cp over all the bundles from kunsis bw repo

bundles/postgresql/files/backup-pre-hook

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+target="/var/tmp/postgresdumps"
+
+pg_dumpall --globals-only | gzip --quiet --rsyncable >"$target/globals.sql.gz"
+
+% for db in sorted(databases):
+pg_dump -C "${db}" | gzip --quiet --rsyncable >"$target/db_${db}.sql.gz"
+% endfor

bundles/postgresql/files/pg_hba.conf

@@ -0,0 +1,8 @@
+% for custom_rule in sorted(node.metadata.get('postgresql/custom_rules', [])):
+${custom_rule}
+% endfor
+local   all             postgres                                peer
+local   all             all                                     peer
+host    all             all             127.0.0.1/32            md5
+host    all             all             ::1/128                 md5
+host    all             all             all                     md5

bundles/postgresql/files/postgresql.conf

@@ -0,0 +1,32 @@
+data_directory = '/var/lib/postgresql/${version}/main'
+hba_file = '/etc/postgresql/${version}/main/pg_hba.conf'
+ident_file = '/etc/postgresql/${version}/main/pg_ident.conf'
+external_pid_file = '/var/run/postgresql/${version}-main.pid'
+unix_socket_directories = '/var/run/postgresql'
+port = 5432
+listen_addresses = 'localhost'
+max_connections = ${max_connections}
+autovacuum_max_workers = ${autovacuum_max_workers}
+maintenance_work_mem = ${maintenance_work_mem}MB
+work_mem = ${work_mem}MB
+shared_buffers = ${shared_buffers}MB
+temp_buffers = ${temp_buffers}MB
+log_destination = syslog
+datestyle = 'iso, ymd'
+timezone = 'localtime'
+lc_messages = 'en_US.UTF-8'
+lc_monetary = 'en_US.UTF-8'
+lc_numeric = 'en_US.UTF-8'
+lc_time = 'en_US.UTF-8'
+default_text_search_config = 'pg_catalog.english'
+% if slow_query_log_sec > 0:
+log_min_duration_statement = ${slow_query_log_sec*1000}
+% else:
+log_min_duration_statement = -1
+% endif
+effective_io_concurrency = ${effective_io_concurrency}
+max_worker_processes = ${max_worker_processes}
+% if version_list >= [10]:
+max_parallel_workers = ${max_parallel_workers}
+% endif
+max_parallel_workers_per_gather = ${max_parallel_workers_per_gather}

bundles/postgresql/items.py

@@ -0,0 +1,124 @@
+postgresql_version = node.metadata['postgresql']['version']
+
+pkg_apt = {
+    'postgresql-common': {},
+    'postgresql-client-common': {},
+    'postgresql-{}'.format(postgresql_version): {},
+    'postgresql-client-{}'.format(postgresql_version): {},
+    'postgresql-server-dev-{}'.format(postgresql_version): {}
+}
+
+if node.has_bundle('zfs'):
+    for pkgname, pkgconfig in pkg_apt.items():
+        pkg_apt[pkgname]['needs'] = {
+            'zfs_dataset:tank/postgresql',
+        }
+
+
+directories = {
+    '/etc/postgresql': {
+        'owner': None,
+        'group': None,
+        'mode': None,
+        # Keeping old configs messes with cluster-auto-detection.
+        'purge': True,
+    },
+    # This is needed so the above purge does not remove the version
+    # currently installed.
+    '/etc/postgresql/{}/main'.format(postgresql_version): {
+        'owner': 'postgres',
+        'group': 'postgres',
+        'mode': '0755',
+        'needs': {f'pkg_apt:{i}' for i in pkg_apt.keys()},
+    },
+}
+
+files = {
+    "/etc/postgresql/{}/main/pg_hba.conf".format(postgresql_version): {
+        'content_type': 'mako',
+        'owner': 'postgres',
+        'group': 'postgres',
+        'triggers': {
+            'svc_systemd:postgresql:restart',
+        },
+    },
+    "/etc/postgresql/{}/main/postgresql.conf".format(postgresql_version): {
+        'content_type': 'mako',
+        'context': {
+            'version_list': [int(i) for i in node.metadata['postgresql']['version'].split('.')],
+            **node.metadata['postgresql'],
+        },
+        'owner': 'postgres',
+        'group': 'postgres',
+        'needs': {
+            # postgresql won't start if the configured locale isn't available
+            'action:locale-gen',
+        } if node.has_bundle('basic') else set(),
+        'triggers': {
+            'svc_systemd:postgresql:restart',
+        },
+    },
+}
+
+if node.has_bundle('backup-client') and not node.has_bundle('zfs'):
+    files['/etc/backup-pre-hooks.d/90-postgresql-dump-all'] = {
+        'source': 'backup-pre-hook',
+        'content_type': 'mako',
+        'context': {
+            'databases': node.metadata.get('postgresql/databases', {}).keys(),
+        },
+        'mode': '0700',
+    }
+    directories['/var/tmp/postgresdumps'] = {}
+else:
+    files['/var/tmp/postgresdumps'] = {
+        'delete': True,
+    }
+
+postgres_roles = {
+    'root': {
+        'password': repo.vault.password_for('{} postgresql root'.format(node.name)),
+        'superuser': True,
+        'needs': {
+            'svc_systemd:postgresql',
+        },
+    },
+}
+
+restart_deps = {
+    f'file:/etc/postgresql/{postgresql_version}/main/pg_hba.conf',
+    f'file:/etc/postgresql/{postgresql_version}/main/postgresql.conf',
+    *{f'pkg_apt:{i}' for i in pkg_apt.keys()},
+}
+
+svc_systemd = {
+    'postgresql': {
+        'needs': restart_deps,
+        'triggers': {
+            'action:postgresql_wait_after_restart',
+        },
+    },
+}
+
+actions = {
+    'postgresql_wait_after_restart': {
+        # postgresql doesn't accept connections immediately after restarting
+        'command': 'sleep 10',
+        'triggered': True,
+        'before': {
+            'postgres_role:',
+            'postgres_db:',
+        },
+    },
+}
+
+for user, config in node.metadata.get('postgresql/roles', {}).items():
+    postgres_roles[user] = {
+        'password': config['password'],
+        'needs': {
+            'svc_systemd:postgresql',
+        },
+    }
+
+for database, config in node.metadata.get('postgresql/databases', {}).items():
+    postgres_dbs[database] = config

bundles/postgresql/metadata.py

@@ -0,0 +1,127 @@
+defaults = {
+    'backups': {
+        'paths': {
+            '/var/lib/postgresql',
+        },
+    },
+    'bash_functions': {
+        'pg_query_mon': "watch -n 2 \"echo \\\"SELECT pid, age(clock_timestamp(), query_start), usename, query FROM pg_stat_activity WHERE query != '<IDLE>' AND query NOT ILIKE '%pg_stat_activity%' ORDER BY query_start desc;\\\" | psql postgres\""
+    },
+    'icinga2_api': {
+        'postgresql': {
+            'services': {
+                'POSTGRESQL PROCESS': {
+                    'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C postgres -c 1:',
+                },
+            },
+        },
+    },
+    'postgresql': {
+        'max_connections': 100,
+        'autovacuum_max_workers': 3,
+        'maintenance_work_mem': 64,
+        'work_mem': 4,
+        'shared_buffers': 128,
+        'temp_buffers': 8,
+        'slow_query_log_sec': 0,
+    },
+}
+
+if node.has_bundle('telegraf'):
+    defaults['telegraf'] = {
+        'input_plugins': {
+            'builtin': {
+                'postgresql': [{
+                    'address': repo.vault.password_for(f'{node.name} postgresql telegraf').format_into('postgres://telegraf:{}@localhost:5432/telegraf?sslmode=disable'),
+                    'ignored_databases': [
+                        'template0',
+                        'template1',
+                        'telegraf',
+                    ],
+                }],
+            },
+        },
+    }
+    defaults['postgresql'].update({
+        'roles': {
+            'telegraf': {
+                'password': repo.vault.password_for(f'{node.name} postgresql telegraf'),
+            },
+        },
+        'databases': {
+            'telegraf': {
+                'owner': 'telegraf',
+            },
+        },
+    })
+
+if node.has_bundle('zfs'):
+    defaults['zfs'] = {
+        'datasets': {
+            'tank/postgresql': {
+                'mountpoint': '/var/lib/postgresql',
+            },
+        },
+    }
+else:
+    defaults['backups']['paths'].add('/var/tmp/postgresdumps')
+
+
+@metadata_reactor.provides(
+    'apt/repos/postgresql',
+    'postgresql/version',
+)
+def default_postgresql_version_for_debian(metadata):
+    # <https://packages.debian.org/search?keywords=postgresql>
+    versions_in_debian = {
+        '10': '11', # buster
+        '11': '13', # bullseye
+    }
+    os = str(node.os_version[0])
+    version_to_be_installed = metadata.get('postgresql/version', versions_in_debian[os])
+
+    if version_to_be_installed != versions_in_debian[os]:
+        return {
+            'apt': {
+                'repos': {
+                    'postgresql': {
+                        'items': {
+                            'deb https://apt.postgresql.org/pub/repos/apt/ {os_release}-pgdg main',
+                        },
+                    },
+                },
+            },
+            'postgresql': {
+                'version': version_to_be_installed,
+            },
+        }
+
+    return {
+        'postgresql': {
+            'version': version_to_be_installed,
+        },
+    }
+
+
+@metadata_reactor.provides(
+    'postgresql/effective_io_concurrency',
+    'postgresql/max_worker_processes',
+    'postgresql/max_parallel_workers',
+    'postgresql/max_parallel_workers_per_gather',
+)
+def worker_processes(metadata):
+    return {
+        'postgresql': {
+            # This is the amount of parallel I/O Operations the
+            # postgresql process is allowed to do on disk. We set
+            # this to max_connections by default.
+            'effective_io_concurrency': metadata.get('postgresql/max_connections'),
+
+            # Try to request one worker process per 10 configured
+            # connections. The default is 8 for both of these values.
+            'max_worker_processes': int(metadata.get('postgresql/max_connections')/10),
+            'max_parallel_workers': int(metadata.get('postgresql/max_connections')/10),
+            # default 2
+            'max_parallel_workers_per_gather': max(int(metadata.get('postgresql/max_connections')/100), 2),
+        },
+    }