Skip to content

Add initial backup and rewind settings #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Sep 30, 2022
Merged

Add initial backup and rewind settings #45

merged 11 commits into from
Sep 30, 2022

Conversation

marceloneppel
Copy link
Member

@marceloneppel marceloneppel commented Sep 22, 2022
edited
Loading

Issue

  • Jira issue: DPE-700
  • PostgreSQL needs some initial settings for backups and rewind operations (synchronisation of the data between a primary and the replicas after a replica is promoted to primary).
  • We also need to ensure that a rewind operations (the ones using the pg_rewind tool) are done using connections encrypted by TLS.

Solution

  • Add the following settings for backup operations:

    • achieve_mode=on

    • archive_command=/bin/true

    • wal_level = logical

  • Add the following settings for rewind operations:

    • remove_data_directory_on_rewind_failure = true

    • remove_data_directory_on_diverged_timelines = true

Add a user for pg_rewind and test that it uses TLS when connecting to other PostgreSQL instance.

Context

  • pg_rewind had a new user created only for it, and that user was added in the list of users that can have the password rotated.

  • You can FOCUS more on the following files when reviewing the code:

    • templates/patroni.yml.j2: contains the new backup and rewind settings.

    • tests/integration/helpers.py: container new helper methods used to ensure that pg_rewind is using TLS in its connections.

    • tests/integration/test_charm.py: the integration test was updated to ensure that the new settings are the current settings in the database.

    • tests/integration/test_tls.py: adds an additional check that ensures pg_rewind is using TLS in its connections.

  • Other files are related to the new pg_rewind user.

Testing

  • Existing unit tests on tests/unit/test_patroni.py were updated to match the new settings.
  • The extra backup and rewind settings are now added to the integration test that checks the current instance configuration.
  • An additional check was added to ensure that pg_rewind is using TLS.

Release Notes

  • Add initial settings for backup and rewind operations.
  • Add user for pg_rewind.
  • Add test to ensure pg_rewind is using TLS.

@marceloneppel marceloneppel changed the title Add initial backup settings Add initial backup and rewind settings Sep 28, 2022
@marceloneppel marceloneppel marked this pull request as ready for review September 28, 2022 19:54
WRFitch
WRFitch reviewed Sep 29, 2022
View reviewed changes
MiaAltieri
MiaAltieri approved these changes Sep 30, 2022
View reviewed changes
Copy link

@MiaAltieri MiaAltieri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work! Thorough tests!

tests/integration/test_tls.py
assert (
"connection authorized: user=rewind database=postgres"
" SSL enabled (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256)" in logs
), "TLS is not being used on pg_rewind connections"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow so thorough 🤩

@marceloneppel marceloneppel merged commit eb59023 into main Sep 30, 2022
@marceloneppel marceloneppel deleted the backup-configurations-part-1 branch September 30, 2022 13:03
@marceloneppel marceloneppel mentioned this pull request Jan 13, 2023
Merged
BON4 pushed a commit to BON4/postgresql-k8s-operator that referenced this pull request May 20, 2024
@marceloneppel
Add initial backup and rewind settings (canonical#45)
816fd70 
* Add initial backup settings

* Add additional backup settings

* Fix unit tests

* Add max_replication_slots

* Remove settings

* Remove settings

* Rename user

* Add test for TLS being used on pg_rewind connections

* Improve comments and docstrings

* Small fixes
github-actions bot added a commit to canonical/test-runners-2-github-x64-postgresql-k8s-operator that referenced this pull request May 22, 2024
@github-actions
Allure report canonical#45
d38b9a2
github-actions bot added a commit to canonical/test-runners-2-is-x64-postgresql-k8s-operator that referenced this pull request May 23, 2024
@github-actions
Allure report canonical#45
56b8e93
github-actions bot added a commit to canonical/test-runners-2-azure-arm64-postgresql-k8s-operator that referenced this pull request May 23, 2024
@github-actions
Allure report canonical#45
fc95998
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paulomach paulomach Awaiting requested review from paulomach

@delgod delgod Awaiting requested review from delgod

@marcoppenheimer marcoppenheimer Awaiting requested review from marcoppenheimer

@zmraul zmraul Awaiting requested review from zmraul

@Mehdi-Bendriss Mehdi-Bendriss Awaiting requested review from Mehdi-Bendriss

@welpaolo welpaolo Awaiting requested review from welpaolo

@shayancanonical shayancanonical Awaiting requested review from shayancanonical

@averma-canonical averma-canonical Awaiting requested review from averma-canonical

2 more reviewers

@MiaAltieri MiaAltieri MiaAltieri approved these changes

@WRFitch WRFitch WRFitch approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@marceloneppel @MiaAltieri @WRFitch