPTIONS are a set of options for the authentication in the format
 # NAME=VALUE.  The available options depend on the different
@@ -59,11 +59,11 @@
 # its special character, and just match a database or username with
 # that name.
 #
-# This file is read on server startup and when the postmaster receives
-# a SIGHUP signal.  If you edit the file on a running system, you have
-# to SIGHUP the postmaster for the changes to take effect.  You can
-# use "pg_ctl reload" to do that.
-
+# This file is read on server startup and when the server receives a
+# SIGHUP signal.  If you edit the file on a running system, you have to
+# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
+# or execute "SELECT pg_reload_conf()".
+#
 # Put your actual configuration here
 # ----------------------------------
 #
@@ -72,10 +72,6 @@
 # listen on a non-local interface via the listen_addresses
 # configuration parameter, or via the -i or -h command line switches.

-# CAUTION: Configuring the system for local "trust" authentication
-# allows any local user to connect as any PostgreSQL user, including
-# the database superuser.  If you do not trust all your local users,
-# use another authentication method.


 # TYPE  DATABASE        USER            ADDRESS                 METHOD
@@ -91,9 +87,9 @@ host    all             postgres        ::1/128                 md5
 host    sameuser        all             ::1/128                 md5
 # Allow replication connections from localhost, by a user with the
 # replication privilege.
-#local   replication     postgres                                trust
-#host    replication     postgres        127.0.0.1/32            trust
-#host    replication     postgres        ::1/128                 trust
+#local   replication     all                                     peer
+#host    replication     all             127.0.0.1/32            md5
+#host    replication     all             ::1/128                 md5
 {% for host in postgres_ssl_hosts %}
 hostssl all             all             {{ host }}              md5
 {% endfor %}
--- a/roles/postgres/templates/postgresql.conf.j2
+++ b/roles/postgres/templates/postgresql.conf.j2
@@ -16,9 +16,9 @@
 #
 # This file is read on server startup and when the server receives a SIGHUP
 # signal.  If you edit the file on a running system, you have to SIGHUP the
-# server for the changes to take effect, or use "pg_ctl reload".  Some
-# parameters, which are marked below, require a server shutdown and restart to
-# take effect.
+# server for the changes to take effect, run "pg_ctl reload", or execute
+# "SELECT pg_reload_conf()".  Some parameters, which are marked below,
+# require a server shutdown and restart to take effect.
 #
 # Any parameter can also be given as a command-line option to the server, e.g.,
 # "postgres -c log_connections=on".  Some parameters can be changed at run time
@@ -56,7 +56,7 @@

 # - Connection Settings -

-listen_addresses = {{ postgres_listen_addresses }}		# what IP address(es) to listen on;
+listen_addresses = '{{ postgres_listen_addresses }}'		# what IP address(es) to listen on;
 					# comma-separated list of addresses;
 					# defaults to 'localhost'; use '*' for all
 					# (change requires restart)
@@ -78,14 +78,14 @@ max_connections = {{ postgres_max_connections }}			# (change requires restart)
 #authentication_timeout = 1min		# 1s-600s
 ssl = {{ postgres_ssl }}				# (change requires restart)
 #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
-					# (change requires restart)
-ssl_prefer_server_ciphers = {{ postgres_ssl_prefer_server_ciphers }}		# (change requires restart)
-#ssl_ecdh_curve = 'prime256v1'		# (change requires restart)
-ssl_cert_file = '{{ postgres_ssl_cert_file }}'		# (change requires restart)
-ssl_key_file = '{{ postgres_ssl_key_file }}'		# (change requires restart)
-ssl_ca_file = '{{ postgres_ssl_ca_file }}'			# (change requires restart)
-#ssl_crl_file = ''			# (change requires restart)
-#password_encryption = on
+ssl_prefer_server_ciphers = {{ postgres_ssl_prefer_server_ciphers }}
+#ssl_ecdh_curve = 'prime256v1'
+#ssl_dh_params_file = ''
+ssl_cert_file = '{{ postgres_ssl_cert_file }}'
+ssl_key_file = '{{ postgres_ssl_key_file }}'
+ssl_ca_file = '{{ postgres_ssl_ca_file }}'
+#ssl_crl_file = ''
+#password_encryption = md5		# md5 or scram-sha-256
 #db_user_namespace = off
 #row_security = on

@@ -131,6 +131,7 @@ dynamic_shared_memory_type = posix	# the default is the first option
 					#   windows
 					#   mmap
 					# use none to disable dynamic shared memory
+					# (change requires restart)

 # - Disk -

@@ -156,17 +157,18 @@ dynamic_shared_memory_type = posix	# the default is the first option
 #bgwriter_delay = 200ms			# 10-10000ms between rounds
 #bgwriter_lru_maxpages = 100		# 0-1000 max buffers written/round
 #bgwriter_lru_multiplier = 2.0		# 0-10.0 multiplier on buffers scanned/round
-#bgwriter_flush_after = 0		# 0 disables,
-					# default is 512kB on linux, 0 otherwise
+#bgwriter_flush_after = 512kB		# measured in pages, 0 disables

 # - Asynchronous Behavior -

 #effective_io_concurrency = 1		# 1-1000; 0 disables prefetching
 #max_worker_processes = 8		# (change requires restart)
-#max_parallel_workers_per_gather = 0	# taken from max_worker_processes
+#max_parallel_workers_per_gather = 2	# taken from max_parallel_workers
+#max_parallel_workers = 8		# maximum number of max_worker_processes that
+					# can be used in parallel queries
 #old_snapshot_threshold = -1		# 1min-60d; -1 disables; 0 is immediate
-									# (change requires restart)
-#backend_flush_after = 0		# 0 disables, default is 0
+					# (change requires restart)
+#backend_flush_after = 0		# measured in pages, 0 disables


 #------------------------------------------------------------------------------
@@ -175,11 +177,11 @@ dynamic_shared_memory_type = posix	# the default is the first option

 # - Settings -

-#wal_level = minimal			# minimal, replica, or logical
+#wal_level = replica			# minimal, replica, or logical
 					# (change requires restart)
 #fsync = on				# flush data to disk for crash safety
-						# (turning this off can cause
-						# unrecoverable data corruption)
+					# (turning this off can cause
+					# unrecoverable data corruption)
 #synchronous_commit = on		# synchronization level;
 					# off, local, remote_write, remote_apply, or on
 #wal_sync_method = fsync		# the default is the first option
@@ -196,7 +198,7 @@ dynamic_shared_memory_type = posix	# the default is the first option
 #wal_buffers = -1			# min 32kB, -1 sets based on shared_buffers
 					# (change requires restart)
 #wal_writer_delay = 200ms		# 1-10000 milliseconds
-#wal_writer_flush_after = 1MB		# 0 disables
+#wal_writer_flush_after = 1MB		# measured in pages, 0 disables

 #commit_delay = 0			# range 0-100000, in microseconds
 #commit_siblings = 5			# range 1-1000
@@ -207,8 +209,7 @@ dynamic_shared_memory_type = posix	# the default is the first option
 #max_wal_size = 1GB
 #min_wal_size = 80MB
 #checkpoint_completion_target = 0.5	# checkpoint target duration, 0.0 - 1.0
-#checkpoint_flush_after = 0		# 0 disables,
-					# default is 256kB on linux, 0 otherwise
+#checkpoint_flush_after = 256kB		# measured in pages, 0 disables
 #checkpoint_warning = 30s		# 0 disables

 # - Archiving -
@@ -231,12 +232,12 @@ dynamic_shared_memory_type = posix	# the default is the first option

 # Set these on the master and on any standby that will send replication data.

-#max_wal_senders = 0		# max number of walsender processes
+#max_wal_senders = 10		# max number of walsender processes
 				# (change requires restart)
 #wal_keep_segments = 0		# in logfile segments, 16MB each; 0 disables
 #wal_sender_timeout = 60s	# in milliseconds; 0 disables

-#max_replication_slots = 0	# max number of replication slots
+#max_replication_slots = 10	# max number of replication slots
 				# (change requires restart)
 #track_commit_timestamp = off	# collect timestamp of transaction commit
 				# (change requires restart)
@@ -246,7 +247,8 @@ dynamic_shared_memory_type = posix	# the default is the first option
 # These settings are ignored on a standby server.

 #synchronous_standby_names = ''	# standby servers that provide sync rep
-				# number of sync standbys and comma-separated list of application_name
+				# method to choose sync standbys, number of sync standbys,
+				# and comma-separated list of application_name
 				# from standby(s); '*' = all
 #vacuum_defer_cleanup_age = 0	# number of xacts by which cleanup is delayed

@@ -254,7 +256,7 @@ dynamic_shared_memory_type = posix	# the default is the first option

 # These settings are ignored on a master server.

-#hot_standby = off			# "on" allows queries during recovery
+#hot_standby = on			# "off" disallows queries during recovery
 					# (change requires restart)
 #max_standby_archive_delay = 30s	# max delay before canceling queries
 					# when reading WAL from archive;
@@ -272,6 +274,14 @@ dynamic_shared_memory_type = posix	# the default is the first option
 #wal_retrieve_retry_interval = 5s	# time to wait before retrying to
 					# retrieve WAL after a failed attempt

+# - Subscribers -
+
+# These settings are ignored on a publisher.
+
+#max_logical_replication_workers = 4	# taken from max_worker_processes
+					# (change requires restart)
+#max_sync_workers_per_subscription = 2	# taken from max_logical_replication_workers
+

 #------------------------------------------------------------------------------
 # QUERY TUNING
@@ -300,7 +310,8 @@ dynamic_shared_memory_type = posix	# the default is the first option
 #cpu_operator_cost = 0.0025		# same scale as above
 #parallel_tuple_cost = 0.1		# same scale as above
 #parallel_setup_cost = 1000.0	# same scale as above
-#min_parallel_relation_size = 8MB
+#min_parallel_table_scan_size = 8MB
+#min_parallel_index_scan_size = 512kB
 #effective_cache_size = 4GB

 # - Genetic Query Optimizer -
@@ -342,7 +353,7 @@ dynamic_shared_memory_type = posix	# the default is the first option
 					# (change requires restart)

 # These are only used if logging_collector is on:
-#log_directory = 'pg_log'		# directory where log files are written,
+#log_directory = 'log'			# directory where log files are written,
 					# can be absolute or relative to PGDATA
 #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'	# log file name pattern,
 					# can include strftime() escapes
@@ -369,6 +380,7 @@ dynamic_shared_memory_type = posix	# the default is the first option
 #syslog_split_messages = on

 # This is only relevant when logging to eventlog (win32):
+# (change requires restart)
 #event_source = 'PostgreSQL'

 # - When to Log -
@@ -430,7 +442,7 @@ dynamic_shared_memory_type = posix	# the default is the first option
 #log_duration = off
 #log_error_verbosity = default		# terse, default, or verbose messages
 #log_hostname = off
-#log_line_prefix = ''			# special values:
+#log_line_prefix = '%m [%p] '		# special values:
 					#   %a = application name
 					#   %u = user name
 					#   %d = database name
@@ -538,7 +550,7 @@ log_timezone = 'UTC'
 #session_replication_role = 'origin'
 #statement_timeout = 0			# in milliseconds, 0 is disabled
 #lock_timeout = 0			# in milliseconds, 0 is disabled
-#idle_in_transaction_session_timeout = 0		# in milliseconds, 0 is disabled
+#idle_in_transaction_session_timeout = 0	# in milliseconds, 0 is disabled
 #vacuum_freeze_min_age = 50000000
 #vacuum_freeze_table_age = 150000000
 #vacuum_multixact_freeze_min_age = 5000000
@@ -566,11 +578,11 @@ timezone = 'UTC'
 					# encoding

 # These settings are initialized by initdb, but they can be changed.
-lc_messages = 'en_US.UTF-8'			# locale for system error message
+lc_messages = 'en_US.utf-8'			# locale for system error message
 					# strings
-lc_monetary = 'en_US.UTF-8'			# locale for monetary formatting
-lc_numeric = 'en_US.UTF-8'			# locale for number formatting
-lc_time = 'en_US.UTF-8'				# locale for time formatting
+lc_monetary = 'en_US.utf-8'			# locale for monetary formatting
+lc_numeric = 'en_US.utf-8'			# locale for number formatting
+lc_time = 'en_US.utf-8'				# locale for time formatting

 # default configuration for text search
 default_text_search_config = 'pg_catalog.english'
@@ -591,6 +603,10 @@ default_text_search_config = 'pg_catalog.english'
 					# (change requires restart)
 #max_pred_locks_per_transaction = 64	# min 10
 					# (change requires restart)
+#max_pred_locks_per_relation = -2	# negative values mean
+					# (max_pred_locks_per_transaction
+					#  / -max_pred_locks_per_relation) - 1
+#max_pred_locks_per_page = 2            # min 0


 #------------------------------------------------------------------------------
@@ -606,7 +622,6 @@ default_text_search_config = 'pg_catalog.english'
 #lo_compat_privileges = off
 #operator_precedence_warning = off
 #quote_all_identifiers = off
-#sql_inheritance = on
 #standard_conforming_strings = on
 #synchronize_seqscans = on