Add multisite support, update to PG17 and use Patroni 4

Author: ants

Makefile

@@ -6,15 +6,15 @@ CONTAINERIMAGE ?= rockylinux/rockylinux:9-ubi-micro
 IMAGE_REPOSITORY ?= docker.io
 IMAGE_PATH ?= cybertec-pg-container
 CONTAINERSUITE ?= cybertec-pg-container
-PGVERSION ?= 16
-PGVERSION_FULL ?= 16.3
-OLD_PG_VERSIONS ?= 13 14 15
-PATRONI_VERSION ?= 3.3.1
+PGVERSION ?= 17
+PGVERSION_FULL ?= 17.0
+OLD_PG_VERSIONS ?= 13 14 15 16
+PATRONI_VERSION ?= multisite-4.0.2.1
 PGBACKREST_VERSION ?= 2.53
 POSTGIS_VERSION ?= 34
 ETCD_VERSION ?= 3.5.15
 PACKAGER ?= dnf
-BUILD ?= 1
+BUILD ?= 2
 ARCH ?= amd64
 IMAGE_TAG ?= $(BASEOS)-$(PGVERSION_FULL)-$(BUILD)
 POSTGIS_IMAGE_TAG ?= $(BASEOS)-$(PGVERSION_FULL)-$(POSTGIS_VERSION)-$(BUILD)
@@ -198,4 +198,4 @@ publicbeta-pgbackrest-build:
 			--build-arg PGVERSION=$(BETAVERSION)									\
 			--build-arg ARCH=$(ARCH)	
 
-publicbeta-pgbackrest: publicbeta-pgbackrest-build;
+publicbeta-pgbackrest: publicbeta-pgbackrest-build;

docker/postgres-gis/Dockerfile

@@ -198,4 +198,4 @@ ENTRYPOINT ["/scripts/nss_wrapper/nss_wrapper.sh"]
 
 USER 26
 
-CMD ["/bin/sh", "/launch.sh", "init"]
+CMD ["/bin/sh", "/launch.sh", "init"]

docker/postgres/Dockerfile

@@ -72,7 +72,12 @@ RUN wget https://smarden.org/runit/runit-2.1.2.tar.gz -P /package/
     #&& curl -sL https://github.com/zalando-pg/pg_auth_mon/archive/$PG_AUTH_MON_COMMIT.tar.gz | tar xz \
 
 RUN pip3 install 'PyYAML<6.0' setuptools pystache loader kazoo meld3 boto python-etcd psutil requests cdiff ydiff --upgrade \
-    && pip3 install patroni[kubernetes$EXTRAS]==$PATRONI_VERSION --upgrade \
+    && if [[ $PATRONI_VERSION == "multisite-"* ]]; then \
+        git clone -b $PATRONI_VERSION https://github.com/cybertec-postgresql/patroni; \
+        pip3 install ./patroni[kubernetes,etcd,etcd3]; \
+    else \
+        pip3 install patroni[kubernetes$EXTRAS]==$PATRONI_VERSION --upgrade; \
+    fi \
     && mkdir /usr/lib/postgresql \
     && git clone -b $PG_PERMISSIONS https://github.com/cybertec-postgresql/pg_permissions.git \
     && git clone -b $SET_USER https://github.com/pgaudit/set_user.git \
@@ -195,4 +200,4 @@ ENTRYPOINT ["/scripts/nss_wrapper/nss_wrapper.sh"]
 
 USER 26
 
-CMD ["/bin/sh", "/launch.sh", "init"]
+CMD ["/bin/sh", "/launch.sh", "init"]

scripts/callback_aws.py

@@ -65,7 +65,7 @@ def main():
 
     ec2 = boto.ec2.connect_to_region(metadata['region'])
 
-    if argc == 5 and role in ('master', 'standby_leader') and action in ('on_start', 'on_role_change'):
+    if argc == 5 and role in ('primary', 'master', 'standby_leader') and action in ('on_start', 'on_role_change'):
         associate_address(ec2, sys.argv[1], instance_id)
 
     instance = get_instance(ec2, instance_id)

scripts/callback_role.py

@@ -78,7 +78,7 @@ def record_role_change(action, new_role, cluster):
     new_role = None if action == 'on_stop' else new_role
     logger.debug("Changing the pod's role to %s", new_role)
     pod_namespace = os.environ.get('POD_NAMESPACE', read_first_line(KUBE_NAMESPACE_FILENAME)) or 'default'
-    if new_role == 'master':
+    if new_role in ['master', 'primary']:
         change_endpoints(pod_namespace, cluster)
     change_pod_role_label(pod_namespace, new_role)
 

scripts/configure_spilo.py

@@ -383,7 +383,7 @@ def deep_update(a, b):
     threshold_megabytes: {{WALE_BACKUP_THRESHOLD_MEGABYTES}}
     threshold_backup_size_percentage: {{WALE_BACKUP_THRESHOLD_PERCENTAGE}}
     retries: 2
-    no_master: 1
+    no_leader: 1
   {{/USE_WALE}}
   basebackup_fast_xlog:
     command: /scripts/basebackup.sh
@@ -394,8 +394,36 @@ def deep_update(a, b):
     threshold_megabytes: {{WALE_BACKUP_THRESHOLD_MEGABYTES}}
     threshold_backup_size_percentage: {{WALE_BACKUP_THRESHOLD_PERCENTAGE}}
     retries: 2
-    no_master: 1
+    no_leader: 1
 {{/STANDBY_WITH_WALE}}
+{{#USE_MULTISITE}}
+multisite:
+  name: '{{MULTISITE_SITE}}-{{SCOPE}}'
+  namespace: {{MULTISITE_NAMESPACE}}
+  etcd3:
+    hosts: {{MULTISITE_ETCD_HOSTS}}
+    {{#MULTISITE_ETCD_USER}}
+    username: {{MULTISITE_ETCD_USER}}
+    {{/MULTISITE_ETCD_USER}}
+    {{#MULTISITE_ETCD_PASSWORD}}
+    password: {{MULTISITE_ETCD_PASSWORD}}
+    {{/MULTISITE_ETCD_PASSWORD}}
+    {{#MULTISITE_ETCD_PROTOCOL}}
+    protocol: {{MULTISITE_ETCD_PROTOCOL}}
+    {{/MULTISITE_ETCD_PROTOCOL}}
+  host: {{EXTERNAL_HOST}}
+  port: {{EXTERNAL_PORT}}
+  ttl: {{MULTISITE_TTL}}
+  retry_timeout: {{MULTISITE_RETRY_TIMEOUT}}
+  {{#UPDATE_CRD}}
+  update_crd: "{{UPDATE_CRD}}"
+  crd_uid: {{CRD_UID}}
+  crd_api: cpo.opensource.cybertec.at/v1
+  {{/UPDATE_CRD}}
+{{/USE_MULTISITE}}
+
+watchdog:
+  mode: off
 '''
 
 
@@ -717,6 +745,20 @@ def get_placeholders(provider):
     if placeholders.get('SSL_RESTAPI_CA') and not placeholders['SSL_RESTAPI_CA_FILE']:
         placeholders['SSL_RESTAPI_CA_FILE'] = os.path.join(placeholders['RW_DIR'], 'certs', 'rest-api-ca.crt')
 
+    placeholders.setdefault('MULTISITE_SITE', '')
+    placeholders.setdefault('MULTISITE_ETCD_HOSTS', '')
+    placeholders.setdefault('MULTISITE_ETCD_USER', '')
+    placeholders.setdefault('MULTISITE_ETCD_PASSWORD', '')
+    placeholders.setdefault('MULTISITE_ETCD_PROTOCOL', 'http')
+    placeholders.setdefault('MULTISITE_TTL', '90')
+    placeholders.setdefault('MULTISITE_RETRY_TIMEOUT', '40')
+    placeholders.setdefault('EXTERNAL_HOST', placeholders['instance_data']['ip'])
+    placeholders.setdefault('EXTERNAL_PORT', placeholders['PGPORT'])
+    placeholders.setdefault('MULTISITE_NAMESPACE', '/multisite/{}'.format(placeholders['NAMESPACE']))
+    placeholders.setdefault('USE_MULTISITE', placeholders['MULTISITE_SITE'] != '')
+    if placeholders['USE_MULTISITE'] and not placeholders['MULTISITE_ETCD_HOSTS']:
+        logging.warning("etcd location not configured for multisite operation")
+
     return placeholders
 
 
@@ -751,6 +793,10 @@ def get_dcs_config(config, placeholders):
             kubernetes_labels = json.loads(KUBERNETES_DEFAULT_LABELS)
         config['kubernetes']['labels'] = kubernetes_labels
 
+        # Patroni 4 compatibility
+        config['kubernetes']['leader_label_value'] = 'master'
+        config['kubernetes']['standby_leader_label_value'] = 'master'
+
         if not config['kubernetes'].pop('use_configmaps'):
             config['kubernetes'].update({'use_endpoints': True,
                                          'pod_ip': placeholders['instance_data']['ip'],

scripts/on_role_change.sh

@@ -7,7 +7,7 @@ shift
 
 
 readonly dbname=postgres
-if [[ "${*: -3:1}" == "on_role_change" && "${*: -2:1}" == "master" ]]; then
+if [[ "${*: -3:1}" == "on_role_change" && ("${*: -2:1}" == "master" || "${*: -2:1}" == "primary") ]]; then
     num=30  # wait 30 seconds for end of recovery
     while  [[ $((num--)) -gt 0 ]]; do
         if [[ "$(psql -d $dbname -tAc 'SELECT pg_is_in_recovery()')" == "f" ]]; then

scripts/patroni_wait.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-ROLE=master
+ROLE=primary
 INTERVAL=60
 TIMEOUT=""
 

scripts/post_init.sh

@@ -4,29 +4,30 @@ cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1
 
 PGVER=$(psql -d "$2" -XtAc "SELECT pg_catalog.current_setting('server_version_num')::int/10000")
 if [ "$PGVER" -ge 12 ]; then RESET_ARGS="oid, oid, bigint"; fi
+if [ "$PGVER" -ge 17 ]; then RESET_ARGS="oid, oid, bigint, boolean"; fi
 
 (
-# echo "DO \$\$
-# BEGIN
-#     PERFORM * FROM pg_catalog.pg_authid WHERE rolname = 'admin';
-#     IF FOUND THEN
-#         ALTER ROLE admin WITH CREATEDB NOLOGIN NOCREATEROLE NOSUPERUSER NOREPLICATION INHERIT;
-#     ELSE
-#         CREATE ROLE admin CREATEDB;
-#     END IF;
-# END;\$\$;
-
-# GRANT cron_admin TO admin;
-
-# DO \$\$
-# BEGIN
-#     PERFORM * FROM pg_catalog.pg_authid WHERE rolname = '$1';
-#     IF FOUND THEN
-#         ALTER ROLE $1 WITH NOCREATEDB NOLOGIN NOCREATEROLE NOSUPERUSER NOREPLICATION INHERIT;
-#     ELSE
-#         CREATE ROLE $1;
-#     END IF;
-# END;\$\$;"
+cat - <<SQL
+ DO \$\$
+ BEGIN
+     PERFORM * FROM pg_catalog.pg_authid WHERE rolname = 'admin';
+     IF FOUND THEN
+         ALTER ROLE admin WITH CREATEDB NOLOGIN NOCREATEROLE NOSUPERUSER NOREPLICATION INHERIT;
+     ELSE
+         CREATE ROLE admin CREATEDB;
+     END IF;
+ END;\$\$;
+
+ DO \$\$
+ BEGIN
+     PERFORM * FROM pg_catalog.pg_authid WHERE rolname = '$1';
+     IF FOUND THEN
+         ALTER ROLE $1 WITH NOCREATEDB NOLOGIN NOCREATEROLE NOSUPERUSER NOREPLICATION INHERIT;
+     ELSE
+         CREATE ROLE $1;
+    END IF;
+ END;\$\$;
+SQL
 
 while IFS= read -r db_name; do
     echo "\c ${db_name}"
@@ -51,10 +52,8 @@ while IFS= read -r db_name; do
     fi
     sed "s/:HUMAN_ROLE/$1/" create_user_functions.sql
     echo "CREATE EXTENSION IF NOT EXISTS pg_stat_statements SCHEMA public;
-ALTER EXTENSION set_user UPDATE;
-# GRANT EXECUTE ON FUNCTION public.set_user(text) TO admin;
-# GRANT EXECUTE ON FUNCTION public.pg_stat_statements_reset($RESET_ARGS) TO admin;"
+GRANT EXECUTE ON FUNCTION public.pg_stat_statements_reset($RESET_ARGS) TO admin;"
 
 done < <(psql -d "$2" -tAc 'select pg_catalog.quote_ident(datname) from pg_catalog.pg_database where datallowconn')
-) | PGOPTIONS="-c synchronous_commit=local" psql -Xd "$2"
+) | PGOPTIONS="-c synchronous_commit=local" psql -Xd "$2" -f -