sudo make dns    # 将Pigsty所需的静态DNS写入您的/etc/hosts文件 (需要sudo权限，当然您也可以跳过这一步，并使用IP端口直接访问)
make new         # 使用Vagrant创建四台Virtualbox虚拟机，并使用这些虚拟机拉起Pigsty本地演示沙箱
make mon-view    # 从本地访问Pigsty主页，默认的用户名与密码都是：admin

宿主机的操作系统没有特殊要求，只要能够安装运行Vagrant与virtualbox即可。作者验证可行的环境有：

MacOS 10.15, MacOS 11.1, CentOS 7.8
Vagrant 2.2.14
Virtualbox 6.1.14

TL;DR

If you already have vagrant and virtualbox properly installed. Just run following commands:

# run under pigsty home dir
make up          # pull up all vagrant nodes
make ssh         # setup vagrant ssh access
make init        # init infrastructure and databaes clusters
sudo make dns    # write static DNS record to your host (sudo required)
make mon-view    # monitoring system home page (default: admin:admin)

Verified version: MacOS 10.15, Vagrant 2.2.10, Virtualbox 6.1.14, CentOS 7.8

Preparation

System Requirement

CentOS 7 / Red Hat 7 / Oracle Linux 7
CentOS 7.6/7.8 is highly recommened (which are fully tested under minimal installtion)

Minimal setup

Self-contained single node, singleton database pg-meta
Minimal requirement: 2 CPU Core & 2 GB RAM

Standard setup ( TINY mode, vagrant demo)

4 Node, including single meta node, singleton databaes cluster pg-meta and 3-instances database cluster pg-test
Recommend Spec: 2Core/2GB for meta controller node, 1Core/1GB for database node

Production setup (OLTP/OLAP/CRIT mode)

200~1000 nodes, 3~5 meta nodes

Verified environment: Dell R740 / 64 Core / 400GB Mem / 3TB PCI-E SSD x 200

If you wish to run pigsty on virtual machine in your laptop. Consider using vagrant and virtualbox. Which enables you create and destroy virtual machine easily. Check Vagrant Provision for more information. Other virtual machine solution such as vmware also works.

Get Started

Step 1: Prepare

Prepare nodes, bare metal or virtual machine.

Currently only CentOS 7 is supported and fully tested.

You will need one node for minial setup, and four nodes for a complete demonstration.
Pick one node as meta node, Which is controller of entire system.

Meta node is controller of the system. Which will run essential service such as Nginx, Yum Repo, DNS Server, NTP Server, Consul Server, Prometheus, AlterManager, Grafana, and other components. It it recommended to have 1 meta node in sandbox/dev environment, and 3 ~ 5 meta nodes in production environment.

Create admin user on these nodes which has nopassword sudo privilege.

echo "<username> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/<username>

Setup admin user SSH nopass access from meta node.
```
ssh-copy-id <address>
```
You could execute playbooks on your host machine directly instead of meta node when running pigsty inside virtual machines. It is convenient for development and testing.
Install Ansible on meta node (or your host machine if you prefer running playbooks there)
```
yum install ansible     # centos
brew install ansible    # macos
```
If your meta node does not have Internet access. You could perform an Offline Installation. Or figure out your own way installing ansible there.

Clone this repo to meta node

git clone https://github.com/vonng/pigsty && cd pigsty

[Optional]: download pre-packaged offline installation resource tarball to ${PIGSTY_HOME}/files/pkg.tgz

If you happen to have exactly same OS (e.g CentOS 7.8 pkg). You could download it and put it there. So the first-time provision will be extremely fast.

Step 2: Configuration

Configuration is essential to pigsty.

dev.yml is the Configuration file for vagrant sandbox environment. And conf/all.yml is the default configuration file path, which is a soft link to conf/dev.yml by default.

You can leave most parameters intact, only small portion of parameters need adjustment such as cluster inventory definition. A typical cluster definition only require 3 variables to work: pg_cluster , pg_role, and pg_seq. Check configuration guide for more detail.

#-----------------------------
# cluster: pg-test
#-----------------------------
pg-test: # define cluster named 'pg-test'
  # - cluster members - #
  hosts:
    10.10.10.11: {pg_seq: 1, pg_role: primary, ansible_host: node-1}
    10.10.10.12: {pg_seq: 1, pg_role: replica, ansible_host: node-2}
    10.10.10.13: {pg_seq: 1, pg_role: replica, ansible_host: node-3}
  # - cluster configs - #
  vars:
    # basic settings
    pg_cluster: pg-test                 # define actual cluster name
    pg_version: 13                      # define installed pgsql version
    node_tune: tiny                     # tune node into oltp|olap|crit|tiny mode
    pg_conf: tiny.yml                   # tune pgsql into oltp/olap/crit/tiny mode

    pg_users:
      - username: test
        password: test
        comment: default test user
        groups: [ dbrole_readwrite ]
    pg_databases:                       # create a business database 'test'
      - name: test
        extensions: [{name: postgis}]   # create extra extension postgis
        parameters:                     # overwrite database meta's default search_path
          search_path: public,monitor
    pg_default_database: test           # default database will be used as primary monitor target

    # proxy settings
    vip_enabled: true                   # enable/disable vip (require members in same LAN)
    vip_address: 10.10.10.3             # virtual ip address
    vip_cidrmask: 8                     # cidr network mask length
    vip_interface: eth1                 # interface to add virtual ip

Step 3: Provision

It is straight forward to materialize that configuration about infrastructure & database cluster:

./infra.yml    # init infrastructure according to config
./initdb.yml   # init database cluster according to config

It may take around 5~30min to download all necessary rpm packages from internet according to your network condition. (Only for the first time, you could cache downloaded packages by running make cache)

(Consider using other upstream yum repo if not applicable , check conf/all.yml , all.vars.repo_upstreams)

Step 4: Explore

Start exploring Pigsty.

Main Page: http://pigsty or http://<meta-ip-address>
Grafana: http://g.pigsty or http://<meta-ip-address>:3000 (default userpass: admin:admin)
Consul: http://c.pigsty or http://<meta-ip-address>:8500 (consul only listen on localhost)
Prometheus: http://p.pigsty or http://<meta-ip-address>:9090
AlertManager: http://a.pigsty or http://<meta-ip-address>:9093

You may need to write DNS to your host before accessing pigsty via domain names.

sudo make dns				   # write local DNS record to your /etc/hosts, sudo required

快速开始

本节介绍如何快速拉起Pigsty沙箱环境，更多信息请参阅快速上手

准备机器
- 使用预分配好的机器，或基于预定义的沙箱Vagrantfile在本地生成演示虚拟机，选定一台作为中控机。
- 配置中控机到其他机器的SSH免密码访问，并确认所使用的的SSH用户在机器上具有免密码sudo的权限。
- 如果您在本机安装有vagrant和virtualbox，则可直接在项目根目录下执行以make up拉个四节点虚拟机环境，详见Vagrant供给
```
make up
```
准备项目

在中控机上安装Ansible，并克隆本项目。如果采用本地虚拟机环境，亦可在宿主机上安装ansible执行命令。
```
git clone https://github.com/vonng/pigsty && cd pigsty 
```
如果目标环境没有互联网访问，或者速度不佳，考虑下载预打包的离线安装包，或使用有互联网访问/代理的同系统的另一台机器制作离线安装包。离线安装细节请参考离线安装教程。
修改配置

按需修改配置文件。配置文件使用YAML格式与Ansible清单语义，配置项与格式详情请参考配置教程
```
vi conf/all.yml			# 默认配置文件路径
```
初始化基础设施

执行此剧本，将基础设施定义参数实例化，详情请参阅基础设施供给
```
./infra.yml         # 执行此剧本，将基础设施定义参数实例化
```
初始化数据库集群

执行此剧本，将拉起所有的数据库集群，数据库集群供给详情请参阅数据库集群供给
```
./initdb.yml        # 执行此剧本，将所有数据库集群定义实例化
```
开始探索

可以通过参数nginx_upstream中自定义的域名（沙箱环境中默认为http://pigsty）访问Pigsty主页。

监控系统的默认域名为http://g.pigsty，默认用户名与密码均为admin

监控系统可以直接通过meta节点上的3000端口访问，如需从本地通过域名访问，可以执行sudo make dns将所需的DNS记录写入宿主机中。

3 - 基本概念

Pigsty中涉及到的基本概念：层次结构、高可用，系统架构，等等……

Architecture Overview [DRAFT]

Entity and Concept

Overview

Take standard demo cluster as an example, this cluster consist of four nodes: meta , node-1 , node-2, node-3.

节点运行有postgres, pgbouncer, patroni, haproxy, node_exporter, pg_exporter, pgbouncer_exporter,consul等服务
集群中有两套数据库集群：pg-meta 与 pg-test。其中pg-test为一主两从结构，pg-meta为单主结构。
meta节点上运行有基础设施服务：nginx, repo, ntp, dns, consul server/etcd, prometheus, grafana, alertmanager等
接入层使用DNS与VIP对外暴露服务，将流量导引至对应的服务节点（可选）。

Service Overview

Pigsty provides multiple ways to connect to database:

L2: via virtual IP address that are bond to primary instance
L4: via haproxy load balancer that runs symmetrically on all nodes among cluster
L7: via DNS (pg-test, primary.pg-test, replica.pg-test)

And multiple ways to route (read-only/read-write) traffic:

Distinguish primary and replica service by DNS (pg-test, pg-test-primary, pg-test-replica)
Distinguish primary and replica service by Port (5433 for primary, 5434 for replica)
Direct instance access
Smart Client (target_session_attrs=read-write)

Lot’s of configurable parameters items, refer to Proxy Configuration Guide for more detail.

Database Access Guide provides information about how to connect to database.

3.1 - 可观测性

介绍PostgreSQL的可观测性

Observability / 可观测性

第一个问题是Observability，可观测性。那么，什么是可观测性呢？对于这样的问题，列举定义是枯燥乏味的，让我们直接以Postgres本身为例。

这张图，显示了Postgres本身的可观测性。PostgreSQL 提供了丰富的观测接口，包括系统目录，统计视图，辅助函数。（简单介绍）这些都是我们可以观测的对象，我能很荣幸地宣称，这里列出的信息全部被Pigsty所收录，并且通过精心的设计，将晦涩的指标数据，转换成了人类可以轻松理解的Insight

下面让我们以一个最经典的例子来深入探索可观测性： pg_stat_statements ，这是Postgres官方提供的统计插件，可以暴露出数据库中执行的每一类查询的详细统计指标。与图中Query Planning和Execution相对应

3.2 - 高可用

介绍Pigsty提供的高可用

一、意义

显著提高系统整体可用性，提高RTO与RPO水平。
极大提高运维灵活性与可演化性，可以通过主动切换进行滚动升级，灰度停机维护。
极大提高系统可维护性，自动维护域名，服务，角色，机器，监控等系统间的一致性。显著减少运维工作量，降低管理成本

二、目标

当我们在说高可用时，究竟在说什么？Several nines ?

说到底，对于传统单领导者数据库来说，核心问题是就是故障切换，是领导权力交接的问题。

目标层次

L0，手工操作，完全通过DBA人工介入，手工操作完成故障切换（十几分钟到小时级）
L1，辅助操作，有一系列手工脚本，完成选主，拓扑切换，流量切换等操作（几分钟）
L2，半自动化，自动检测，人工决策，自动操作。（1分钟）
L3，全自动化：自动检测，自动决策，自动操作。（10s）

关键指标

允许进行日常Failover与Switchover操作，不允许出现脑裂。
无需客户端介入，提供代理切换机制，基于流复制，不依赖特殊硬件。
域名解析，VIP流量切换，服务发现，监控适配都需要与自动故障切换对接，做到自动化。
支持PG 10～12版本与CentOS 7，不会给云原生改造埋坑。

交付方式

沙盒模型，展示期待的部署架构与状态
调整方案，说明如何将现有环境调整至理想状态。

三、效果

场景演示

集群状况介绍

主库URL：postgres://dbuser_test:dbuser_test@testdb:5555/testdb
从库URL：postgres://dbuser_test:dbuser_test@testdb:5556/testdb

HA的两个核心场景：

Switchover演示
Failover演示

故障切换的四个核心问题：

故障检测（Lease, TTL，Patroni向DCS获取Leader Key）
Fencing（Patroni demote，kill PG进程，或通过Watchdog直接重启）
拓扑调整（通过DCS选主，其他从库从DCS获取新主库信息，修改自身复制源并重启生效）
流量切换（监听选主事件，通知网络层修改解析）

Patroni原理：故障检测

基于DCS判定
心跳包保活
Leader Key Lease
秦失其鹿，天下共逐之。

Patroni原理：Fencing

一山不容二虎，成王败寇，血腥的权力交接。

Patroni原理：选主

The king is dead, long live the king
先入关者王

流量切换原理

回调事件，或监听DCS变化。

搭建环境

https://github.com/Vonng/pigsty

五、细节，问题，与风险

场景演示

Switchover
Standby Down
- Patroni Down
- Postgres Down
- Accidentally Promote
Primary Down
Failover
DCS Down
- DCS Service Down
- DCS Primary Client Down
- DCS Standby Client Down
Fencing And corner cases
Standby Cluster
Sync Standby
Takeover existing cluster

问题探讨

关键问题：DCS的SLA如何保障？

==在自动切换模式下，如果DCS挂了，当前主库会在retry_timeout 后Demote成从库，导致所有集群不可写==。

作为分布式共识数据库，Consul/Etcd是相当稳健的，但仍必须确保DCS的SLA高于DB的SLA。

解决方法：配置一个足够大的retry_timeout，并通过几种以下方式从管理上解决此问题。

SLA确保DCS一年的不可用时间短于该时长
运维人员能确保在retry_timeout之内解决DCS Service Down的问题。
DBA能确保在retry_timeout之内将关闭集群的自动切换功能（打开维护模式）。

可以优化的点？ 添加绕开DCS的P2P检测，如果主库意识到自己所处的分区仍为Major分区，不触发操作。

关键问题：HA策略，RPO优先或RTO优先？

可用性与一致性谁优先？例如，普通库RTO优先，金融支付类RPO优先。

普通库允许紧急故障切换时丢失极少量数据（阈值可配置，例如最近1M写入）

与钱相关的库不允许丢数据，相应地在故障切换时需要更多更审慎的检查或人工介入。

关键问题：Fencing机制，是否允许关机？

在正常情况下，Patroni会在发生Leader Change时先执行Primary Fencing，通过杀掉PG进程的方式进行。

但在某些极端情况下，比如vm暂停，软件Bug，或者极高负载，有可能没法成功完成这一点。那么就需要通过重启机器的方式一了百了。是否可以接受？在极端环境下会有怎样的表现？

关键操作：选主之后

选主之后要记得存盘。手工做一次Checkpoint确保万无一失。

关键问题：流量切换怎样做，2层，4层，7层

2层：VIP漂移
4层：Haproxy分发
7层：DNS域名解析

关键问题：一主一从的特殊场景

2层：VIP漂移
4层：Haproxy分发
7层：DNS域名解析

切换流程细节

主动切换流程

假设集群包括一台主库P，n台从库S，所有从库直接挂载在主库上。

检测：主动切换不需要检测故障
选主：人工从集群中选择复制延迟最低的从库，将其作为候选主库(C)andidate。
拓扑调整
- 修改主库P配置，使得C成为同步从库，使切换RTO = 0。
- 重定向其他从库，将其primary_conninfo指向C，作为级连从库，滚动重启生效。
流量切换：需要快速自动化执行以下步骤
- Fencing P，停止当前主库P，视流量来源决定手段狠辣程度
  - PAUSE Pgbouncer连接池
  - 修改P的HBA文件并Reload
  - 停止Postgres服务。
  - 确认无法写入
- Promote C：提升候选主库C为新主库
  - 移除standby.signal 或 recovery.conf。执行promote
  - 如果Promote失败，重启P完成回滚。
  - 如果Promote成功，执行以下任务：
  - 自动生成候选主库C的新角色域名：.primary.
  - 调整集群主库域名/VIP解析：primary. ，指向C
  - 调整集群从库域名/VIP解析：standby.，摘除C（一主一从除外）
  - 根据新的角色域名重置监控（修改Consul Node名称并重启）
- Rewind P：（可选）将旧主库Rewind后作为新从库
  - 运行pg_rewind，如果成功则继续，如果失败则直接重做从库。
  - 修改recovery.conf(12-)|postgresql.auto.conf(12)，将其primary_conninfo指向C
  - 自动生成P的新角色域名：< max(standby_sequence) + 1>.standby.
  - 集群从库域名/VIP解析变更：standby.，向S中添加P，承接读流量
  - 根据角色域名重置监控

自动切换流程

自动切换的核心区别在于主库不可用。如果主库可用，那么完全同主动切换一样即可。自动切换相比之下要多了两个问题，即检测与选主的问题，同时拓扑调整也因为主库不可用而有所区别。

检测（网络不可达，端口拒绝连接，进程消失，无法写入，多个从库上的WAL Receiver断开）
- 实现：检测可以使用主动/定时脚本，也可以直接访问pg_exporter，或者由Agent定期向DCS汇报。
- 触发：主动式检测触发，或监听DCS事件。触发结果可以是调用中控机上的HA脚本进行集中式调整，也可以由Agent进行本机操作。
选主
- Fencing P：同手动切换，因为自动切换中主库不可用，无法修改同步提交配置，因此存在RPO > 0 的可能性。
- 遍历所有可达从库，找出LSN最大者，选定为C，最小化RPO。
流量切换：需要快速自动化执行以下步骤
- Promote C：提升候选主库C为新主库
  - 移除standby.signal 或 recovery.conf。执行promote
  - 自动生成候选主库C的新角色域名：.primary.
  - 调整集群主库域名/VIP解析：primary. ，指向C
  - 调整集群从库域名/VIP解析：standby.，摘除C（一主一从除外）
  - 根据新的角色域名重置监控（修改Consul Node名称并重启）
拓扑调整
- 重定向其他从库，将其primary_conninfo指向C，作为级连从库，滚动重启生效，并追赶新主库C。
- 如果使用一主一从，之前C仍然承接读流量，则拓扑调整完成后将C摘除。
修复旧主库P（如果是一主一从配置且读写负载单台C撑不住，则需要立刻进行，否则这一步不紧急）
- 修复有以下两种方式：Rewind，Remake
- Rewind P：（可选）将旧主库Rewind后作为新从库（如果只有一主一从则是必选）
  - 运行pg_rewind，如果成功则继续，如果失败则直接重做从库。
  - 修改recovery.conf(12-)|postgresql.auto.conf(12)，将其primary_conninfo指向C
  - 自动生成P的新角色域名：< max(standby_sequence) + 1>.standby.
  - 集群从库域名/VIP解析变更：standby.，向S中添加P，承接读流量
  - 根据角色域名重置监控
- Remake P：
  - 以新角色域名< max(standby_sequence) + 1>.standby.向集群添加新从库。

3.3 - 系统架构

介绍Pigsty的系统架构

Architecture

Pigsty is based on open source projects like prometheus, grafana, pg_exporter and follow their best practices.

TL;DR

Grafana provides the final user interface, turn metrics into charts.
Prometheus scrape, collect metrics and serve queries
Exporter (node, postgres, pgbouncer, haproxy) expose server metrics
Exporter service are registed into consul, and be discovered by prometheus
Read more about pg_exporter
Available metrics

3.4 - 层次关系

介绍Pigsty中涉及的层次关系

Hierarchy

There are several different levels for monitoring:

Overview: Global views about all instances and clusters among current environment.
Shard: A brunch of clusters that are horizontal split to serve same business
Cluster: Basic autonomous unit. Have a designated name (such as pg-test-tt) that reflect business, and used as namespace. which usually consist of multiple database instances, contains multiple nodes, and two typical serivce: <cluster>-primary (read-write) and <cluster>-replica (read-only).
Service: Service is an abstraction on addressible server
Instance: A specific database server, could be single process, a brunch of processes, or multiple containers in a pod.
Database: A database instance/cluster may have one or more database
Table/Query : In-Database object monitoring

Basic Facts

Cluster is the minimal autonomous unit
Cluster contain nodes (1:n)
Cluster include services (1:2)
Cluster consist of instances (1:n)
Service resolve/route to instance (1:n)
Instances deployed on nodes (1:1 or n:1)

Hierarchy of Dashboards

Hierarchy of Metrics

3.5 - 监控面板

Pigsty监控面板简介

Dashboards

PG Overview

PG Overview dashboard is the entrance of entire monitoring system.

Indexing clusters and instances, finding anomalies. Visualizing key metrics.

Other overview level dashboards:

PG Overview: Home, index page
PG Alerts: Simple alerting system based on grafana
PG KPI: Key mertrics overview

Overview of entire environment

PG Cluster Dashboard

Index page for database cluster resource: services, instances, nodes.

Aggregated metrics on cluster level.

Cluster level dashboards:

PG Cluster
PG Cluster All
PG Cluster Node
PG Cluster Replication
PG Cluster Activity
PG Cluster Query
PG Cluster Session
PG Cluster Persist
PG Cluster Stat

Dashboard that focus on an autonomous database cluster

PG Service Dashboard

PG Service Dashboard focusing on proxy , servers, traffic routes.

Focusing on DNS, read-write/read-only, traffic routing, proxy & server health, etc…

PG Instsance Dashboard

PG Instance Dashboard provides tons of metrics

Focusing on instance level metrics

PG Database Dashboard

There may be multiple databases sharing same instance / cluster. So metrics here are focusing on one specific database rather than entire instance.

Focusing on database level metrics

PG Table Overview

PG Table Overview dashboard focus on objects within a database. For example: Table, Index, Function.

Focusing on tables of a specific database

PG Query

This dashboard focus on specific query in a specific database. It provides valuable informtion on database loads.

PG Table Catalog

PG Table Catalog will query database catalog directly using monitor user. It is not recommend but sometimes convinient.

View system catalog information of any specific table in database directly

Node

Classical Node Exporter Dashboard

3.6 - 监控指标

介绍Pigsty中的监控指标

Metrics

There are tons of metrics available in Pigsty.

那么，Pigsty总共包含了多少指标呢？这里是一副各个指标来源占比的饼图。我们可以看到，右侧蓝绿黄对应的部分是数据库及数据库相关组件所暴露的指标，而左下方红橙色部分则对应着机器节点相关指标。左上方紫色部分则是负载均衡器的相关指标。

数据库指标中，与postgres本身有关的原始指标约230个，与中间件有关的原始指标约50个，基于这些原始指标，Pigsty又通过层次聚合与预计算，精心设计出约350个与DB相关的衍生指标。因此，对于每个数据库集群来说，单纯针对数据库及其附件的监控指标就有621个。而机器原始指标281个，衍生指标83个一共364个。加上负载均衡器的170个指标，我们总共有接近1200类指标。

注意，这里我们必须辨析一下metric 与 Time-series的区别。这里我们使用的量词是类而不是个。因为一个meitric可能对应多个时间序列。例如一个数据库中有20张表，那么 pg_table_index_scan 这样的Mertric就会对应有20个Time Series

Source

Metrics are collected from exporters.

Node Metrics (around 2000+ per instance)
Postgres database metrics and pgbouncer connection pooler metrics (1000+ per instance)
HAProxy load balancer metrics (400+ per instance)

Pigsty的监控数据，主要有四个来源：数据库本身，中间件，操作系统，负载均衡器。通过相应的exporter对外暴露。所有的这些指标，还会进行进一步的加工处理。比如，按照不同的层次进行聚合

Derived Metrics

In addition to metrics above, there are a large number of derived metrics. For example, QPS from pgbouncer will have following derived metrics

################################################################
#                     QPS (Pgbouncer)                          #
################################################################
# TPS realtime (irate1m)
- record: pg:db:qps_realtime
expr: irate(pgbouncer_stat_total_query_count{}[1m])
- record: pg:ins:qps_realtime
expr: sum without(datname) (pg:db:qps_realtime{})
- record: pg:svc:qps_realtime
expr: sum by(cls, role) (pg:ins:qps_realtime{})
- record: pg:cls:qps_realtime
expr: sum by(cls) (pg:ins:qps_realtime{})
- record: pg:all:qps_realtime
expr: sum(pg:cls:qps_realtime{})

# qps (rate1m)
- record: pg:db:qps
expr: pgbouncer_stat_avg_query_count{datname!="pgbouncer"}
- record: pg:ins:qps
expr: sum without(datname) (pg:db:qps)
- record: pg:svc:qps
expr: sum by (cls, role) (pg:ins:qps)
- record: pg:cls:qps
expr: sum by(cls) (pg:ins:qps)
- record: pg:all:qps
expr: sum(pg:cls:qps)
# qps avg30m
- record: pg:db:qps_avg30m
expr: avg_over_time(pg:db:qps[30m])
- record: pg:ins:qps_avg30m
expr: avg_over_time(pg:ins:qps[30m])
- record: pg:svc:qps_avg30m
expr: avg_over_time(pg:svc:qps[30m])
- record: pg:cls:qps_avg30m
expr: avg_over_time(pg:cls:qps[30m])
- record: pg:all:qps_avg30m
expr: avg_over_time(pg:all:qps[30m])
# qps µ
- record: pg:db:qps_mu
expr: avg_over_time(pg:db:qps_avg30m[30m])
- record: pg:ins:qps_mu
expr: avg_over_time(pg:ins:qps_avg30m[30m])
- record: pg:svc:qps_mu
expr: avg_over_time(pg:svc:qps_avg30m[30m])
- record: pg:cls:qps_mu
expr: avg_over_time(pg:cls:qps_avg30m[30m])
- record: pg:all:qps_mu
expr: avg_over_time(pg:all:qps_avg30m[30m])
# qps σ: stddev30m qps
- record: pg:db:qps_sigma
expr: stddev_over_time(pg:db:qps[30m])
- record: pg:ins:qps_sigma
expr: stddev_over_time(pg:ins:qps[30m])
- record: pg:svc:qps_sigma
expr: stddev_over_time(pg:svc:qps[30m])
- record: pg:cls:qps_sigma
expr: stddev_over_time(pg:cls:qps[30m])
- record: pg:all:qps_sigma
expr: stddev_over_time(pg:all:qps[30m])

There are hundreds of rules defining extra metrics based on primitive metrics.

4 - 监控系统

监控系统提供的面板，指标，报警

These basic sample guidelines assume that your Pigsty site is deployed using Netlify and your files are stored in GitHub. You can use the guidelines “as is” or adapt them with your own instructions: for example, other deployment options, information about your doc project’s file structure, project-specific review guidelines, versioning guidelines, or any other information your users might find useful when updating your site. Kubeflow has a great example.

Don’t forget to link to your own doc repo rather than our example site! Also make sure users can find these guidelines from your doc repo README: either add them there and link to them from this page, add them here and link to them from the README, or include them in both locations.

We use Hugo to format and generate our website, the Pigsty theme for styling and site structure, and Netlify to manage the deployment of the site. Hugo is an open-source static site generator that provides us with templates, content organisation in a standard directory structure, and a website generation engine. You write the pages in Markdown (or HTML if you want), and Hugo wraps them up into a website.

All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult GitHub Help for more information on using pull requests.

Quick start with Netlify

Here’s a quick guide to updating the docs. It assumes you’re familiar with the GitHub workflow and you’re happy to use the automated preview of your doc updates:

Fork the Goldydocs repo on GitHub.
Make your changes and send a pull request (PR).
If you’re not yet ready for a review, add “WIP” to the PR name to indicate it’s a work in progress. (Don’t add the Hugo property “draft = true” to the page front matter, because that prevents the auto-deployment of the content preview described in the next point.)
Wait for the automated PR workflow to do some checks. When it’s ready, you should see a comment like this: deploy/netlify — Deploy preview ready!
Click Details to the right of “Deploy preview ready” to see a preview of your updates.
Continue updating your doc and pushing your changes until you’re happy with the content.
When you’re ready for a review, add a comment to the PR, and remove any “WIP” markers.

Updating a single page

If you’ve just spotted something you’d like to change while using the docs, Pigsty has a shortcut for you:

Click Edit this page in the top right hand corner of the page.
If you don’t already have an up to date fork of the project repo, you are prompted to get one - click Fork this repository and propose changes or Update your Fork to get an up to date version of the project to edit. The appropriate page in your fork is displayed in edit mode.
Follow the rest of the Quick start with Netlify process above to make, preview, and propose your changes.

Previewing your changes locally

If you want to run your own local Hugo server to preview your changes as you work:

Follow the instructions in Getting started to install Hugo and any other tools you need. You’ll need at least Hugo version 0.45 (we recommend using the most recent available version), and it must be the extended version, which supports SCSS.
Fork the Goldydocs repo repo into your own project, then create a local copy using git clone. Don’t forget to use --recurse-submodules or you won’t pull down some of the code you need to generate a working site.
```
git clone --recurse-submodules --depth 1 https://github.com/Vonng/pigsty-example.git
```
Run hugo server in the site root directory. By default your site will be available at http://localhost:1313/. Now that you’re serving your site locally, Hugo will watch for changes to the content and automatically refresh your site.
Continue with the usual GitHub workflow to edit files, commit them, push the changes up to your fork, and create a pull request.

Creating an issue

If you’ve found a problem in the docs, but you’re not sure how to fix it yourself, please create an issue in the Goldydocs repo. You can also create an issue about a specific page by clicking the Create Issue button in the top right hand corner of the page.

Useful resources

Pigsty user guide: All about Pigsty, including how it manages navigation, look and feel, and multi-language support.

4.1 - Overview/全局监控

介绍全局监控面板

All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult GitHub Help for more information on using pull requests.

Quick start with Netlify

Here’s a quick guide to updating the docs. It assumes you’re familiar with the GitHub workflow and you’re happy to use the automated preview of your doc updates:

Fork the Goldydocs repo on GitHub.
Make your changes and send a pull request (PR).
If you’re not yet ready for a review, add “WIP” to the PR name to indicate it’s a work in progress. (Don’t add the Hugo property “draft = true” to the page front matter, because that prevents the auto-deployment of the content preview described in the next point.)
Wait for the automated PR workflow to do some checks. When it’s ready, you should see a comment like this: deploy/netlify — Deploy preview ready!
Click Details to the right of “Deploy preview ready” to see a preview of your updates.
Continue updating your doc and pushing your changes until you’re happy with the content.
When you’re ready for a review, add a comment to the PR, and remove any “WIP” markers.

Updating a single page

If you’ve just spotted something you’d like to change while using the docs, Pigsty has a shortcut for you:

Click Edit this page in the top right hand corner of the page.
If you don’t already have an up to date fork of the project repo, you are prompted to get one - click Fork this repository and propose changes or Update your Fork to get an up to date version of the project to edit. The appropriate page in your fork is displayed in edit mode.
Follow the rest of the Quick start with Netlify process above to make, preview, and propose your changes.

Previewing your changes locally

If you want to run your own local Hugo server to preview your changes as you work:

Follow the instructions in Getting started to install Hugo and any other tools you need. You’ll need at least Hugo version 0.45 (we recommend using the most recent available version), and it must be the extended version, which supports SCSS.
Fork the Goldydocs repo repo into your own project, then create a local copy using git clone. Don’t forget to use --recurse-submodules or you won’t pull down some of the code you need to generate a working site.
```
git clone --recurse-submodules --depth 1 https://github.com/Vonng/pigsty-example.git
```
Run hugo server in the site root directory. By default your site will be available at http://localhost:1313/. Now that you’re serving your site locally, Hugo will watch for changes to the content and automatically refresh your site.
Continue with the usual GitHub workflow to edit files, commit them, push the changes up to your fork, and create a pull request.

Creating an issue

Useful resources

Pigsty user guide: All about Pigsty, including how it manages navigation, look and feel, and multi-language support.

4.2 - Cluster/集群监控

集群级别的监控面板

All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult GitHub Help for more information on using pull requests.

Quick start with Netlify

Here’s a quick guide to updating the docs. It assumes you’re familiar with the GitHub workflow and you’re happy to use the automated preview of your doc updates:

Fork the Goldydocs repo on GitHub.
Make your changes and send a pull request (PR).
If you’re not yet ready for a review, add “WIP” to the PR name to indicate it’s a work in progress. (Don’t add the Hugo property “draft = true” to the page front matter, because that prevents the auto-deployment of the content preview described in the next point.)
Wait for the automated PR workflow to do some checks. When it’s ready, you should see a comment like this: deploy/netlify — Deploy preview ready!
Click Details to the right of “Deploy preview ready” to see a preview of your updates.
Continue updating your doc and pushing your changes until you’re happy with the content.
When you’re ready for a review, add a comment to the PR, and remove any “WIP” markers.

Updating a single page

If you’ve just spotted something you’d like to change while using the docs, Pigsty has a shortcut for you:

Click Edit this page in the top right hand corner of the page.
If you don’t already have an up to date fork of the project repo, you are prompted to get one - click Fork this repository and propose changes or Update your Fork to get an up to date version of the project to edit. The appropriate page in your fork is displayed in edit mode.
Follow the rest of the Quick start with Netlify process above to make, preview, and propose your changes.

Previewing your changes locally

If you want to run your own local Hugo server to preview your changes as you work:

Follow the instructions in Getting started to install Hugo and any other tools you need. You’ll need at least Hugo version 0.45 (we recommend using the most recent available version), and it must be the extended version, which supports SCSS.
Fork the Goldydocs repo repo into your own project, then create a local copy using git clone. Don’t forget to use --recurse-submodules or you won’t pull down some of the code you need to generate a working site.
```
git clone --recurse-submodules --depth 1 https://github.com/Vonng/pigsty-example.git
```
Run hugo server in the site root directory. By default your site will be available at http://localhost:1313/. Now that you’re serving your site locally, Hugo will watch for changes to the content and automatically refresh your site.
Continue with the usual GitHub workflow to edit files, commit them, push the changes up to your fork, and create a pull request.

Creating an issue

Useful resources

Pigsty user guide: All about Pigsty, including how it manages navigation, look and feel, and multi-language support.

4.3 - Service/服务监控

服务级别的监控面板

All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult GitHub Help for more information on using pull requests.

Quick start with Netlify

Here’s a quick guide to updating the docs. It assumes you’re familiar with the GitHub workflow and you’re happy to use the automated preview of your doc updates:

Fork the Goldydocs repo on GitHub.
Make your changes and send a pull request (PR).
If you’re not yet ready for a review, add “WIP” to the PR name to indicate it’s a work in progress. (Don’t add the Hugo property “draft = true” to the page front matter, because that prevents the auto-deployment of the content preview described in the next point.)
Wait for the automated PR workflow to do some checks. When it’s ready, you should see a comment like this: deploy/netlify — Deploy preview ready!
Click Details to the right of “Deploy preview ready” to see a preview of your updates.
Continue updating your doc and pushing your changes until you’re happy with the content.
When you’re ready for a review, add a comment to the PR, and remove any “WIP” markers.

Updating a single page

If you’ve just spotted something you’d like to change while using the docs, Pigsty has a shortcut for you:

Click Edit this page in the top right hand corner of the page.
If you don’t already have an up to date fork of the project repo, you are prompted to get one - click Fork this repository and propose changes or Update your Fork to get an up to date version of the project to edit. The appropriate page in your fork is displayed in edit mode.
Follow the rest of the Quick start with Netlify process above to make, preview, and propose your changes.

Previewing your changes locally

If you want to run your own local Hugo server to preview your changes as you work:

Follow the instructions in Getting started to install Hugo and any other tools you need. You’ll need at least Hugo version 0.45 (we recommend using the most recent available version), and it must be the extended version, which supports SCSS.
Fork the Goldydocs repo repo into your own project, then create a local copy using git clone. Don’t forget to use --recurse-submodules or you won’t pull down some of the code you need to generate a working site.
```
git clone --recurse-submodules --depth 1 https://github.com/Vonng/pigsty-example.git
```
Run hugo server in the site root directory. By default your site will be available at http://localhost:1313/. Now that you’re serving your site locally, Hugo will watch for changes to the content and automatically refresh your site.
Continue with the usual GitHub workflow to edit files, commit them, push the changes up to your fork, and create a pull request.

Creating an issue

Useful resources

Pigsty user guide: All about Pigsty, including how it manages navigation, look and feel, and multi-language support.

4.4 - Instance/实例监控

集群级别的监控面板

All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult GitHub Help for more information on using pull requests.

Quick start with Netlify

Here’s a quick guide to updating the docs. It assumes you’re familiar with the GitHub workflow and you’re happy to use the automated preview of your doc updates:

Fork the Goldydocs repo on GitHub.
Make your changes and send a pull request (PR).
If you’re not yet ready for a review, add “WIP” to the PR name to indicate it’s a work in progress. (Don’t add the Hugo property “draft = true” to the page front matter, because that prevents the auto-deployment of the content preview described in the next point.)
Wait for the automated PR workflow to do some checks. When it’s ready, you should see a comment like this: deploy/netlify — Deploy preview ready!
Click Details to the right of “Deploy preview ready” to see a preview of your updates.
Continue updating your doc and pushing your changes until you’re happy with the content.
When you’re ready for a review, add a comment to the PR, and remove any “WIP” markers.

Updating a single page

If you’ve just spotted something you’d like to change while using the docs, Pigsty has a shortcut for you:

Click Edit this page in the top right hand corner of the page.
If you don’t already have an up to date fork of the project repo, you are prompted to get one - click Fork this repository and propose changes or Update your Fork to get an up to date version of the project to edit. The appropriate page in your fork is displayed in edit mode.
Follow the rest of the Quick start with Netlify process above to make, preview, and propose your changes.

Previewing your changes locally

If you want to run your own local Hugo server to preview your changes as you work:

Follow the instructions in Getting started to install Hugo and any other tools you need. You’ll need at least Hugo version 0.45 (we recommend using the most recent available version), and it must be the extended version, which supports SCSS.
Fork the Goldydocs repo repo into your own project, then create a local copy using git clone. Don’t forget to use --recurse-submodules or you won’t pull down some of the code you need to generate a working site.
```
git clone --recurse-submodules --depth 1 https://github.com/Vonng/pigsty-example.git
```
Run hugo server in the site root directory. By default your site will be available at http://localhost:1313/. Now that you’re serving your site locally, Hugo will watch for changes to the content and automatically refresh your site.
Continue with the usual GitHub workflow to edit files, commit them, push the changes up to your fork, and create a pull request.

Creating an issue

Useful resources

Pigsty user guide: All about Pigsty, including how it manages navigation, look and feel, and multi-language support.

4.5 - Database/数据库监控

数据库级别的监控面板

All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult GitHub Help for more information on using pull requests.

Quick start with Netlify

Here’s a quick guide to updating the docs. It assumes you’re familiar with the GitHub workflow and you’re happy to use the automated preview of your doc updates:

Fork the Goldydocs repo on GitHub.
Make your changes and send a pull request (PR).
If you’re not yet ready for a review, add “WIP” to the PR name to indicate it’s a work in progress. (Don’t add the Hugo property “draft = true” to the page front matter, because that prevents the auto-deployment of the content preview described in the next point.)
Wait for the automated PR workflow to do some checks. When it’s ready, you should see a comment like this: deploy/netlify — Deploy preview ready!
Click Details to the right of “Deploy preview ready” to see a preview of your updates.
Continue updating your doc and pushing your changes until you’re happy with the content.
When you’re ready for a review, add a comment to the PR, and remove any “WIP” markers.

Updating a single page

If you’ve just spotted something you’d like to change while using the docs, Pigsty has a shortcut for you:

Click Edit this page in the top right hand corner of the page.
If you don’t already have an up to date fork of the project repo, you are prompted to get one - click Fork this repository and propose changes or Update your Fork to get an up to date version of the project to edit. The appropriate page in your fork is displayed in edit mode.
Follow the rest of the Quick start with Netlify process above to make, preview, and propose your changes.

Previewing your changes locally

If you want to run your own local Hugo server to preview your changes as you work:

Follow the instructions in Getting started to install Hugo and any other tools you need. You’ll need at least Hugo version 0.45 (we recommend using the most recent available version), and it must be the extended version, which supports SCSS.
Fork the Goldydocs repo repo into your own project, then create a local copy using git clone. Don’t forget to use --recurse-submodules or you won’t pull down some of the code you need to generate a working site.
```
git clone --recurse-submodules --depth 1 https://github.com/Vonng/pigsty-example.git
```
Run hugo server in the site root directory. By default your site will be available at http://localhost:1313/. Now that you’re serving your site locally, Hugo will watch for changes to the content and automatically refresh your site.
Continue with the usual GitHub workflow to edit files, commit them, push the changes up to your fork, and create a pull request.

Creating an issue

Useful resources

Pigsty user guide: All about Pigsty, including how it manages navigation, look and feel, and multi-language support.

4.6 - 实体命名规则

介绍实体命名规则

All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult GitHub Help for more information on using pull requests.

Quick start with Netlify

Here’s a quick guide to updating the docs. It assumes you’re familiar with the GitHub workflow and you’re happy to use the automated preview of your doc updates:

Fork the Goldydocs repo on GitHub.
Make your changes and send a pull request (PR).
If you’re not yet ready for a review, add “WIP” to the PR name to indicate it’s a work in progress. (Don’t add the Hugo property “draft = true” to the page front matter, because that prevents the auto-deployment of the content preview described in the next point.)
Wait for the automated PR workflow to do some checks. When it’s ready, you should see a comment like this: deploy/netlify — Deploy preview ready!
Click Details to the right of “Deploy preview ready” to see a preview of your updates.
Continue updating your doc and pushing your changes until you’re happy with the content.
When you’re ready for a review, add a comment to the PR, and remove any “WIP” markers.

Updating a single page

If you’ve just spotted something you’d like to change while using the docs, Pigsty has a shortcut for you:

Click Edit this page in the top right hand corner of the page.
If you don’t already have an up to date fork of the project repo, you are prompted to get one - click Fork this repository and propose changes or Update your Fork to get an up to date version of the project to edit. The appropriate page in your fork is displayed in edit mode.
Follow the rest of the Quick start with Netlify process above to make, preview, and propose your changes.

Previewing your changes locally

If you want to run your own local Hugo server to preview your changes as you work:

Follow the instructions in Getting started to install Hugo and any other tools you need. You’ll need at least Hugo version 0.45 (we recommend using the most recent available version), and it must be the extended version, which supports SCSS.
Fork the Goldydocs repo repo into your own project, then create a local copy using git clone. Don’t forget to use --recurse-submodules or you won’t pull down some of the code you need to generate a working site.
```
git clone --recurse-submodules --depth 1 https://github.com/Vonng/pigsty-example.git
```
Run hugo server in the site root directory. By default your site will be available at http://localhost:1313/. Now that you’re serving your site locally, Hugo will watch for changes to the content and automatically refresh your site.
Continue with the usual GitHub workflow to edit files, commit them, push the changes up to your fork, and create a pull request.

Creating an issue

Useful resources

Pigsty user guide: All about Pigsty, including how it manages navigation, look and feel, and multi-language support.

4.7 - 衍生指标

介绍附带的衍生监控指标，如何定义衍生指标

All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult GitHub Help for more information on using pull requests.

Quick start with Netlify

Here’s a quick guide to updating the docs. It assumes you’re familiar with the GitHub workflow and you’re happy to use the automated preview of your doc updates:

Fork the Goldydocs repo on GitHub.
Make your changes and send a pull request (PR).
If you’re not yet ready for a review, add “WIP” to the PR name to indicate it’s a work in progress. (Don’t add the Hugo property “draft = true” to the page front matter, because that prevents the auto-deployment of the content preview described in the next point.)
Wait for the automated PR workflow to do some checks. When it’s ready, you should see a comment like this: deploy/netlify — Deploy preview ready!
Click Details to the right of “Deploy preview ready” to see a preview of your updates.
Continue updating your doc and pushing your changes until you’re happy with the content.
When you’re ready for a review, add a comment to the PR, and remove any “WIP” markers.

Updating a single page

If you’ve just spotted something you’d like to change while using the docs, Pigsty has a shortcut for you:

Click Edit this page in the top right hand corner of the page.
If you don’t already have an up to date fork of the project repo, you are prompted to get one - click Fork this repository and propose changes or Update your Fork to get an up to date version of the project to edit. The appropriate page in your fork is displayed in edit mode.
Follow the rest of the Quick start with Netlify process above to make, preview, and propose your changes.

Previewing your changes locally

If you want to run your own local Hugo server to preview your changes as you work:

Follow the instructions in Getting started to install Hugo and any other tools you need. You’ll need at least Hugo version 0.45 (we recommend using the most recent available version), and it must be the extended version, which supports SCSS.
Fork the Goldydocs repo repo into your own project, then create a local copy using git clone. Don’t forget to use --recurse-submodules or you won’t pull down some of the code you need to generate a working site.
```
git clone --recurse-submodules --depth 1 https://github.com/Vonng/pigsty-example.git
```
Run hugo server in the site root directory. By default your site will be available at http://localhost:1313/. Now that you’re serving your site locally, Hugo will watch for changes to the content and automatically refresh your site.
Continue with the usual GitHub workflow to edit files, commit them, push the changes up to your fork, and create a pull request.

Creating an issue

Useful resources

Pigsty user guide: All about Pigsty, including how it manages navigation, look and feel, and multi-language support.

4.8 - 报警规则

介绍附带的数据库报警规则，以及如何定制报警规则

All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult GitHub Help for more information on using pull requests.

Quick start with Netlify

Here’s a quick guide to updating the docs. It assumes you’re familiar with the GitHub workflow and you’re happy to use the automated preview of your doc updates:

Fork the Goldydocs repo on GitHub.
Make your changes and send a pull request (PR).
If you’re not yet ready for a review, add “WIP” to the PR name to indicate it’s a work in progress. (Don’t add the Hugo property “draft = true” to the page front matter, because that prevents the auto-deployment of the content preview described in the next point.)
Wait for the automated PR workflow to do some checks. When it’s ready, you should see a comment like this: deploy/netlify — Deploy preview ready!
Click Details to the right of “Deploy preview ready” to see a preview of your updates.
Continue updating your doc and pushing your changes until you’re happy with the content.
When you’re ready for a review, add a comment to the PR, and remove any “WIP” markers.

Updating a single page

If you’ve just spotted something you’d like to change while using the docs, Pigsty has a shortcut for you:

Click Edit this page in the top right hand corner of the page.
If you don’t already have an up to date fork of the project repo, you are prompted to get one - click Fork this repository and propose changes or Update your Fork to get an up to date version of the project to edit. The appropriate page in your fork is displayed in edit mode.
Follow the rest of the Quick start with Netlify process above to make, preview, and propose your changes.

Previewing your changes locally

If you want to run your own local Hugo server to preview your changes as you work:

Follow the instructions in Getting started to install Hugo and any other tools you need. You’ll need at least Hugo version 0.45 (we recommend using the most recent available version), and it must be the extended version, which supports SCSS.
Fork the Goldydocs repo repo into your own project, then create a local copy using git clone. Don’t forget to use --recurse-submodules or you won’t pull down some of the code you need to generate a working site.
```
git clone --recurse-submodules --depth 1 https://github.com/Vonng/pigsty-example.git
```
Run hugo server in the site root directory. By default your site will be available at http://localhost:1313/. Now that you’re serving your site locally, Hugo will watch for changes to the content and automatically refresh your site.
Continue with the usual GitHub workflow to edit files, commit them, push the changes up to your fork, and create a pull request.

Creating an issue

Useful resources

Pigsty user guide: All about Pigsty, including how it manages navigation, look and feel, and multi-language support.

5 - 配置教程

如何基于环境配置Pigsty，按需定制Pigsty

pigsty protocol:

Configuration
Provision Infrasturcture (DNS, NTP, DCS, YUM, Prometheus, Grafana, Nginx, Alertmanager, etc…)
Provision Database

you can customize :

everything listed in parameter reference doc
patroni template : how postgres cluster are forged?
init template: e.g role system, special users, hba, blah blah

5.1 - Vagrant虚拟机供给

如何基于Vagrant与Virtualbox快速在本地拉起测试虚拟机

Vagrant Provision [DRAFT]

If you wish to run pigsty on your laptop, consider using vagrant and virtualbox as vm provisioner

Install vagrant, virtualbox and ansible on your computer. for example:

brew install virtualbox vagrant ansible 	# MacOS, other may not work this way

Use vagrant with Vagrantfile, it will provision 4 nodes (via virtualbox) for this project.

make up     # pull up vm nodes. alternative: cd vagrant && vagrant up

Setup nopass ssh from your host to vm nodes

make ssh		# cd vagrant && vagrant ssh-config > ~/.ssh/pigsty_config

There are some vagrant shortcuts defined in Makefile

make				# launch cluster
make new    # create a new pigsty cluster
make dns		# write pigsty dns record to your /etc/hosts (sudo required)
make ssh		# write ssh config to your ~/.ssh/config
make clean	# delete current cluster
make cache	# copy local yum repo packages to your pigsty/pkg

Vagrant provision scripts tested on MacOS 10.15 Catalina.

Vagrant使用教程

如果您希望在本地环境运行Pigsty示例，可以考虑使用 vagrant与virtualbox初始化本地虚拟机。

在宿主机上安装 vagrant, virtualbox 与ansible（可选）

具体安装方式因平台而异，请参照软件官网文档进行，以MacOS为例，可以使用homebrew一键安装：

brew install virtualbox vagrant ansible 	# MacOS命令行

在项目主目录执行make up，系统会使用 Vagrantfile中的定义拉起四台虚拟机。

make up     # 拉起所有节点，也可以通过进入vagrant目录执行vagrant up实现

配置宿主机到虚拟机的SSH免密访问

make ssh		# 等价于执行 cd vagrant && vagrant ssh-config > ~/.ssh/pigsty_config

在 Makefile 中定义了一些vagrant快捷方式

make				# 启动集群
make new    # 销毁并创建新集群
make dns		# 将Pigsty域名记录写入本机/etc/hosts （需要sudo权限）
make ssh		# 将虚拟机SSH配置信息写入 ~/.ssh/config
make clean	# 销毁现有本地集群
make cache	# 制作离线安装包，并拷贝至宿主机本地，加速后续集群创建
make upload # 将离线安装缓存包 pkg.tgz 上传并解压至默认目录 /www/pigsty

附带的Vagrantfile在MacOS 10.15下测试

5.2 - 环境配置指南

如何修改配置文件以控制Pigsty的行为表现

Configuration Guide [DRAFT]

pigsty can be configured via 200+ parameters. Which defines the infrastructure and all database clusters.

TL;DR

Follow ansible YAML Inventory format: Hosts, Groups, Variables.
Everything in one config files, and one configuration file per environment (dev, pre, prod, etc…)
Database clusters are defined as top-level groups: all.children.<cluster_name>, one entry per cluster
Variable precedence: cli > host > group > global > default
Global variables all.vars defines unified configuration among entire environment
Group variables all.children.<cluster>.vars defines database-cluster-wide configurations
Database instances are defined as group members: all.children.<cluster>.hosts, one entry per host. Host variable can be defined and override group & global & default values.
Group variable pg_cluster and Host variables pg_role , pg_seq are required for each cluster.
Each cluster must have one and only one instance with pg_role=primary (even if it is a standby clutster leader)

Minimum Example

Here is an minimum configuration example that defines a single node environment and one database cluster pg-meta

---
######################################################################
#                  Minimal Environment Inventory                     #
######################################################################
all: # top-level namespace, match all hosts


  #==================================================================#
  #                           Clusters                               #
  #==================================================================#
  children: # top-level groups, one group per database cluster (and special group 'meta')

    #-----------------------------
    # meta controller
    #-----------------------------
    meta: # special group 'meta' defines the main controller machine
      vars:
        meta_node: true                     # mark node as meta controller
        ansible_group_priority: 99          # meta group is top priority

      # nodes in meta group (1-3)
      hosts:
        10.10.10.10:                        # meta node IP ADDRESS
        ansible_host: meta                  # comment this if not access via ssh alias

    #-----------------------------
    # cluster: pg-meta
    #-----------------------------
    pg-meta:
      # - cluster configs - #
      vars:
        pg_cluster: pg-meta                 # define actual cluster name
        pg_version: 12                      # define installed pgsql version
        pg_default_username: meta           # default business username
        pg_default_password: meta           # default business password
        pg_default_database: meta           # default database name
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.2             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip

  #==================================================================#
  #                           Globals                                #
  #==================================================================#
  vars:
    proxy_env: # global proxy env when downloading packages
      no_proxy: "localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16,*.pigsty,*.aliyun.com"

...

Cluster Inventory

Cluster inventory define clusters and instances to be managed. Minimal information required including:

IP Address (or other connection params, e.g ssh name/alias/user/pass)
Cluster name: pg_cluster, follow DNS naming standard ([a-z][a-z0-9-]*)
Instance index: pg_seq, integer that unique among cluster
Instance role: pg_role, which could be primary, or replica

Here is an example of ansible cluster inventory definition in ini format (which is more compat but not recommended):

[pg-test]
10.10.10.11 pg_role=primary pg_seq=1
10.10.10.12 pg_role=replica pg_seq=2
10.10.10.13 pg_role=replica pg_seq=3

[pg-test:vars]
pg_cluster = pg-test
pg_version = 12

You can override cluster variables in all.children.<cluster>.vars and override instance variables in all.children.<cluster>.hosts.<host>. Here are some variables can be set in cluster or instance level. (Note that all variables are merged into host level before execution).

#------------------------------------------------------------------------------
# POSTGRES INSTALLATION
#------------------------------------------------------------------------------
# - dbsu - #
pg_dbsu: postgres                             # os user for database, postgres by default (change it is not recommended!)
pg_dbsu_uid: 26                               # os dbsu uid and gid, 26 for default postgres users and groups
pg_dbsu_sudo: limit                           # none|limit|all|nopass (Privilege for dbsu, limit is recommended)
pg_dbsu_home: /var/lib/pgsql                  # postgresql binary
pg_dbsu_ssh_exchange: false                   # exchange ssh key among same cluster

# - postgres packages - #
pg_version: 12                                # default postgresql version
pgdg_repo: false                              # use official pgdg yum repo (disable if you have local mirror)
pg_add_repo: false                            # add postgres related repo before install (useful if you want a simple install)
pg_bin_dir: /usr/pgsql/bin                    # postgres binary dir
pg_packages: []                               # packages to be installed
pg_extensions: []                             # extensions to be installed

#------------------------------------------------------------------------------
# POSTGRES CLUSTER PROVISION
#------------------------------------------------------------------------------
# - identity - #
pg_cluster:                                   # [REQUIRED] cluster name (validated during pg_preflight)
pg_seq: 0                                     # [REQUIRED] instance seq (validated during pg_preflight)
pg_role: replica                              # [REQUIRED] service role (validated during pg_preflight)
pg_hostname: false                            # overwrite node hostname with pg instance name
pg_nodename: true                             # overwrite consul nodename with pg instance name

# - retention - #
# pg_exists_action, available options: abort|clean|skip
#  - abort: abort entire play's execution (default)
#  - clean: remove existing cluster (dangerous)
#  - skip: end current play for this host
# pg_exists: false                            # auxiliary flag variable (DO NOT SET THIS)
pg_exists_action: clean

# - storage - #
pg_data: /pg/data                             # postgres data directory
pg_fs_main: /export                           # data disk mount point     /pg -> {{ pg_fs_main }}/postgres/{{ pg_instance }}
pg_fs_bkup: /var/backups                      # backup disk mount point   /pg/* -> {{ pg_fs_bkup }}/postgres/{{ pg_instance }}/*

# - connection - #
pg_listen: '0.0.0.0'                          # postgres listen address, '0.0.0.0' by default (all ipv4 addr)
pg_port: 5432                                 # postgres port (5432 by default)

# - patroni - #
# patroni_mode, available options: default|pause|remove
#   - default: default ha mode
#   - pause:   into maintenance mode
#   - remove:  remove patroni after bootstrap
patroni_mode: default                         # pause|default|remove
pg_namespace: /pg                             # top level key namespace in dcs
patroni_port: 8008                            # default patroni port
patroni_watchdog_mode: automatic              # watchdog mode: off|automatic|required

# - template - #
pg_conf: tiny.yml                             # user provided patroni config template path
pg_init: initdb.sh                            # user provided post-init script path, default: initdb.sh

# - authentication - #
pg_hba_common: []                             # hba entries for all instances
pg_hba_primary: []                            # hba entries for primary instance
pg_hba_replica: []                            # hba entries for replicas instances
pg_hba_pgbouncer: []                          # hba entries for pgbouncer

# - credential - #
pg_dbsu_password: ''                          # dbsu password (leaving blank will disable sa password login)
pg_replication_username: replicator           # replication user
pg_replication_password: replicator           # replication password
pg_monitor_username: dbuser_monitor           # monitor user
pg_monitor_password: dbuser_monitor           # monitor password

# - default - #
pg_default_username: postgres                 # non 'postgres' will create a default admin user (not superuser)
pg_default_password: postgres                 # dbsu password, omit for 'postgres'
pg_default_database: postgres                 # non 'postgres' will create a default database
pg_default_schema: public                     # default schema will be create under default database and used as first element of search_path
pg_default_extensions: "tablefunc,postgres_fdw,file_fdw,btree_gist,btree_gin,pg_trgm"

# - pgbouncer - #
pgbouncer_port: 6432                          # default pgbouncer port
pgbouncer_poolmode: transaction               # default pooling mode: transaction pooling
pgbouncer_max_db_conn: 100                    # important! do not set this larger than postgres max conn or conn limit

#------------------------------------------------------------------------------
# MONITOR PROVISION
#------------------------------------------------------------------------------
# - monitor options -
node_exporter_port: 9100                      # default port for node exporter
pg_exporter_port: 9630                        # default port for pg exporter
pgbouncer_exporter_port: 9631                 # default port for pgbouncer exporter
exporter_metrics_path: /metrics               # default metric path for pg related exporter

#------------------------------------------------------------------------------
# PROXY PROVISION
#------------------------------------------------------------------------------
# - vip - #
vip_enabled: true                             # level2 vip requires primary/standby under same switch
vip_address: 127.0.0.1                        # virtual ip address ip/cidr
vip_cidrmask: 32                              # virtual ip address cidr mask
vip_interface: eth0                           # virtual ip network interface

# - haproxy - #
haproxy_enabled: true                         # enable haproxy among every cluster members
haproxy_policy: leastconn                     # roundrobin, leastconn
haproxy_admin_username: admin                 # default haproxy admin username
haproxy_admin_password: admin                 # default haproxy admin password
haproxy_client_timeout: 3h                    # client side connection timeout
haproxy_server_timeout: 3h                    # server side connection timeout
haproxy_exporter_port: 9101                   # default admin/exporter port
haproxy_check_port: 8008                      # default health check port (patroni 8008 by default)
haproxy_primary_port: 5433                    # default primary port 5433
haproxy_replica_port: 5434                    # default replica port 5434
haproxy_backend_port: 6432                    # default target port: pgbouncer:6432 postgres:5432

Global variables

Global variables are defined in all.vars. (Or any other ways that follows ansible standard)

Global variables are aiming at unification of environment. Define different infrastructure (e.g DCS, DNS, NTP address, packages to be installed, unified admin user, etc…) for different environments.

Global variables are merged into host variables before execution. And follows ansible variable precedence.

There are lot’s of variables can be defined, Refer to role document for more detail

Variables are divided into 8 sections

Connection Information
Repo Provision
Node Provision
Meta Provision
DCS Provision
Postgres Installation
Postgres Cluster Initialization
Monitoring
Load Balancer

Standard Example

Here is an example for demo environment:

---
######################################################################
# File      :   dev.yml
# Path      :   inventory/dev.yml
# Desc      :   Configuration file for development (demo) environment
# Note      :   follow ansible inventory file format
# Ctime     :   2020-09-22
# Mtime     :   2020-09-22
# Copyright (C) 2019-2020 Ruohang Feng
######################################################################


######################################################################
#               Development Environment Inventory                    #
######################################################################
all: # top-level namespace, match all hosts


  #==================================================================#
  #                           Clusters                               #
  #==================================================================#
  children: # top-level groups, one group per database cluster (and special group 'meta')

    #-----------------------------
    # meta controller
    #-----------------------------
    meta: # special group 'meta' defines the main controller machine
      vars:
        meta_node: true                     # mark node as meta controller
        ansible_group_priority: 99          # meta group is top priority

      # nodes in meta group (1-3)
      hosts:
        10.10.10.10: # meta node IP ADDRESS
          ansible_host: meta                # comment this if not access via ssh alias


    #-----------------------------
    # cluster: pg-meta
    #-----------------------------
    pg-meta:

      # - cluster configs - #
      vars:
        # basic settings
        pg_cluster: pg-meta                 # define actual cluster name
        pg_version: 13                      # define installed pgsql version
        node_tune: oltp                     # tune node into oltp|olap|crit|tiny mode
        pg_conf: oltp.yml                   # tune pgsql into oltp/olap/crit/tiny mode

        # misc
        patroni_mode: pause                 # enter maintenance mode, {default|pause|remove}
        patroni_watchdog_mode: off          # disable watchdog (require|automatic|off)
        pg_hostname: false                  # overwrite node hostname with pg instance name
        pg_nodename: true                   # overwrite consul nodename with pg instance name

        # bootstrap template
        pg_init: initdb.sh                  # bootstrap postgres cluster with initdb.sh
        pg_default_username: meta           # default business username
        pg_default_password: meta           # default business password
        pg_default_database: meta           # default database name

        # vip settings
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.2             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip

      # - cluster members - #
      hosts:
        10.10.10.10:
          ansible_host: meta              # comment this if not access via ssh alias
          pg_role: primary                # initial role: primary & replica
          pg_seq: 1                       # instance sequence among cluster


    #-----------------------------
    # cluster: pg-test
    #-----------------------------
    pg-test: # define cluster named 'pg-test'

      # - cluster configs - #
      vars:
        # basic settings
        pg_cluster: pg-test                 # define actual cluster name
        pg_version: 13                      # define installed pgsql version
        node_tune: tiny                     # tune node into oltp|olap|crit|tiny mode
        pg_conf: tiny.yml                   # tune pgsql into oltp/olap/crit/tiny mode

        # bootstrap template
        pg_init: initdb.sh                  # bootstrap postgres cluster with initdb.sh
        pg_default_username: test           # default business username
        pg_default_password: test           # default business password
        pg_default_database: test           # default database name

        # vip settings
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.3             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip


      # - cluster members - #
      hosts:
        10.10.10.11:
          ansible_host: node-1            # comment this if not access via ssh alias
          pg_role: primary                # initial role: primary & replica
          pg_seq: 1                       # instance sequence among cluster

        10.10.10.12:
          ansible_host: node-2            # comment this if not access via ssh alias
          pg_role: replica                # initial role: primary & replica
          pg_seq: 2                       # instance sequence among cluster

        10.10.10.13:
          ansible_host: node-3            # comment this if not access via ssh alias
          pg_role: replica                # initial role: primary & replica
          pg_seq: 3                       # instance sequence among cluster



  #==================================================================#
  #                           Globals                                #
  #==================================================================#
  vars:

    #------------------------------------------------------------------------------
    # CONNECTION PARAMETERS
    #------------------------------------------------------------------------------
    # this section defines connection parameters

    # ansible_user: vagrant             # admin user with ssh access and sudo privilege

    proxy_env: # global proxy env when downloading packages
      no_proxy: "localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16,*.pigsty,*.aliyun.com"

    #------------------------------------------------------------------------------
    # REPO PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to build a local repo

    repo_enabled: true                            # build local yum repo on meta nodes?
    repo_name: pigsty                             # local repo name
    repo_address: yum.pigsty                      # repo external address (ip:port or url)
    repo_port: 80                                 # listen address, must same as repo_address
    repo_home: /www                               # default repo dir location
    repo_rebuild: false                           # force re-download packages
    repo_remove: true                             # remove existing repos

    # - where to download - #
    repo_upstreams:
      - name: base
        description: CentOS-$releasever - Base - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: updates
        description: CentOS-$releasever - Updates - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: extras
        description: CentOS-$releasever - Extras - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: epel
        description: CentOS $releasever - EPEL - Aliyun Mirror
        baseurl: http://mirrors.aliyun.com/epel/$releasever/$basearch
        gpgcheck: no
        failovermethod: priority

      - name: grafana
        description: Grafana - TsingHua Mirror
        gpgcheck: no
        baseurl: https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm

      - name: prometheus
        description: Prometheus and exporters
        gpgcheck: no
        baseurl: https://packagecloud.io/prometheus-rpm/release/el/$releasever/$basearch

      - name: pgdg-common
        description: PostgreSQL common RPMs for RHEL/CentOS $releasever - $basearch
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-$releasever-$basearch

      - name: pgdg13
        description: PostgreSQL 13 for RHEL/CentOS $releasever - $basearch - Updates testing
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch

      - name: centos-sclo
        description: CentOS-$releasever - SCLo
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-sclo

      - name: centos-sclo-rh
        description: CentOS-$releasever - SCLo rh
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-rh

      - name: nginx
        description: Nginx Official Yum Repo
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: http://nginx.org/packages/centos/$releasever/$basearch/

      - name: haproxy
        description: Copr repo for haproxy
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: https://download.copr.fedorainfracloud.org/results/roidelapluie/haproxy/epel-$releasever-$basearch/

    # - what to download - #
    repo_packages:
      # repo bootstrap packages
      - epel-release nginx wget yum-utils yum createrepo                                      # bootstrap packages

      # node basic packages
      - ntp chrony uuid lz4 nc pv jq vim-enhanced make patch bash lsof wget unzip git tuned   # basic system util
      - readline zlib openssl libyaml libxml2 libxslt perl-ExtUtils-Embed ca-certificates     # basic pg dependency
      - numactl grubby sysstat dstat iotop bind-utils net-tools tcpdump socat ipvsadm telnet  # system utils

      # dcs & monitor packages
      - grafana prometheus2 pushgateway alertmanager                                          # monitor and ui
      - node_exporter postgres_exporter nginx_exporter blackbox_exporter                      # exporter
      - consul consul_exporter consul-template etcd                                           # dcs

      # python3 dependencies
      - ansible python python-pip python-psycopg2                                             # ansible & python
      - python3 python3-psycopg2 python36-requests python3-etcd python3-consul                # python3
      - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography               # python3 patroni extra deps

      # proxy and load balancer
      - haproxy keepalived dnsmasq                                                            # proxy and dns

      # postgres common Packages
      - patroni patroni-consul patroni-etcd pgbouncer pg_cli pgbadger pg_activity             # major components
      - pgcenter boxinfo check_postgres emaj pgbconsole pg_bloat_check pgquarrel              # other common utils
      - barman barman-cli pgloader pgFormatter pitrery pspg pgxnclient PyGreSQL pgadmin4

      # postgres 13 packages
      - postgresql13* postgis31*                                                              # postgres 13 and postgis 31
      - pg_qualstats13 pg_stat_kcache13 system_stats_13 bgw_replstatus13                      # stats extensions
      - plr13 plsh13 plpgsql_check_13 pldebugger13                                            # pl extensions
      - hdfs_fdw_13 mongo_fdw13 mysql_fdw_13 ogr_fdw13 redis_fdw_13                           # FDW extensions
      - wal2json13 count_distinct13 ddlx_13 geoip13 orafce13                                  # other extensions
      - hypopg_13 ip4r13 jsquery_13 logerrors_13 periods_13 pg_auto_failover_13 pg_catcheck13
      - pg_fkpart13 pg_jobmon13 pg_partman13 pg_prioritize_13 pg_track_settings13 pgaudit15_13
      - pgcryptokey13 pgexportdoc13 pgimportdoc13 pgmemcache-13 pgmp13 pgq-13 # pgrouting_13
      - pguint13 pguri13 prefix13  safeupdate_13 semver13  table_version13 tdigest13

      # Postgres 12 Packages
      # - postgresql12* postgis30_12* timescaledb_12 citus_12 pglogical_12                    # postgres 12 basic
      # - pg_qualstats12 pg_cron_12 pg_repack12 pg_squeeze12 pg_stat_kcache12 wal2json12 pgpool-II-12 pgpool-II-12-extensions python3-psycopg2 python2-psycopg2
      # - ddlx_12 bgw_replstatus12 count_distinct12 extra_window_functions_12 geoip12 hll_12 hypopg_12 ip4r12 jsquery_12 multicorn12 osm_fdw12 mysql_fdw_12 ogr_fdw12 mongo_fdw12 hdfs_fdw_12 cstore_fdw_12 wal2mongo12 orafce12 pagila12 pam-pgsql12 passwordcheck_cracklib12 periods_12 pg_auto_failover_12 pg_bulkload12 pg_catcheck12 pg_comparator12 pg_filedump12 pg_fkpart12 pg_jobmon12 pg_partman12 pg_pathman12 pg_track_settings12 pg_wait_sampling_12 pgagent_12 pgaudit14_12 pgauditlogtofile-12 pgbconsole12 pgcryptokey12 pgexportdoc12 pgfincore12 pgimportdoc12 pgmemcache-12 pgmp12 pgq-12 pgrouting_12 pgtap12 plpgsql_check_12 plr12 plsh12 postgresql_anonymizer12 postgresql-unit12 powa_12 prefix12 repmgr12 safeupdate_12 semver12 slony1-12 sqlite_fdw12 sslutils_12 system_stats_12 table_version12 topn_12

    repo_url_packages:
      - https://github.com/Vonng/pg_exporter/releases/download/v0.2.0/pg_exporter-0.2.0-1.el7.x86_64.rpm
      - https://github.com/cybertec-postgresql/vip-manager/releases/download/v0.6/vip-manager_0.6-1_amd64.rpm
      - http://guichaz.free.fr/polysh/files/polysh-0.4-1.noarch.rpm





    #------------------------------------------------------------------------------
    # NODE PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to provision nodes

    # - node dns - #
    node_dns_hosts: # static dns records in /etc/hosts
      - 10.10.10.10 yum.pigsty
    node_dns_server: add                          # add (default) | none (skip) | overwrite (remove old settings)
    node_dns_servers: # dynamic nameserver in /etc/resolv.conf
      - 10.10.10.10
    node_dns_options: # dns resolv options
      - options single-request-reopen timeout:1 rotate
      - domain service.consul

    # - node repo - #
    node_repo_method: local                       # none|local|public (use local repo for production env)
    node_repo_remove: true                        # whether remove existing repo
    # local repo url (if method=local, make sure firewall is configured or disabled)
    node_local_repo_url:
      - http://yum.pigsty/pigsty.repo

    # - node packages - #
    node_packages: # common packages for all nodes
      - wget,yum-utils,ntp,chrony,tuned,uuid,lz4,vim-minimal,make,patch,bash,lsof,wget,unzip,git,readline,zlib,openssl
      - numactl,grubby,sysstat,dstat,iotop,bind-utils,net-tools,tcpdump,socat,ipvsadm,telnet,tuned,pv,jq
      - python3,python3-psycopg2,python36-requests,python3-etcd,python3-consul
      - python36-urllib3,python36-idna,python36-pyOpenSSL,python36-cryptography
      - node_exporter,consul,consul-template,etcd,haproxy,keepalived,vip-manager
    node_extra_packages: # extra packages for all nodes
      - patroni,patroni-consul,patroni-etcd,pgbouncer,pgbadger,pg_activity
    node_meta_packages: # packages for meta nodes only
      - grafana,prometheus2,alertmanager,nginx_exporter,blackbox_exporter,pushgateway
      - dnsmasq,nginx,ansible,pgbadger,polysh

    # - node features - #
    node_disable_numa: false                      # disable numa, important for production database, reboot required
    node_disable_swap: false                      # disable swap, important for production database
    node_disable_firewall: true                   # disable firewall (required if using kubernetes)
    node_disable_selinux: true                    # disable selinux  (required if using kubernetes)
    node_static_network: true                     # keep dns resolver settings after reboot
    node_disk_prefetch: false                     # setup disk prefetch on HDD to increase performance

    # - node kernel modules - #
    node_kernel_modules:
      - softdog
      - br_netfilter
      - ip_vs
      - ip_vs_rr
      - ip_vs_rr
      - ip_vs_wrr
      - ip_vs_sh
      - nf_conntrack_ipv4

    # - node tuned - #
    node_tune: tiny                               # install and activate tuned profile: none|oltp|olap|crit|tiny
    node_sysctl_params: # set additional sysctl parameters, k:v format
      net.bridge.bridge-nf-call-iptables: 1       # for kubernetes

    # - node user - #
    node_admin_setup: true                        # setup an default admin user ?
    node_admin_uid: 88                            # uid and gid for admin user
    node_admin_username: admin                    # default admin user
    node_admin_ssh_exchange: true                 # exchange ssh key among cluster ?
    node_admin_pks: # public key list that will be installed
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC7IMAMNavYtWwzAJajKqwdn3ar5BhvcwCnBTxxEkXhGlCO2vfgosSAQMEflfgvkiI5nM1HIFQ8KINlx1XLO7SdL5KdInG5LIJjAFh0pujS4kNCT9a5IGvSq1BrzGqhbEcwWYdju1ZPYBcJm/MG+JD0dYCh8vfrYB/cYMD0SOmNkQ== vagrant@pigsty.com'

    # - node ntp - #
    node_ntp_service: ntp                         # ntp or chrony
    node_ntp_config: true                         # overwrite existing ntp config?
    node_timezone: Asia/Shanghai                  # default node timezone
    node_ntp_servers: # default NTP servers
      - pool cn.pool.ntp.org iburst
      - pool pool.ntp.org iburst
      - pool time.pool.aliyun.com iburst
      - server 10.10.10.10 iburst


    #------------------------------------------------------------------------------
    # META PROVISION
    #------------------------------------------------------------------------------
    # - ca - #
    ca_method: create                             # create|copy|recreate
    ca_subject: "/CN=root-ca"                     # self-signed CA subject
    ca_homedir: /ca                               # ca cert directory
    ca_cert: ca.crt                               # ca public key/cert
    ca_key: ca.key                                # ca private key

    # - nginx - #
    nginx_upstream:
      - { name: consul,        host: c.pigsty, url: "127.0.0.1:8500" }
      - { name: grafana,       host: g.pigsty, url: "127.0.0.1:3000" }
      - { name: prometheus,    host: p.pigsty, url: "127.0.0.1:9090" }
      - { name: alertmanager,  host: a.pigsty, url: "127.0.0.1:9093" }

    # - nameserver - #
    dns_records: # dynamic dns record resolved by dnsmasq
      - 10.10.10.2  pg-meta                       # sandbox vip for pg-meta
      - 10.10.10.3  pg-test                       # sandbox vip for pg-test
      - 10.10.10.10 meta-1                        # sandbox node meta-1 (node-0)
      - 10.10.10.11 node-1                        # sandbox node node-1
      - 10.10.10.12 node-2                        # sandbox node node-2
      - 10.10.10.13 node-3                        # sandbox node node-3
      - 10.10.10.10 pigsty
      - 10.10.10.10 y.pigsty yum.pigsty
      - 10.10.10.10 c.pigsty consul.pigsty
      - 10.10.10.10 g.pigsty grafana.pigsty
      - 10.10.10.10 p.pigsty prometheus.pigsty
      - 10.10.10.10 a.pigsty alertmanager.pigsty
      - 10.10.10.10 n.pigsty ntp.pigsty

    # - prometheus - #
    prometheus_scrape_interval: 2s                # global scrape & evaluation interval (2s for dev, 15s for prod)
    prometheus_scrape_timeout: 1s                 # global scrape timeout (1s for dev, 8s for prod)
    prometheus_metrics_path: /metrics             # default metrics path (only affect job 'pg')
    prometheus_data_dir: /export/prometheus/data  # prometheus data dir
    prometheus_retention: 30d                     # how long to keep

    # - grafana - #
    grafana_url: http://10.10.10.10:3000           # grafana url
    grafana_admin_password: admin                  # default grafana admin user password
    grafana_plugin: install                        # none|install|reinstall
    grafana_cache: /www/pigsty/grafana/plugins.tar.gz # path to grafana plugins tarball
    grafana_provision_mode: db                     # none|db|api
    grafana_plugins: # default grafana plugins list
      - redis-datasource
      - simpod-json-datasource
      - fifemon-graphql-datasource
      - sbueringer-consul-datasource
      - camptocamp-prometheus-alertmanager-datasource
      - ryantxu-ajax-panel
      - marcusolsson-hourly-heatmap-panel
      - michaeldmoore-multistat-panel
      - marcusolsson-treemap-panel
      - pr0ps-trackmap-panel
      - dalvany-image-panel
      - magnesium-wordcloud-panel
      - cloudspout-button-panel
      - speakyourcode-button-panel
      - jdbranham-diagram-panel
      - grafana-piechart-panel
      - snuids-radar-panel
      - digrich-bubblechart-panel

    grafana_git_plugins:
      - https://github.com/Vonng/grafana-echarts
    # grafana_dashboards: []                       # default dashboards (use role default)



    #------------------------------------------------------------------------------
    # DCS PROVISION
    #------------------------------------------------------------------------------
    dcs_type: consul                              # consul | etcd | both
    dcs_name: pigsty                              # consul dc name | etcd initial cluster token
    # dcs server dict in name:ip format
    dcs_servers:
      meta-1: 10.10.10.10                         # you could use existing dcs cluster
      # meta-2: 10.10.10.11                       # host which have their IP listed here will be init as server
      # meta-3: 10.10.10.12                       # 3 or 5 dcs nodes are recommend for production environment

    dcs_exists_action: skip                       # abort|skip|clean if dcs server already exists
    consul_data_dir: /var/lib/consul              # consul data dir (/var/lib/consul by default)
    etcd_data_dir: /var/lib/etcd                  # etcd data dir (/var/lib/consul by default)


    #------------------------------------------------------------------------------
    # POSTGRES INSTALLATION
    #------------------------------------------------------------------------------
    # - dbsu - #
    pg_dbsu: postgres                             # os user for database, postgres by default (change it is not recommended!)
    pg_dbsu_uid: 26                               # os dbsu uid and gid, 26 for default postgres users and groups
    pg_dbsu_sudo: limit                           # none|limit|all|nopass (Privilege for dbsu, limit is recommended)
    pg_dbsu_home: /var/lib/pgsql                  # postgresql binary
    pg_dbsu_ssh_exchange: false                   # exchange ssh key among same cluster

    # - postgres packages - #
    pg_version: 12                                # default postgresql version
    pgdg_repo: false                              # use official pgdg yum repo (disable if you have local mirror)
    pg_add_repo: false                            # add postgres related repo before install (useful if you want a simple install)
    pg_bin_dir: /usr/pgsql/bin                    # postgres binary dir
    pg_packages:
      - postgresql${pg_version}*
      - postgis31_${pg_version}*
      - pgbouncer patroni pg_exporter pgbadger
      - patroni patroni-consul patroni-etcd pgbouncer pgbadger pg_activity
      - python3 python3-psycopg2 python36-requests python3-etcd python3-consul
      - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography

    pg_extensions:
      - pg_qualstats${pg_version} pg_stat_kcache${pg_version} wal2json${pg_version}
      # - ogr_fdw${pg_version} mysql_fdw_${pg_version} redis_fdw_${pg_version} mongo_fdw${pg_version} hdfs_fdw_${pg_version}
      # - count_distinct${version}  ddlx_${version}  geoip${version}  orafce${version}                                   # popular features
      # - hypopg_${version}  ip4r${version}  jsquery_${version}  logerrors_${version}  periods_${version}  pg_auto_failover_${version}  pg_catcheck${version}
      # - pg_fkpart${version}  pg_jobmon${version}  pg_partman${version}  pg_prioritize_${version}  pg_track_settings${version}  pgaudit15_${version}
      # - pgcryptokey${version}  pgexportdoc${version}  pgimportdoc${version}  pgmemcache-${version}  pgmp${version}  pgq-${version}  pgquarrel pgrouting_${version}
      # - pguint${version}  pguri${version}  prefix${version}   safeupdate_${version}  semver${version}   table_version${version}  tdigest${version}



    #------------------------------------------------------------------------------
    # POSTGRES CLUSTER PROVISION
    #------------------------------------------------------------------------------
    # - identity - #
    # pg_cluster:                                 # [REQUIRED] cluster name (validated during pg_preflight)
    # pg_seq: 0                                   # [REQUIRED] instance seq (validated during pg_preflight)
    # pg_role: replica                            # [REQUIRED] service role (validated during pg_preflight)
    pg_hostname: false                            # overwrite node hostname with pg instance name
    pg_nodename: true                             # overwrite consul nodename with pg instance name

    # - retention - #
    # pg_exists_action, available options: abort|clean|skip
    #  - abort: abort entire play's execution (default)
    #  - clean: remove existing cluster (dangerous)
    #  - skip: end current play for this host
    # pg_exists: false                            # auxiliary flag variable (DO NOT SET THIS)
    pg_exists_action: clean

    # - storage - #
    pg_data: /pg/data                             # postgres data directory
    pg_fs_main: /export                           # data disk mount point     /pg -> {{ pg_fs_main }}/postgres/{{ pg_instance }}
    pg_fs_bkup: /var/backups                      # backup disk mount point   /pg/* -> {{ pg_fs_bkup }}/postgres/{{ pg_instance }}/*

    # - connection - #
    pg_listen: '0.0.0.0'                          # postgres listen address, '0.0.0.0' by default (all ipv4 addr)
    pg_port: 5432                                 # postgres port (5432 by default)

    # - patroni - #
    # patroni_mode, available options: default|pause|remove
    #   - default: default ha mode
    #   - pause:   into maintenance mode
    #   - remove:  remove patroni after bootstrap
    patroni_mode: default                         # pause|default|remove
    pg_namespace: /pg                             # top level key namespace in dcs
    patroni_port: 8008                            # default patroni port
    patroni_watchdog_mode: automatic              # watchdog mode: off|automatic|required

    # - template - #
    pg_conf: tiny.yml                             # user provided patroni config template path
    pg_init: initdb.sh                            # user provided post-init script path, default: initdb.sh

    # - authentication - #
    pg_hba_common:
      - '"# allow: meta node access with password"'
      - host    all     all                         10.10.10.10/32      md5
      - '"# allow: intranet admin role with password"'
      - host    all     +dbrole_admin               10.0.0.0/8          md5
      - host    all     +dbrole_admin               172.16.0.0/12       md5
      - host    all     +dbrole_admin               192.168.0.0/16      md5
      - '"# allow local (pgbouncer) read-write user (production user) password access"'
      - local   all     +dbrole_readwrite                               md5
      - host    all     +dbrole_readwrite           127.0.0.1/32        md5
      - '"# intranet common user password access"'
      - host    all             all                 10.0.0.0/8          md5
      - host    all             all                 172.16.0.0/12       md5
      - host    all             all                 192.168.0.0/16      md5
    pg_hba_primary: [ ]
    pg_hba_replica:
      - '"# allow remote readonly user (stats, personal user) password access (directly)"'
      - local   all     +dbrole_readonly                               md5
      - host    all     +dbrole_readonly           127.0.0.1/32        md5
    # this hba is added directly to /etc/pgbouncer/pgb_hba.conf instead of patroni conf
    pg_hba_pgbouncer:
      - '# biz_user intranet password access'
      - local  all          all                                     md5
      - host   all          all                     127.0.0.1/32    md5
      - host   all          all                     10.0.0.0/8      md5
      - host   all          all                     172.16.0.0/12   md5
      - host   all          all                     192.168.0.0/16  md5

    # - credential - #
    pg_dbsu_password: ''                          # dbsu password (leaving blank will disable sa password login)
    pg_replication_username: replicator           # replication user
    pg_replication_password: replicator           # replication password
    pg_monitor_username: dbuser_monitor           # monitor user
    pg_monitor_password: dbuser_monitor           # monitor password

    # - default - #
    # pg_default_username: postgres               # non 'postgres' will create a default admin user (not superuser)
    # pg_default_password: postgres               # dbsu password, omit for 'postgres'
    # pg_default_database: postgres               # non 'postgres' will create a default database
    pg_default_schema: public                     # default schema will be create under default database and used as first element of search_path
    pg_default_extensions: "tablefunc,postgres_fdw,file_fdw,btree_gist,btree_gin,pg_trgm"

    # - pgbouncer - #
    pgbouncer_port: 6432                          # default pgbouncer port
    pgbouncer_poolmode: transaction               # default pooling mode: transaction pooling
    pgbouncer_max_db_conn: 100                    # important! do not set this larger than postgres max conn or conn limit


    #------------------------------------------------------------------------------
    # MONITOR PROVISION
    #------------------------------------------------------------------------------
    # - monitor options -
    node_exporter_port: 9100                      # default port for node exporter
    pg_exporter_port: 9630                        # default port for pg exporter
    pgbouncer_exporter_port: 9631                 # default port for pgbouncer exporter
    exporter_metrics_path: /metrics               # default metric path for pg related exporter


    #------------------------------------------------------------------------------
    # PROXY PROVISION
    #------------------------------------------------------------------------------
    # - vip - #
    vip_enabled: true                             # level2 vip requires primary/standby under same switch
    # vip_address: 127.0.0.1                      # virtual ip address ip/cidr
    # vip_cidrmask: 32                            # virtual ip address cidr mask
    # vip_interface: eth0                         # virtual ip network interface

    # - haproxy - #
    haproxy_enabled: true                         # enable haproxy among every cluster members
    haproxy_policy: leastconn                     # roundrobin, leastconn
    haproxy_admin_username: admin                 # default haproxy admin username
    haproxy_admin_password: admin                 # default haproxy admin password
    haproxy_client_timeout: 3h                    # client side connection timeout
    haproxy_server_timeout: 3h                    # server side connection timeout
    haproxy_exporter_port: 9101                   # default admin/exporter port
    haproxy_check_port: 8008                      # default health check port (patroni 8008 by default)
    haproxy_primary_port: 5433                   # default primary port 5433
    haproxy_replica_port: 5434                   # default replica port 5434
    haproxy_backend_port: 6432                   # default target port: pgbouncer:6432 postgres:5432



...

Customize

There are two ways to customize pigsty besides of variables, which are patroni template and initdb template

Patroni Template

For the sake of unification, Pigsty use patroni for cluster bootstrap even if you choose not enabling it at all. So you can customize your database cluster with patroni configuration.

Pigsty is shipped with four pre-defined patroni templates/

oltp.yml Common OTLP database cluster, default configuration
olap.yml OLAP database cluster, increasing throughput and long-run queries
crit.yml Critical database cluster which values security and intergity more than availability
tiny.yml Tiny database cluster that runs on small or virtual machine. Which is default for this demo

You can customize those templates or just write your own, and specify template path with variable pg_conf

Initdb Template

When database cluster is initialized. there’s a chance that user can intercede. E.g: create default roles and users, schemas, privilleges and so forth.

Pigsty will use ../roles/postgres/templates/initdb.sh as the default initdb scripts. It is a shell scripts run as dbsu that can do anything to a newly bootstrapped database.

The default initdb scripts will customize database according to following variables:

pg_default_username: postgres                 # non 'postgres' will create a default admin user (not superuser)
pg_default_password: postgres                 # dbsu password, omit for 'postgres'
pg_default_database: postgres                 # non 'postgres' will create a default database
pg_default_schema: public                     # default schema will be create under default database and used as first element of search_path
pg_default_extensions: "tablefunc,postgres_fdw,file_fdw,btree_gist,btree_gin,pg_trgm"

Of course, you can customize initdb template or just write your own. and specify template path with variable pg_init

Pigsty配置指南

Pigsty的配置通过200+个参数定义了一套数据库基础设施，以及多个数据库集群，是项目的灵魂所在。

太长不看

配置文件采用YAML格式的Ansible Inventory ，默认将所有机器与配置参数都定义在同一配置文件中。
配置文件分为两大部分：全局变量定义，以及数据库集群定义。
全局变量定义all.vars包含整个环境统一使用的配置，通常生产环境，开发环境等不同环境会有自己的一套配置。
数据库集群定义all.children使用Ansible群组语法，每个数据库集群单独定义一个群组，特殊群组meta下的机器标记为中控机
每个数据库集群/分组可以带有自己的变量，群组变量会覆盖全局变量，例如默认数据库名、用户名的定制可以使用群组变量。
每个数据库集群包含至少一个主机，每个主机只能隶属于一个数据库集群，但中控机分组下的机器可以同时隶属于普通数据库群组。
每个数据库集群必须包含一个且仅包含一个主库（主机变量 pg_role=primary）
每个数据库实例必须带有三个变量：集群名pg_cluster，实例角色pg_role，实例序号：pg_seq。
变量优先级：命令行变量 > 主机变量 > 群组变量 > 全局变量 > 默认变量

集群清单

集群清单定义了系统需要管理的数据库实例，一个数据库集群所需的最少信息包括：

外部IP地址（或其他连接信息）
集群名称pg_cluster，遵循DNS命名标准，只包含小写字母，数字和-
实例标号pg_seq，实例标号为非负整数，必须在集群范围内唯一，通常建议从0开始依次分配。
实例角色pg_role，实例角色必须为primary 或 replica，一个数据库集群中有且仅能有一个主库。
其它变量，可以按照需求在主机或群组级别配置，并覆盖全局配置与默认配置。

集群清单也可以按照Ansible标准使用ini格式（不推荐），如下所示。

[pg-test]
10.10.10.11 pg_role=primary pg_seq=1
10.10.10.12 pg_role=replica pg_seq=2
10.10.10.13 pg_role=replica pg_seq=3

[pg-test:vars]
pg_cluster = pg-test
pg_version = 12

全局变量定义

全局变量默认定义于all.vars，也可以遵循ansible标准使用通过其他方式定义。

全局变量旨在针对一套环境配置统一的默认选项。针对不同的环境（开发，测试，生产），可以使用不同的全局变量。

全局变量针对所有机器生效，当用户希望使用统一的配置时，例如在所有机器上配置相同的 DNS，NTP Server，安装相同的软件包，使用统一的su密码时，可以修改全局变量。

全局变量定义分为8个部分，具体的配置项请参阅文档

连接信息
本地源定义
机器节点初始化
控制节点初始化
DCS元数据库初始化
Postgres安装
Postgres集群初始化
监控初始化
负载均衡代理初始化

单节点最小化配置样例

下面的例子定义了一个仅包含一个节点的环境。

---
######################################################################
# File      :   min.yml
# Path      :   inventory/min.yml
# Desc      :   Configuration file for (min)imal environment
# Note      :   follow ansible inventory file format
# Ctime     :   2020-09-22
# Mtime     :   2020-09-22
# Copyright (C) 2019-2020 Ruohang Feng
######################################################################


######################################################################
#                  Minimal Environment Inventory                     #
######################################################################
all: # top-level namespace, match all hosts


  #==================================================================#
  #                           Clusters                               #
  #==================================================================#
  children: # top-level groups, one group per database cluster (and special group 'meta')

    #-----------------------------
    # meta controller
    #-----------------------------
    meta: # special group 'meta' defines the main controller machine
      vars:
        meta_node: true                     # mark node as meta controller
        ansible_group_priority: 99          # meta group is top priority

      # nodes in meta group (1-3)
      hosts:
        10.10.10.10:                        # meta node IP ADDRESS
        ansible_host: meta                  # comment this if not access via ssh alias

    #-----------------------------
    # cluster: pg-meta
    #-----------------------------
    pg-meta:
      # - cluster configs - #
      vars:
        pg_cluster: pg-meta                 # define actual cluster name
        pg_version: 12                      # define installed pgsql version
        pg_default_username: meta           # default business username
        pg_default_password: meta           # default business password
        pg_default_database: meta           # default database name
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.2             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip

  #==================================================================#
  #                           Globals                                #
  #==================================================================#
  vars:
    proxy_env: # global proxy env when downloading packages
      no_proxy: "localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16,*.pigsty,*.aliyun.com"



...

沙箱环境配置文件 (vagrant)

---
######################################################################
# File      :   dev.yml
# Path      :   inventory/dev.yml
# Desc      :   Configuration file for development (demo) environment
# Note      :   follow ansible inventory file format
# Ctime     :   2020-09-22
# Mtime     :   2020-09-22
# Copyright (C) 2019-2020 Ruohang Feng
######################################################################


######################################################################
#               Development Environment Inventory                    #
######################################################################
all: # top-level namespace, match all hosts


  #==================================================================#
  #                           Clusters                               #
  #==================================================================#
  children: # top-level groups, one group per database cluster (and special group 'meta')

    #-----------------------------
    # meta controller
    #-----------------------------
    meta: # special group 'meta' defines the main controller machine
      vars:
        meta_node: true                     # mark node as meta controller
        ansible_group_priority: 99          # meta group is top priority

      # nodes in meta group (1-3)
      hosts:
        10.10.10.10: # meta node IP ADDRESS
          ansible_host: meta                # comment this if not access via ssh alias


    #-----------------------------
    # cluster: pg-meta
    #-----------------------------
    pg-meta:

      # - cluster configs - #
      vars:
        # basic settings
        pg_cluster: pg-meta                 # define actual cluster name
        pg_version: 13                      # define installed pgsql version
        node_tune: oltp                     # tune node into oltp|olap|crit|tiny mode
        pg_conf: oltp.yml                   # tune pgsql into oltp/olap/crit/tiny mode

        # misc
        patroni_mode: pause                 # enter maintenance mode, {default|pause|remove}
        patroni_watchdog_mode: off          # disable watchdog (require|automatic|off)
        pg_hostname: false                  # overwrite node hostname with pg instance name
        pg_nodename: true                   # overwrite consul nodename with pg instance name

        # bootstrap template
        pg_init: initdb.sh                  # bootstrap postgres cluster with initdb.sh
        pg_default_username: meta           # default business username
        pg_default_password: meta           # default business password
        pg_default_database: meta           # default database name

        # vip settings
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.2             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip

      # - cluster members - #
      hosts:
        10.10.10.10:
          ansible_host: meta              # comment this if not access via ssh alias
          pg_role: primary                # initial role: primary & replica
          pg_seq: 1                       # instance sequence among cluster


    #-----------------------------
    # cluster: pg-test
    #-----------------------------
    pg-test: # define cluster named 'pg-test'

      # - cluster configs - #
      vars:
        # basic settings
        pg_cluster: pg-test                 # define actual cluster name
        pg_version: 13                      # define installed pgsql version
        node_tune: tiny                     # tune node into oltp|olap|crit|tiny mode
        pg_conf: tiny.yml                   # tune pgsql into oltp/olap/crit/tiny mode

        # bootstrap template
        pg_init: initdb.sh                  # bootstrap postgres cluster with initdb.sh
        pg_default_username: test           # default business username
        pg_default_password: test           # default business password
        pg_default_database: test           # default database name

        # vip settings
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.3             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip


      # - cluster members - #
      hosts:
        10.10.10.11:
          ansible_host: node-1            # comment this if not access via ssh alias
          pg_role: primary                # initial role: primary & replica
          pg_seq: 1                       # instance sequence among cluster

        10.10.10.12:
          ansible_host: node-2            # comment this if not access via ssh alias
          pg_role: replica                # initial role: primary & replica
          pg_seq: 2                       # instance sequence among cluster

        10.10.10.13:
          ansible_host: node-3            # comment this if not access via ssh alias
          pg_role: replica                # initial role: primary & replica
          pg_seq: 3                       # instance sequence among cluster



  #==================================================================#
  #                           Globals                                #
  #==================================================================#
  vars:

    #------------------------------------------------------------------------------
    # CONNECTION PARAMETERS
    #------------------------------------------------------------------------------
    # this section defines connection parameters

    # ansible_user: vagrant             # admin user with ssh access and sudo privilege

    proxy_env: # global proxy env when downloading packages
      no_proxy: "localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16,*.pigsty,*.aliyun.com"

    #------------------------------------------------------------------------------
    # REPO PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to build a local repo

    repo_enabled: true                            # build local yum repo on meta nodes?
    repo_name: pigsty                             # local repo name
    repo_address: yum.pigsty                      # repo external address (ip:port or url)
    repo_port: 80                                 # listen address, must same as repo_address
    repo_home: /www                               # default repo dir location
    repo_rebuild: false                           # force re-download packages
    repo_remove: true                             # remove existing repos

    # - where to download - #
    repo_upstreams:
      - name: base
        description: CentOS-$releasever - Base - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: updates
        description: CentOS-$releasever - Updates - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: extras
        description: CentOS-$releasever - Extras - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: epel
        description: CentOS $releasever - EPEL - Aliyun Mirror
        baseurl: http://mirrors.aliyun.com/epel/$releasever/$basearch
        gpgcheck: no
        failovermethod: priority

      - name: grafana
        description: Grafana - TsingHua Mirror
        gpgcheck: no
        baseurl: https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm

      - name: prometheus
        description: Prometheus and exporters
        gpgcheck: no
        baseurl: https://packagecloud.io/prometheus-rpm/release/el/$releasever/$basearch

      - name: pgdg-common
        description: PostgreSQL common RPMs for RHEL/CentOS $releasever - $basearch
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-$releasever-$basearch

      - name: pgdg13
        description: PostgreSQL 13 for RHEL/CentOS $releasever - $basearch - Updates testing
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch

      - name: centos-sclo
        description: CentOS-$releasever - SCLo
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-sclo

      - name: centos-sclo-rh
        description: CentOS-$releasever - SCLo rh
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-rh

      - name: nginx
        description: Nginx Official Yum Repo
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: http://nginx.org/packages/centos/$releasever/$basearch/

      - name: haproxy
        description: Copr repo for haproxy
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: https://download.copr.fedorainfracloud.org/results/roidelapluie/haproxy/epel-$releasever-$basearch/

    # - what to download - #
    repo_packages:
      # repo bootstrap packages
      - epel-release nginx wget yum-utils yum createrepo                                      # bootstrap packages

      # node basic packages
      - ntp chrony uuid lz4 nc pv jq vim-enhanced make patch bash lsof wget unzip git tuned   # basic system util
      - readline zlib openssl libyaml libxml2 libxslt perl-ExtUtils-Embed ca-certificates     # basic pg dependency
      - numactl grubby sysstat dstat iotop bind-utils net-tools tcpdump socat ipvsadm telnet  # system utils

      # dcs & monitor packages
      - grafana prometheus2 pushgateway alertmanager                                          # monitor and ui
      - node_exporter postgres_exporter nginx_exporter blackbox_exporter                      # exporter
      - consul consul_exporter consul-template etcd                                           # dcs

      # python3 dependencies
      - ansible python python-pip python-psycopg2                                             # ansible & python
      - python3 python3-psycopg2 python36-requests python3-etcd python3-consul                # python3
      - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography               # python3 patroni extra deps

      # proxy and load balancer
      - haproxy keepalived dnsmasq                                                            # proxy and dns

      # postgres common Packages
      - patroni patroni-consul patroni-etcd pgbouncer pg_cli pgbadger pg_activity             # major components
      - pgcenter boxinfo check_postgres emaj pgbconsole pg_bloat_check pgquarrel              # other common utils
      - barman barman-cli pgloader pgFormatter pitrery pspg pgxnclient PyGreSQL pgadmin4

      # postgres 13 packages
      - postgresql13* postgis31*                                                              # postgres 13 and postgis 31
      - pg_qualstats13 pg_stat_kcache13 system_stats_13 bgw_replstatus13                      # stats extensions
      - plr13 plsh13 plpgsql_check_13 pldebugger13                                            # pl extensions
      - hdfs_fdw_13 mongo_fdw13 mysql_fdw_13 ogr_fdw13 redis_fdw_13                           # FDW extensions
      - wal2json13 count_distinct13 ddlx_13 geoip13 orafce13                                  # other extensions
      - hypopg_13 ip4r13 jsquery_13 logerrors_13 periods_13 pg_auto_failover_13 pg_catcheck13
      - pg_fkpart13 pg_jobmon13 pg_partman13 pg_prioritize_13 pg_track_settings13 pgaudit15_13
      - pgcryptokey13 pgexportdoc13 pgimportdoc13 pgmemcache-13 pgmp13 pgq-13 # pgrouting_13
      - pguint13 pguri13 prefix13  safeupdate_13 semver13  table_version13 tdigest13

      # Postgres 12 Packages
      # - postgresql12* postgis30_12* timescaledb_12 citus_12 pglogical_12                    # postgres 12 basic
      # - pg_qualstats12 pg_cron_12 pg_repack12 pg_squeeze12 pg_stat_kcache12 wal2json12 pgpool-II-12 pgpool-II-12-extensions python3-psycopg2 python2-psycopg2
      # - ddlx_12 bgw_replstatus12 count_distinct12 extra_window_functions_12 geoip12 hll_12 hypopg_12 ip4r12 jsquery_12 multicorn12 osm_fdw12 mysql_fdw_12 ogr_fdw12 mongo_fdw12 hdfs_fdw_12 cstore_fdw_12 wal2mongo12 orafce12 pagila12 pam-pgsql12 passwordcheck_cracklib12 periods_12 pg_auto_failover_12 pg_bulkload12 pg_catcheck12 pg_comparator12 pg_filedump12 pg_fkpart12 pg_jobmon12 pg_partman12 pg_pathman12 pg_track_settings12 pg_wait_sampling_12 pgagent_12 pgaudit14_12 pgauditlogtofile-12 pgbconsole12 pgcryptokey12 pgexportdoc12 pgfincore12 pgimportdoc12 pgmemcache-12 pgmp12 pgq-12 pgrouting_12 pgtap12 plpgsql_check_12 plr12 plsh12 postgresql_anonymizer12 postgresql-unit12 powa_12 prefix12 repmgr12 safeupdate_12 semver12 slony1-12 sqlite_fdw12 sslutils_12 system_stats_12 table_version12 topn_12

    repo_url_packages:
      - https://github.com/Vonng/pg_exporter/releases/download/v0.2.0/pg_exporter-0.2.0-1.el7.x86_64.rpm
      - https://github.com/cybertec-postgresql/vip-manager/releases/download/v0.6/vip-manager_0.6-1_amd64.rpm
      - http://guichaz.free.fr/polysh/files/polysh-0.4-1.noarch.rpm





    #------------------------------------------------------------------------------
    # NODE PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to provision nodes

    # - node dns - #
    node_dns_hosts: # static dns records in /etc/hosts
      - 10.10.10.10 yum.pigsty
    node_dns_server: add                          # add (default) | none (skip) | overwrite (remove old settings)
    node_dns_servers: # dynamic nameserver in /etc/resolv.conf
      - 10.10.10.10
    node_dns_options: # dns resolv options
      - options single-request-reopen timeout:1 rotate
      - domain service.consul

    # - node repo - #
    node_repo_method: local                       # none|local|public (use local repo for production env)
    node_repo_remove: true                        # whether remove existing repo
    # local repo url (if method=local, make sure firewall is configured or disabled)
    node_local_repo_url:
      - http://yum.pigsty/pigsty.repo

    # - node packages - #
    node_packages: # common packages for all nodes
      - wget,yum-utils,ntp,chrony,tuned,uuid,lz4,vim-minimal,make,patch,bash,lsof,wget,unzip,git,readline,zlib,openssl
      - numactl,grubby,sysstat,dstat,iotop,bind-utils,net-tools,tcpdump,socat,ipvsadm,telnet,tuned,pv,jq
      - python3,python3-psycopg2,python36-requests,python3-etcd,python3-consul
      - python36-urllib3,python36-idna,python36-pyOpenSSL,python36-cryptography
      - node_exporter,consul,consul-template,etcd,haproxy,keepalived,vip-manager
    node_extra_packages: # extra packages for all nodes
      - patroni,patroni-consul,patroni-etcd,pgbouncer,pgbadger,pg_activity
    node_meta_packages: # packages for meta nodes only
      - grafana,prometheus2,alertmanager,nginx_exporter,blackbox_exporter,pushgateway
      - dnsmasq,nginx,ansible,pgbadger,polysh

    # - node features - #
    node_disable_numa: false                      # disable numa, important for production database, reboot required
    node_disable_swap: false                      # disable swap, important for production database
    node_disable_firewall: true                   # disable firewall (required if using kubernetes)
    node_disable_selinux: true                    # disable selinux  (required if using kubernetes)
    node_static_network: true                     # keep dns resolver settings after reboot
    node_disk_prefetch: false                     # setup disk prefetch on HDD to increase performance

    # - node kernel modules - #
    node_kernel_modules:
      - softdog
      - br_netfilter
      - ip_vs
      - ip_vs_rr
      - ip_vs_rr
      - ip_vs_wrr
      - ip_vs_sh
      - nf_conntrack_ipv4

    # - node tuned - #
    node_tune: tiny                               # install and activate tuned profile: none|oltp|olap|crit|tiny
    node_sysctl_params: # set additional sysctl parameters, k:v format
      net.bridge.bridge-nf-call-iptables: 1       # for kubernetes

    # - node user - #
    node_admin_setup: true                        # setup an default admin user ?
    node_admin_uid: 88                            # uid and gid for admin user
    node_admin_username: admin                    # default admin user
    node_admin_ssh_exchange: true                 # exchange ssh key among cluster ?
    node_admin_pks: # public key list that will be installed
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC7IMAMNavYtWwzAJajKqwdn3ar5BhvcwCnBTxxEkXhGlCO2vfgosSAQMEflfgvkiI5nM1HIFQ8KINlx1XLO7SdL5KdInG5LIJjAFh0pujS4kNCT9a5IGvSq1BrzGqhbEcwWYdju1ZPYBcJm/MG+JD0dYCh8vfrYB/cYMD0SOmNkQ== vagrant@pigsty.com'

    # - node ntp - #
    node_ntp_service: ntp                         # ntp or chrony
    node_ntp_config: true                         # overwrite existing ntp config?
    node_timezone: Asia/Shanghai                  # default node timezone
    node_ntp_servers: # default NTP servers
      - pool cn.pool.ntp.org iburst
      - pool pool.ntp.org iburst
      - pool time.pool.aliyun.com iburst
      - server 10.10.10.10 iburst


    #------------------------------------------------------------------------------
    # META PROVISION
    #------------------------------------------------------------------------------
    # - ca - #
    ca_method: create                             # create|copy|recreate
    ca_subject: "/CN=root-ca"                     # self-signed CA subject
    ca_homedir: /ca                               # ca cert directory
    ca_cert: ca.crt                               # ca public key/cert
    ca_key: ca.key                                # ca private key

    # - nginx - #
    nginx_upstream:
      - { name: consul,        host: c.pigsty, url: "127.0.0.1:8500" }
      - { name: grafana,       host: g.pigsty, url: "127.0.0.1:3000" }
      - { name: prometheus,    host: p.pigsty, url: "127.0.0.1:9090" }
      - { name: alertmanager,  host: a.pigsty, url: "127.0.0.1:9093" }

    # - nameserver - #
    dns_records: # dynamic dns record resolved by dnsmasq
      - 10.10.10.2  pg-meta                       # sandbox vip for pg-meta
      - 10.10.10.3  pg-test                       # sandbox vip for pg-test
      - 10.10.10.10 meta-1                        # sandbox node meta-1 (node-0)
      - 10.10.10.11 node-1                        # sandbox node node-1
      - 10.10.10.12 node-2                        # sandbox node node-2
      - 10.10.10.13 node-3                        # sandbox node node-3
      - 10.10.10.10 pigsty
      - 10.10.10.10 y.pigsty yum.pigsty
      - 10.10.10.10 c.pigsty consul.pigsty
      - 10.10.10.10 g.pigsty grafana.pigsty
      - 10.10.10.10 p.pigsty prometheus.pigsty
      - 10.10.10.10 a.pigsty alertmanager.pigsty
      - 10.10.10.10 n.pigsty ntp.pigsty

    # - prometheus - #
    prometheus_scrape_interval: 2s                # global scrape & evaluation interval (2s for dev, 15s for prod)
    prometheus_scrape_timeout: 1s                 # global scrape timeout (1s for dev, 8s for prod)
    prometheus_metrics_path: /metrics             # default metrics path (only affect job 'pg')
    prometheus_data_dir: /export/prometheus/data  # prometheus data dir
    prometheus_retention: 30d                     # how long to keep

    # - grafana - #
    grafana_url: http://10.10.10.10:3000           # grafana url
    grafana_admin_password: admin                  # default grafana admin user password
    grafana_plugin: install                        # none|install|reinstall
    grafana_cache: /www/pigsty/grafana/plugins.tar.gz # path to grafana plugins tarball
    grafana_provision_mode: db                     # none|db|api
    grafana_plugins: # default grafana plugins list
      - redis-datasource
      - simpod-json-datasource
      - fifemon-graphql-datasource
      - sbueringer-consul-datasource
      - camptocamp-prometheus-alertmanager-datasource
      - ryantxu-ajax-panel
      - marcusolsson-hourly-heatmap-panel
      - michaeldmoore-multistat-panel
      - marcusolsson-treemap-panel
      - pr0ps-trackmap-panel
      - dalvany-image-panel
      - magnesium-wordcloud-panel
      - cloudspout-button-panel
      - speakyourcode-button-panel
      - jdbranham-diagram-panel
      - grafana-piechart-panel
      - snuids-radar-panel
      - digrich-bubblechart-panel

    grafana_git_plugins:
      - https://github.com/Vonng/grafana-echarts
    # grafana_dashboards: []                       # default dashboards (use role default)



    #------------------------------------------------------------------------------
    # DCS PROVISION
    #------------------------------------------------------------------------------
    dcs_type: consul                              # consul | etcd | both
    dcs_name: pigsty                              # consul dc name | etcd initial cluster token
    # dcs server dict in name:ip format
    dcs_servers:
      meta-1: 10.10.10.10                         # you could use existing dcs cluster
      # meta-2: 10.10.10.11                       # host which have their IP listed here will be init as server
      # meta-3: 10.10.10.12                       # 3 or 5 dcs nodes are recommend for production environment

    dcs_exists_action: skip                       # abort|skip|clean if dcs server already exists
    consul_data_dir: /var/lib/consul              # consul data dir (/var/lib/consul by default)
    etcd_data_dir: /var/lib/etcd                  # etcd data dir (/var/lib/consul by default)


    #------------------------------------------------------------------------------
    # POSTGRES INSTALLATION
    #------------------------------------------------------------------------------
    # - dbsu - #
    pg_dbsu: postgres                             # os user for database, postgres by default (change it is not recommended!)
    pg_dbsu_uid: 26                               # os dbsu uid and gid, 26 for default postgres users and groups
    pg_dbsu_sudo: limit                           # none|limit|all|nopass (Privilege for dbsu, limit is recommended)
    pg_dbsu_home: /var/lib/pgsql                  # postgresql binary
    pg_dbsu_ssh_exchange: false                   # exchange ssh key among same cluster

    # - postgres packages - #
    pg_version: 12                                # default postgresql version
    pgdg_repo: false                              # use official pgdg yum repo (disable if you have local mirror)
    pg_add_repo: false                            # add postgres related repo before install (useful if you want a simple install)
    pg_bin_dir: /usr/pgsql/bin                    # postgres binary dir
    pg_packages:
      - postgresql${pg_version}*
      - postgis31_${pg_version}*
      - pgbouncer patroni pg_exporter pgbadger
      - patroni patroni-consul patroni-etcd pgbouncer pgbadger pg_activity
      - python3 python3-psycopg2 python36-requests python3-etcd python3-consul
      - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography

    pg_extensions:
      - pg_qualstats${pg_version} pg_stat_kcache${pg_version} wal2json${pg_version}
      # - ogr_fdw${pg_version} mysql_fdw_${pg_version} redis_fdw_${pg_version} mongo_fdw${pg_version} hdfs_fdw_${pg_version}
      # - count_distinct${version}  ddlx_${version}  geoip${version}  orafce${version}                                   # popular features
      # - hypopg_${version}  ip4r${version}  jsquery_${version}  logerrors_${version}  periods_${version}  pg_auto_failover_${version}  pg_catcheck${version}
      # - pg_fkpart${version}  pg_jobmon${version}  pg_partman${version}  pg_prioritize_${version}  pg_track_settings${version}  pgaudit15_${version}
      # - pgcryptokey${version}  pgexportdoc${version}  pgimportdoc${version}  pgmemcache-${version}  pgmp${version}  pgq-${version}  pgquarrel pgrouting_${version}
      # - pguint${version}  pguri${version}  prefix${version}   safeupdate_${version}  semver${version}   table_version${version}  tdigest${version}



    #------------------------------------------------------------------------------
    # POSTGRES CLUSTER PROVISION
    #------------------------------------------------------------------------------
    # - identity - #
    # pg_cluster:                                 # [REQUIRED] cluster name (validated during pg_preflight)
    # pg_seq: 0                                   # [REQUIRED] instance seq (validated during pg_preflight)
    # pg_role: replica                            # [REQUIRED] service role (validated during pg_preflight)
    pg_hostname: false                            # overwrite node hostname with pg instance name
    pg_nodename: true                             # overwrite consul nodename with pg instance name

    # - retention - #
    # pg_exists_action, available options: abort|clean|skip
    #  - abort: abort entire play's execution (default)
    #  - clean: remove existing cluster (dangerous)
    #  - skip: end current play for this host
    # pg_exists: false                            # auxiliary flag variable (DO NOT SET THIS)
    pg_exists_action: clean

    # - storage - #
    pg_data: /pg/data                             # postgres data directory
    pg_fs_main: /export                           # data disk mount point     /pg -> {{ pg_fs_main }}/postgres/{{ pg_instance }}
    pg_fs_bkup: /var/backups                      # backup disk mount point   /pg/* -> {{ pg_fs_bkup }}/postgres/{{ pg_instance }}/*

    # - connection - #
    pg_listen: '0.0.0.0'                          # postgres listen address, '0.0.0.0' by default (all ipv4 addr)
    pg_port: 5432                                 # postgres port (5432 by default)

    # - patroni - #
    # patroni_mode, available options: default|pause|remove
    #   - default: default ha mode
    #   - pause:   into maintenance mode
    #   - remove:  remove patroni after bootstrap
    patroni_mode: default                         # pause|default|remove
    pg_namespace: /pg                             # top level key namespace in dcs
    patroni_port: 8008                            # default patroni port
    patroni_watchdog_mode: automatic              # watchdog mode: off|automatic|required

    # - template - #
    pg_conf: tiny.yml                             # user provided patroni config template path
    pg_init: initdb.sh                            # user provided post-init script path, default: initdb.sh

    # - authentication - #
    pg_hba_common:
      - '"# allow: meta node access with password"'
      - host    all     all                         10.10.10.10/32      md5
      - '"# allow: intranet admin role with password"'
      - host    all     +dbrole_admin               10.0.0.0/8          md5
      - host    all     +dbrole_admin               172.16.0.0/12       md5
      - host    all     +dbrole_admin               192.168.0.0/16      md5
      - '"# allow local (pgbouncer) read-write user (production user) password access"'
      - local   all     +dbrole_readwrite                               md5
      - host    all     +dbrole_readwrite           127.0.0.1/32        md5
      - '"# intranet common user password access"'
      - host    all             all                 10.0.0.0/8          md5
      - host    all             all                 172.16.0.0/12       md5
      - host    all             all                 192.168.0.0/16      md5
    pg_hba_primary: [ ]
    pg_hba_replica:
      - '"# allow remote readonly user (stats, personal user) password access (directly)"'
      - local   all     +dbrole_readonly                               md5
      - host    all     +dbrole_readonly           127.0.0.1/32        md5
    # this hba is added directly to /etc/pgbouncer/pgb_hba.conf instead of patroni conf
    pg_hba_pgbouncer:
      - '# biz_user intranet password access'
      - local  all          all                                     md5
      - host   all          all                     127.0.0.1/32    md5
      - host   all          all                     10.0.0.0/8      md5
      - host   all          all                     172.16.0.0/12   md5
      - host   all          all                     192.168.0.0/16  md5

    # - credential - #
    pg_dbsu_password: ''                          # dbsu password (leaving blank will disable sa password login)
    pg_replication_username: replicator           # replication user
    pg_replication_password: replicator           # replication password
    pg_monitor_username: dbuser_monitor           # monitor user
    pg_monitor_password: dbuser_monitor           # monitor password

    # - default - #
    # pg_default_username: postgres               # non 'postgres' will create a default admin user (not superuser)
    # pg_default_password: postgres               # dbsu password, omit for 'postgres'
    # pg_default_database: postgres               # non 'postgres' will create a default database
    pg_default_schema: public                     # default schema will be create under default database and used as first element of search_path
    pg_default_extensions: "tablefunc,postgres_fdw,file_fdw,btree_gist,btree_gin,pg_trgm"

    # - pgbouncer - #
    pgbouncer_port: 6432                          # default pgbouncer port
    pgbouncer_poolmode: transaction               # default pooling mode: transaction pooling
    pgbouncer_max_db_conn: 100                    # important! do not set this larger than postgres max conn or conn limit


    #------------------------------------------------------------------------------
    # MONITOR PROVISION
    #------------------------------------------------------------------------------
    # - monitor options -
    node_exporter_port: 9100                      # default port for node exporter
    pg_exporter_port: 9630                        # default port for pg exporter
    pgbouncer_exporter_port: 9631                 # default port for pgbouncer exporter
    exporter_metrics_path: /metrics               # default metric path for pg related exporter


    #------------------------------------------------------------------------------
    # PROXY PROVISION
    #------------------------------------------------------------------------------
    # - vip - #
    vip_enabled: true                             # level2 vip requires primary/standby under same switch
    # vip_address: 127.0.0.1                      # virtual ip address ip/cidr
    # vip_cidrmask: 32                            # virtual ip address cidr mask
    # vip_interface: eth0                         # virtual ip network interface

    # - haproxy - #
    haproxy_enabled: true                         # enable haproxy among every cluster members
    haproxy_policy: leastconn                     # roundrobin, leastconn
    haproxy_admin_username: admin                 # default haproxy admin username
    haproxy_admin_password: admin                 # default haproxy admin password
    haproxy_client_timeout: 3h                    # client side connection timeout
    haproxy_server_timeout: 3h                    # server side connection timeout
    haproxy_exporter_port: 9101                   # default admin/exporter port
    haproxy_check_port: 8008                      # default health check port (patroni 8008 by default)
    haproxy_primary_port: 5433                   # default primary port 5433
    haproxy_replica_port: 5434                   # default replica port 5434
    haproxy_backend_port: 6432                   # default target port: pgbouncer:6432 postgres:5432



...

定制初始化模板

在Pigsty中，除了上述的参数变量，还提供两种定制化的方式

数据库初始化模板

初始化模板是用于初始化数据库集群的定义文件，默认位于roles/postgres/templates/patroni.yml，采用patroni.yml 配置文件格式在templates/目录中，有四种预定义好的初始化模板：

oltp.yml 常规OLTP模板，默认配置
olap.yml OLAP模板，提高并行度，针对吞吐量优化，针对长时间运行的查询进行优化。
crit.yml 核心业务模板，基于OLTP模板针对安全性，数据完整性进行优化，采用同步复制，启用数据校验和。
tiny.yml 微型数据库模板，针对低资源场景进行优化，例如运行于虚拟机中的演示数据库集群。

用户也可以基于上述模板进行定制与修改，并通过pg_conf参数使用相应的模板。

数据库初始化脚本

当数据库初始化完毕后，用户通常希望对数据库进行自定义的定制脚本，例如创建统一的默认角色，用户，创建默认的模式，配置默认权限等。本项目提供了一个默认的初始化脚本roles/postgres/templates/initdb.sh，基于以下几个变量创建默认的数据库与用户。

pg_default_username: postgres                 # non 'postgres' will create a default admin user (not superuser)
pg_default_password: postgres                 # dbsu password, omit for 'postgres'
pg_default_database: postgres                 # non 'postgres' will create a default database
pg_default_schema: public                     # default schema will be create under default database and used as first element of search_path
pg_default_extensions: "tablefunc,postgres_fdw,file_fdw,btree_gist,btree_gin,pg_trgm"

用户可以基于本脚本进行定制，并通过pg_init参数使用相应的自定义脚本。

5.3 - 基础设施供给

如何使用参数定义基础设施，以及如何供给基础设施

Infrastructure Provision [DRAFT]

TL;DR

Configure infrastructure parameters
```
vi conf/dev.yml
```
Run infra provision playbook
```
./infra.yml
```

Parameters

    #------------------------------------------------------------------------------
    # CONNECTION PARAMETERS
    #------------------------------------------------------------------------------
    # this section defines connection parameters

    # ansible_user: vagrant             # admin user with ssh access and sudo privilege

    proxy_env: # global proxy env when downloading packages
      # http_proxy: 'http://xxxxxx'
      # https_proxy: 'http://xxxxxx'
      # all_proxy: 'http://xxxxxx'
      no_proxy: "localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16,*.pigsty,*.aliyun.com"

    #------------------------------------------------------------------------------
    # REPO PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to build a local repo

    repo_enabled: true                            # build local yum repo on meta nodes?
    repo_name: pigsty                             # local repo name
    repo_address: yum.pigsty                      # repo external address (ip:port or url)
    repo_port: 80                                 # listen address, must same as repo_address
    repo_home: /www                               # default repo dir location
    repo_rebuild: false                           # force re-download packages
    repo_remove: true                             # remove existing repos

    # - where to download - #
    repo_upstreams:
      - name: base
        description: CentOS-$releasever - Base - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: updates
        description: CentOS-$releasever - Updates - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: extras
        description: CentOS-$releasever - Extras - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: epel
        description: CentOS $releasever - EPEL - Aliyun Mirror
        baseurl: http://mirrors.aliyun.com/epel/$releasever/$basearch
        gpgcheck: no
        failovermethod: priority

      - name: grafana
        description: Grafana - TsingHua Mirror
        gpgcheck: no
        baseurl: https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm

      - name: prometheus
        description: Prometheus and exporters
        gpgcheck: no
        baseurl: https://packagecloud.io/prometheus-rpm/release/el/$releasever/$basearch

      - name: pgdg-common
        description: PostgreSQL common RPMs for RHEL/CentOS $releasever - $basearch
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-$releasever-$basearch

      - name: pgdg13
        description: PostgreSQL 13 for RHEL/CentOS $releasever - $basearch - Updates testing
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch

      - name: centos-sclo
        description: CentOS-$releasever - SCLo
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-sclo

      - name: centos-sclo-rh
        description: CentOS-$releasever - SCLo rh
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-rh

      - name: nginx
        description: Nginx Official Yum Repo
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: http://nginx.org/packages/centos/$releasever/$basearch/

      - name: haproxy
        description: Copr repo for haproxy
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: https://download.copr.fedorainfracloud.org/results/roidelapluie/haproxy/epel-$releasever-$basearch/

      # for latest consul & kubernetes
      - name: harbottle
        description: Copr repo for main owned by harbottle
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: https://download.copr.fedorainfracloud.org/results/harbottle/main/epel-$releasever-$basearch/


    # - what to download - #
    repo_packages:
      # repo bootstrap packages
      - epel-release nginx wget yum-utils yum createrepo                                      # bootstrap packages

      # node basic packages
      - ntp chrony uuid lz4 nc pv jq vim-enhanced make patch bash lsof wget unzip git tuned   # basic system util
      - readline zlib openssl libyaml libxml2 libxslt perl-ExtUtils-Embed ca-certificates     # basic pg dependency
      - numactl grubby sysstat dstat iotop bind-utils net-tools tcpdump socat ipvsadm telnet  # system utils

      # dcs & monitor packages
      - grafana prometheus2 pushgateway alertmanager                                          # monitor and ui
      - node_exporter postgres_exporter nginx_exporter blackbox_exporter                      # exporter
      - consul consul_exporter consul-template etcd                                           # dcs

      # python3 dependencies
      - ansible python python-pip python-psycopg2                                             # ansible & python
      - python3 python3-psycopg2 python36-requests python3-etcd python3-consul                # python3
      - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography               # python3 patroni extra deps

      # proxy and load balancer
      - haproxy keepalived dnsmasq                                                            # proxy and dns

      # postgres common Packages
      - patroni patroni-consul patroni-etcd pgbouncer pg_cli pgbadger pg_activity               # major components
      - pgcenter boxinfo check_postgres emaj pgbconsole pg_bloat_check pgquarrel                # other common utils
      - barman barman-cli pgloader pgFormatter pitrery pspg pgxnclient PyGreSQL pgadmin4 tail_n_mail

      # postgres 13 packages
      - postgresql13* postgis31* citus_13 pgrouting_13                                          # postgres 13 and postgis 31
      - pg_repack13 pg_squeeze13                                                                # maintenance extensions
      - pg_qualstats13 pg_stat_kcache13 system_stats_13 bgw_replstatus13                        # stats extensions
      - plr13 plsh13 plpgsql_check_13 plproxy13 plr13 plsh13 plpgsql_check_13 pldebugger13      # PL extensions                                      # pl extensions
      - hdfs_fdw_13 mongo_fdw13 mysql_fdw_13 ogr_fdw13 redis_fdw_13 pgbouncer_fdw13             # FDW extensions
      - wal2json13 count_distinct13 ddlx_13 geoip13 orafce13                                    # MISC extensions
      - rum_13 hypopg_13 ip4r13 jsquery_13 logerrors_13 periods_13 pg_auto_failover_13 pg_catcheck13
      - pg_fkpart13 pg_jobmon13 pg_partman13 pg_prioritize_13 pg_track_settings13 pgaudit15_13
      - pgcryptokey13 pgexportdoc13 pgimportdoc13 pgmemcache-13 pgmp13 pgq-13
      - pguint13 pguri13 prefix13  safeupdate_13 semver13  table_version13 tdigest13


    repo_url_packages:
      - https://github.com/Vonng/pg_exporter/releases/download/v0.3.1/pg_exporter-0.3.1-1.el7.x86_64.rpm
      - https://github.com/cybertec-postgresql/vip-manager/releases/download/v0.6/vip-manager_0.6-1_amd64.rpm
      - http://guichaz.free.fr/polysh/files/polysh-0.4-1.noarch.rpm





    #------------------------------------------------------------------------------
    # NODE PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to provision nodes

    # - node dns - #
    node_dns_hosts: # static dns records in /etc/hosts
      - 10.10.10.10 yum.pigsty
    node_dns_server: add                          # add (default) | none (skip) | overwrite (remove old settings)
    node_dns_servers: # dynamic nameserver in /etc/resolv.conf
      - 10.10.10.10
    node_dns_options: # dns resolv options
      - options single-request-reopen timeout:1 rotate
      - domain service.consul

    # - node repo - #
    node_repo_method: local                       # none|local|public (use local repo for production env)
    node_repo_remove: true                        # whether remove existing repo
    # local repo url (if method=local, make sure firewall is configured or disabled)
    node_local_repo_url:
      - http://yum.pigsty/pigsty.repo

    # - node packages - #
    node_packages: # common packages for all nodes
      - wget,yum-utils,ntp,chrony,tuned,uuid,lz4,vim-minimal,make,patch,bash,lsof,wget,unzip,git,readline,zlib,openssl
      - numactl,grubby,sysstat,dstat,iotop,bind-utils,net-tools,tcpdump,socat,ipvsadm,telnet,tuned,pv,jq
      - python3,python3-psycopg2,python36-requests,python3-etcd,python3-consul
      - python36-urllib3,python36-idna,python36-pyOpenSSL,python36-cryptography
      - node_exporter,consul,consul-template,etcd,haproxy,keepalived,vip-manager
    node_extra_packages: # extra packages for all nodes
      - patroni,patroni-consul,patroni-etcd,pgbouncer,pgbadger,pg_activity
    node_meta_packages: # packages for meta nodes only
      - grafana,prometheus2,alertmanager,nginx_exporter,blackbox_exporter,pushgateway
      - dnsmasq,nginx,ansible,pgbadger,polysh

    # - node features - #
    node_disable_numa: false                      # disable numa, important for production database, reboot required
    node_disable_swap: false                      # disable swap, important for production database
    node_disable_firewall: true                   # disable firewall (required if using kubernetes)
    node_disable_selinux: true                    # disable selinux  (required if using kubernetes)
    node_static_network: true                     # keep dns resolver settings after reboot
    node_disk_prefetch: false                     # setup disk prefetch on HDD to increase performance

    # - node kernel modules - #
    node_kernel_modules:
      - softdog
      - br_netfilter
      - ip_vs
      - ip_vs_rr
      - ip_vs_rr
      - ip_vs_wrr
      - ip_vs_sh
      - nf_conntrack_ipv4

    # - node tuned - #
    node_tune: tiny                               # install and activate tuned profile: none|oltp|olap|crit|tiny
    node_sysctl_params: # set additional sysctl parameters, k:v format
      net.bridge.bridge-nf-call-iptables: 1       # for kubernetes

    # - node user - #
    node_admin_setup: true                        # setup an default admin user ?
    node_admin_uid: 88                            # uid and gid for admin user
    node_admin_username: admin                    # default admin user
    node_admin_ssh_exchange: true                 # exchange ssh key among cluster ?
    node_admin_pks: # public key list that will be installed
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC7IMAMNavYtWwzAJajKqwdn3ar5BhvcwCnBTxxEkXhGlCO2vfgosSAQMEflfgvkiI5nM1HIFQ8KINlx1XLO7SdL5KdInG5LIJjAFh0pujS4kNCT9a5IGvSq1BrzGqhbEcwWYdju1ZPYBcJm/MG+JD0dYCh8vfrYB/cYMD0SOmNkQ== vagrant@pigsty.com'

    # - node ntp - #
    node_ntp_service: ntp                         # ntp or chrony
    node_ntp_config: true                         # overwrite existing ntp config?
    node_timezone: Asia/Shanghai                  # default node timezone
    node_ntp_servers: # default NTP servers
      - pool cn.pool.ntp.org iburst
      - pool pool.ntp.org iburst
      - pool time.pool.aliyun.com iburst
      - server 10.10.10.10 iburst


    #------------------------------------------------------------------------------
    # META PROVISION
    #------------------------------------------------------------------------------
    # - ca - #
    ca_method: create                             # create|copy|recreate
    ca_subject: "/CN=root-ca"                     # self-signed CA subject
    ca_homedir: /ca                               # ca cert directory
    ca_cert: ca.crt                               # ca public key/cert
    ca_key: ca.key                                # ca private key

    # - nginx - #
    nginx_upstream:
      - {name: home,           host: pigsty,   url: "127.0.0.1:3000"}
      - { name: consul,        host: c.pigsty, url: "127.0.0.1:8500" }
      - { name: grafana,       host: g.pigsty, url: "127.0.0.1:3000" }
      - { name: prometheus,    host: p.pigsty, url: "127.0.0.1:9090" }
      - { name: alertmanager,  host: a.pigsty, url: "127.0.0.1:9093" }

    # - nameserver - #
    dns_records: # dynamic dns record resolved by dnsmasq
      - 10.10.10.2  pg-meta                       # sandbox vip for pg-meta
      - 10.10.10.3  pg-test                       # sandbox vip for pg-test
      - 10.10.10.10 meta-1                        # sandbox node meta-1 (node-0)
      - 10.10.10.11 node-1                        # sandbox node node-1
      - 10.10.10.12 node-2                        # sandbox node node-2
      - 10.10.10.13 node-3                        # sandbox node node-3
      - 10.10.10.10 pigsty
      - 10.10.10.10 y.pigsty yum.pigsty
      - 10.10.10.10 c.pigsty consul.pigsty
      - 10.10.10.10 g.pigsty grafana.pigsty
      - 10.10.10.10 p.pigsty prometheus.pigsty
      - 10.10.10.10 a.pigsty alertmanager.pigsty
      - 10.10.10.10 n.pigsty ntp.pigsty

    # - prometheus - #
    prometheus_scrape_interval: 2s                # global scrape & evaluation interval (2s for dev, 15s for prod)
    prometheus_scrape_timeout: 1s                 # global scrape timeout (1s for dev, 1s for prod)
    prometheus_metrics_path: /metrics             # default metrics path (only affect job 'pg')
    prometheus_data_dir: /export/prometheus/data  # prometheus data dir
    prometheus_retention: 30d                     # how long to keep

    # - grafana - #
    grafana_url: http://admin:admin@10.10.10.10:3000 # grafana url
    grafana_admin_password: admin                  # default grafana admin user password
    grafana_plugin: install                        # none|install|reinstall
    grafana_cache: /www/pigsty/grafana/plugins.tar.gz # path to grafana plugins tarball
    grafana_customize: true                        # customize grafana resources
    grafana_plugins: # default grafana plugins list
      - redis-datasource
      - simpod-json-datasource
      - fifemon-graphql-datasource
      - sbueringer-consul-datasource
      - camptocamp-prometheus-alertmanager-datasource
      - ryantxu-ajax-panel
      - marcusolsson-hourly-heatmap-panel
      - michaeldmoore-multistat-panel
      - marcusolsson-treemap-panel
      - pr0ps-trackmap-panel
      - dalvany-image-panel
      - magnesium-wordcloud-panel
      - cloudspout-button-panel
      - speakyourcode-button-panel
      - jdbranham-diagram-panel
      - grafana-piechart-panel
      - snuids-radar-panel
      - digrich-bubblechart-panel
    grafana_git_plugins:
      - https://github.com/Vonng/grafana-echarts



    #------------------------------------------------------------------------------
    # DCS PROVISION
    #------------------------------------------------------------------------------
    dcs_type: consul                              # consul | etcd | both
    dcs_name: pigsty                              # consul dc name | etcd initial cluster token
    # dcs server dict in name:ip format
    dcs_servers:
      meta-1: 10.10.10.10                         # you could use existing dcs cluster
      # meta-2: 10.10.10.11                       # host which have their IP listed here will be init as server
      # meta-3: 10.10.10.12                       # 3 or 5 dcs nodes are recommend for production environment

    dcs_exists_action: skip                       # abort|skip|clean if dcs server already exists
    consul_data_dir: /var/lib/consul              # consul data dir (/var/lib/consul by default)
    etcd_data_dir: /var/lib/etcd                  # etcd data dir (/var/lib/consul by default)

Playbook

infra.yml will bootstrap entire infrastructure on given inventory


play #1 (meta): Init local repo						TAGS: [repo]
tasks:
  Create local repo directory						TAGS: [repo, repo_dir]
  Backup & remove existing repos					TAGS: [repo, repo_upstream]
  Add required upstream repos						TAGS: [repo, repo_upstream]
  Check repo pkgs cache exists						TAGS: [repo, repo_prepare]
  Set fact whether repo_exists						TAGS: [repo, repo_prepare]
  Move upstream repo to backup						TAGS: [repo, repo_prepare]
  Add local file system repos						TAGS: [repo, repo_prepare]
  repo : Remake yum cache if not exists				TAGS: [repo, repo_prepare]
  Install repo bootstrap packages					TAGS: [repo, repo_boot]
  Render repo nginx server files					TAGS: [repo, repo_nginx]
  Disable selinux for repo server					TAGS: [repo, repo_nginx]
  Launch repo nginx server							TAGS: [repo, repo_nginx]
  Waits repo server online							TAGS: [repo, repo_nginx]
  repo : Download web url packages					TAGS: [repo, repo_download]
  Download repo packages							TAGS: [repo, repo_download]
  Download repo pkg deps							TAGS: [repo, repo_download]
  Create local repo index							TAGS: [repo, repo_download]
  repo : Copy bootstrap scripts						TAGS: [repo, repo_download, repo_script]
  Mark repo cache as valid							TAGS: [repo, repo_download]

play #2 (all): Provision Node						TAGS: [node]
tasks:
  Update node hostname								TAGS: [node, node_name]
  node : Add new hostname to /etc/hosts				TAGS: [node, node_name]
  node : Write static dns records					TAGS: [node, node_dns]
  node : Get old nameservers						TAGS: [node, node_resolv]
  node : Truncate resolv file						TAGS: [node, node_resolv]
  node : Write resolv options						TAGS: [node, node_resolv]
  node : Add new nameservers						TAGS: [node, node_resolv]
  node : Append old nameservers						TAGS: [node, node_resolv]
  node : Node configure disable firewall			TAGS: [node, node_firewall]
  node : Node disable selinux by default			TAGS: [node, node_firewall]
  node : Backup existing repos						TAGS: [node, node_repo]
  node : Install upstream repo						TAGS: [node, node_repo]
  node : Install local repo							TAGS: [node, node_repo]
  Install node basic packages						TAGS: [node, node_pkgs]
  Install node extra packages						TAGS: [node, node_pkgs]
  node : Install meta specific packages				TAGS: [node, node_pkgs]
  Install node basic packages						TAGS: [node, node_pkgs]
  Install node extra packages						TAGS: [node, node_pkgs]
  node : Install meta specific packages				TAGS: [node, node_pkgs]
  node : Node configure disable numa				TAGS: [node, node_feature]
  node : Node configure disable swap				TAGS: [node, node_feature]
  node : Node configure unmount swap				TAGS: [node, node_feature]
  node : Node setup static network					TAGS: [node, node_feature]
  node : Node configure disable firewall			TAGS: [node, node_feature]
  node : Node configure disk prefetch				TAGS: [node, node_feature]
  node : Enable linux kernel modules				TAGS: [node, node_kernel]
  node : Enable kernel module on reboot				TAGS: [node, node_kernel]
  node : Get config parameter page count			TAGS: [node, node_tuned]
  node : Get config parameter page size				TAGS: [node, node_tuned]
  node : Tune shmmax and shmall via mem				TAGS: [node, node_tuned]
  node : Create tuned profiles						TAGS: [node, node_tuned]
  node : Render tuned profiles						TAGS: [node, node_tuned]
  node : Active tuned profile						TAGS: [node, node_tuned]
  node : Change additional sysctl params			TAGS: [node, node_tuned]
  node : Copy default user bash profile				TAGS: [node, node_profile]
  Setup node default pam ulimits					TAGS: [node, node_ulimit]
  node : Create os user group admin					TAGS: [node, node_admin]
  node : Create os user admin						TAGS: [node, node_admin]
  node : Grant admin group nopass sudo				TAGS: [node, node_admin]
  node : Add no host checking to ssh config			TAGS: [node, node_admin]
  node : Add admin ssh no host checking				TAGS: [node, node_admin]
  node : Fetch all admin public keys				TAGS: [node, node_admin]
  node : Exchange all admin ssh keys				TAGS: [node, node_admin]
  node : Install public keys						TAGS: [node, node_admin]
  node : Install ntp package						TAGS: [node, ntp_install]
  node : Install chrony package						TAGS: [node, ntp_install]
  Setup default node timezone						TAGS: [node, ntp_config]
  node : Copy the ntp.conf file						TAGS: [node, ntp_config]
  node : Copy the chrony.conf template				TAGS: [node, ntp_config]
  node : Launch ntpd service						TAGS: [node, ntp_launch]
  node : Launch chronyd service						TAGS: [node, ntp_launch]

play #3 (meta): Init meta service					TAGS: [meta]
tasks:
  Create local ca directory							TAGS: [ca, ca_dir, meta]
  Copy ca cert from local files						TAGS: [ca, ca_copy, meta]
  Check ca key cert exists							TAGS: [ca, ca_create, meta]
  ca : Create self-signed CA key-cert				TAGS: [ca, ca_create, meta]
  Make sure nginx package installed					TAGS: [meta, nginx]
  Copy nginx default config							TAGS: [meta, nginx]
  Copy nginx upstream conf							TAGS: [meta, nginx]
  nginx : Create local html directory				TAGS: [meta, nginx]
  Update default nginx index page					TAGS: [meta, nginx]
  Restart meta nginx service						TAGS: [meta, nginx]
  Wait for nginx service online						TAGS: [meta, nginx]
  Make sure nginx exporter installed				TAGS: [meta, nginx, nginx_exporter]
  Config nginx_exporter options						TAGS: [meta, nginx, nginx_exporter]
  Restart nginx_exporter service					TAGS: [meta, nginx, nginx_exporter]
  Wait for nginx exporter online					TAGS: [meta, nginx, nginx_exporter]
  Install prometheus and alertmanager				TAGS: [meta, prometheus, prometheus_install]
  Wipe out prometheus config dir					TAGS: [meta, prometheus, prometheus_clean]
  Wipe out existing prometheus data					TAGS: [meta, prometheus, prometheus_clean]
  Recreate prometheus data dir						TAGS: [meta, prometheus, prometheus_config]
  Copy /etc/prometheus configs						TAGS: [meta, prometheus, prometheus_config]
  Copy /etc/prometheus opts							TAGS: [meta, prometheus, prometheus_config]
  Overwrite prometheus scrape_interval				TAGS: [meta, prometheus, prometheus_config]
  Overwrite prometheus evaluation_interval			TAGS: [meta, prometheus, prometheus_config]
  Overwrite prometheus scrape_timeout				TAGS: [meta, prometheus, prometheus_config]
  Overwrite prometheus pg metrics path				TAGS: [meta, prometheus, prometheus_config]
  Launch prometheus service							TAGS: [meta, prometheus, prometheus_launch]
  prometheus : Launch alertmanager service			TAGS: [meta, prometheus, prometheus_launch]
  Wait for prometheus online						TAGS: [meta, prometheus, prometheus_launch]
  prometheus : Wait for alertmanager online			TAGS: [meta, prometheus, prometheus_launch]
  Make sure grafana is installed					TAGS: [grafana, grafana_install, meta]
  Check grafana plugin cache exists					TAGS: [grafana, grafana_plugin, meta]
  Provision grafana plugins via cache				TAGS: [grafana, grafana_plugin, meta]
  Download grafana plugins from web					TAGS: [grafana, grafana_plugin, meta]
  Download grafana plugins from web					TAGS: [grafana, grafana_plugin, meta]
  Create grafana plugins cache						TAGS: [grafana, grafana_plugin, meta]
  Copy /etc/grafana/grafana.ini						TAGS: [grafana, grafana_config, meta]
  Remove grafana provision dir						TAGS: [grafana, grafana_config, meta]
  grafana : Copy provisioning content				TAGS: [grafana, grafana_config, meta]
  grafana : Copy pigsty dashboards					TAGS: [grafana, grafana_config, meta]
  grafana : Copy pigsty icon image					TAGS: [grafana, grafana_config, meta]
  Replace grafana icon with pigsty					TAGS: [grafana, grafana_config, grafana_customize, meta]
  Launch grafana service							TAGS: [grafana, grafana_launch, meta]
  Wait for grafana online							TAGS: [grafana, grafana_launch, meta]
  Update grafana default preferences				TAGS: [grafana, grafana_provision, meta]
  Register consul grafana service					TAGS: [grafana, grafana_register, meta]
  grafana : Reload consul							TAGS: [grafana, grafana_register, meta]

play #4 (all): Init dcs								TAGS: []
tasks:
  Check for existing consul							TAGS: [consul_check, dcs]
  consul : Consul exists flag fact set				TAGS: [consul_check, dcs]
  Abort due to consul exists						TAGS: [consul_check, dcs]
  Clean existing consul instance					TAGS: [consul_check, dcs]
  Stop any running consul instance					TAGS: [consul_check, dcs]
  Remove existing consul dir						TAGS: [consul_check, dcs]
  Recreate consul dir								TAGS: [consul_check, dcs]
  Make sure consul is installed						TAGS: [consul_install, dcs]
  Make sure consul dir exists						TAGS: [consul_config, dcs]
  consul : Get dcs server node names				TAGS: [consul_config, dcs]
  consul : Get dcs node name from var				TAGS: [consul_config, dcs]
  consul : Get dcs node name from var				TAGS: [consul_config, dcs]
  consul : Fetch hostname as dcs node name			TAGS: [consul_config, dcs]
  consul : Get dcs name from hostname				TAGS: [consul_config, dcs]
  Copy /etc/consul.d/consul.json					TAGS: [consul_config, dcs]
  Copy consul agent service							TAGS: [consul_config, dcs]
  consul : Get dcs bootstrap expect quroum			TAGS: [consul_server, dcs]
  Copy consul server service unit					TAGS: [consul_server, dcs]
  Launch consul server service						TAGS: [consul_server, dcs]
  Wait for consul server online						TAGS: [consul_server, dcs]
  Launch consul agent service						TAGS: [consul_agent, dcs]
  Wait for consul agent online						TAGS: [consul_agent, dcs]

play #5 (meta): Copy ansible scripts				TAGS: [ansible]
tasks:
  Create ansible tarball							TAGS: [ansible]
  Create ansible directory							TAGS: [ansible]
  Copy ansible tarball								TAGS: [ansible]
  Extract tarball									TAGS: [ansible]

5.4 - Postgres供应

如何定义并拉起PostgreSQL数据库集群

Postgres Provision

TL;DR

Configure postgres parameters in config file
```
vi config/all.yml
```
Run postgres provision playbook
```
./initdb.yml
```

Parameters

---
#------------------------------------------------------------------------------
# POSTGRES INSTALLATION
#------------------------------------------------------------------------------
# - dbsu - #
pg_dbsu: postgres                             # os user for database, postgres by default (change it is not recommended!)
pg_dbsu_uid: 26                               # os dbsu uid and gid, 26 for default postgres users and groups
pg_dbsu_sudo: limit                           # none|limit|all|nopass (Privilege for dbsu, limit is recommended)
pg_dbsu_home: /var/lib/pgsql                  # postgresql binary
pg_dbsu_ssh_exchange: false                   # exchange ssh key among same cluster

# - packages - #
pg_version: 12                                # default postgresql version
pgdg_repo: false                              # use official pgdg yum repo (disable if you have local mirror)
pg_add_repo: false                            # add postgres related repo before install (useful if you want a simple install)
pg_bin_dir: /usr/pgsql/bin                    # postgres binary dir
pg_packages: # packages to be installed (Postgres 13)
  - postgresql${pg_version}*
  - postgis31_${pg_version}*
  - pgbouncer patroni pg_exporter pgbadger
  - patroni patroni-consul patroni-etcd pgbouncer pgbadger pg_activity
  - python3 python3-psycopg2 python36-requests python3-etcd python3-consul
  - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography

pg_extensions:
  - pg_repack${pg_version} pg_qualstats${pg_version} pg_stat_kcache${pg_version} wal2json${pg_version}
  # - ogr_fdw${pg_version} mysql_fdw_${pg_version} redis_fdw_${pg_version} mongo_fdw${pg_version} hdfs_fdw_${pg_version}
  # - count_distinct${version}  ddlx_${version}  geoip${version}  orafce${version}
  # - hypopg_${version}  ip4r${version}  jsquery_${version}  logerrors_${version}  periods_${version}  pg_auto_failover_${version}  pg_catcheck${version}
  # - pg_fkpart${version}  pg_jobmon${version}  pg_partman${version}  pg_prioritize_${version}  pg_track_settings${version}  pgaudit15_${version}
  # - pgcryptokey${version}  pgexportdoc${version}  pgimportdoc${version}  pgmemcache-${version}  pgmp${version}  pgq-${version}  pgquarrel pgrouting_${version}
  # - pguint${version}  pguri${version}  prefix${version}   safeupdate_${version}  semver${version}   table_version${version}  tdigest${version}

#------------------------------------------------------------------------------
# POSTGRES PROVISION
#------------------------------------------------------------------------------
# - identity - #
# pg_cluster:                                 # [REQUIRED] cluster name (validated during pg_preflight)
# pg_seq: 0                                   # [REQUIRED] instance seq (validated during pg_preflight)
pg_role: replica                              # [REQUIRED] service role (validated during pg_preflight)
pg_hostname: false                            # overwrite node hostname with pg instance name

# - cleanup - #
# pg_exists_action, available options: abort|clean|skip
#  - abort: abort entire play's execution (default)
#  - clean: remove existing cluster (dangerous)
#  - skip: end current play for this host
pg_exists: false                              # auxiliary flag variable (DO NOT SET THIS)
pg_exists_action: abort

# - storage - #
pg_data: /pg/data                             # postgres data directory
pg_fs_main: /export                           # data disk mount point     /pg -> {{ pg_fs_main }}/postgres/{{ pg_instance }}
pg_fs_bkup: /var/backups                      # backup disk mount point   /pg/* -> {{ pg_fs_bkup }}/postgres/{{ pg_instance }}/*

# - connection - #
pg_listen: '0.0.0.0'                          # postgres listen address, '0.0.0.0' by default (all ipv4 addr)
pg_port: 5432                                 # postgres port (5432 by default)
pg_localhost: /var/run/postgresql
pg_shared_libraries: pg_stat_statements, auto_explain

#------------------------------------------------------------------------------
# PATRONI PROVISION
#------------------------------------------------------------------------------
# - patroni - #
# patroni_mode, available options: default|pause|remove
# default: default ha mode
# pause:   into maintainance mode
# remove:  remove patroni after bootstrap
patroni_mode: default                         # pause|default|remove
pg_namespace: /pg                             # top level key namespace in dcs
patroni_port: 8008                            # default patroni port
patroni_watchdog_mode: automatic              # watchdog mode: off|automatic|required
pg_conf: patroni.yml                          # user provided patroni config template path


#------------------------------------------------------------------------------
# PGBOUNCER PROVISION
#------------------------------------------------------------------------------
# - pgbouncer - #
pgbouncer_port: 6432                          # default pgbouncer port
pgbouncer_poolmode: transaction               # default pooling mode: transaction pooling
pgbouncer_max_db_conn: 100                    # important! do not set this larger than postgres max conn or conn limit


#------------------------------------------------------------------------------
# CLUSTER TEMPLATE
#------------------------------------------------------------------------------
pg_init: pg-init                              # init script for cluster template

# - system roles - #
pg_replication_username: replicator           # system replication user
pg_replication_password: DBUser.Replicator    # system replication password
pg_monitor_username: dbuser_monitor           # system monitor user
pg_monitor_password: DBUser.Monitor           # system monitor password
pg_admin_username: dbuser_admin               # system admin user
pg_admin_password: DBUser.Admin               # system admin password

# - default roles - #
pg_default_roles:
  - username: dbrole_readonly                 # sample user:
    options: NOLOGIN                          # role can not login
    comment: role for readonly access         # comment string

  - username: dbrole_readwrite                # sample user: one object for each user
    options: NOLOGIN
    comment: role for read-write access
    groups: [ dbrole_readonly ]               # read-write includes read-only access

  - username: dbrole_admin                    # sample user: one object for each user
    options: NOLOGIN BYPASSRLS                # admin can bypass row level security
    comment: role for object creation
    groups: [dbrole_readwrite,pg_monitor,pg_signal_backend]

  # NOTE: replicator, monitor, admin password are overwrite by separated config entry
  - username: postgres                        # reset dbsu password to NULL (if dbsu is not postgres)
    options: SUPERUSER LOGIN
    comment: system superuser

  - username: replicator
    options: REPLICATION LOGIN
    groups: [pg_monitor, dbrole_readonly]
    comment: system replicator

  - username: dbuser_monitor
    options: LOGIN CONNECTION LIMIT 10
    comment: system monitor user
    groups: [pg_monitor, dbrole_readonly]

  - username: dbuser_admin
    options: LOGIN BYPASSRLS
    comment: system admin user
    groups: [dbrole_admin]

  - username: dbuser_stats
    password: DBUser.Stats
    options: LOGIN
    comment: business read-only user for statistics
    groups: [dbrole_readonly]


# object created by dbsu and admin will have their privileges properly set
pg_default_privilegs:
  - GRANT USAGE                         ON SCHEMAS   TO dbrole_readonly
  - GRANT SELECT                        ON TABLES    TO dbrole_readonly
  - GRANT SELECT                        ON SEQUENCES TO dbrole_readonly
  - GRANT EXECUTE                       ON FUNCTIONS TO dbrole_readonly
  - GRANT INSERT, UPDATE, DELETE        ON TABLES    TO dbrole_readwrite
  - GRANT USAGE,  UPDATE                ON SEQUENCES TO dbrole_readwrite
  - GRANT TRUNCATE, REFERENCES, TRIGGER ON TABLES    TO dbrole_admin
  - GRANT CREATE                        ON SCHEMAS   TO dbrole_admin
  - GRANT USAGE                         ON TYPES     TO dbrole_admin

# schemas
pg_default_schemas: [monitor]

# extension
pg_default_extensions:
  - { name: 'pg_stat_statements',  schema: 'monitor' }
  - { name: 'pgstattuple',         schema: 'monitor' }
  - { name: 'pg_qualstats',        schema: 'monitor' }
  - { name: 'pg_buffercache',      schema: 'monitor' }
  - { name: 'pageinspect',         schema: 'monitor' }
  - { name: 'pg_prewarm',          schema: 'monitor' }
  - { name: 'pg_visibility',       schema: 'monitor' }
  - { name: 'pg_freespacemap',     schema: 'monitor' }
  - { name: 'pg_repack',           schema: 'monitor' }
  - name: postgres_fdw
  - name: file_fdw
  - name: btree_gist
  - name: btree_gin
  - name: pg_trgm
  - name: intagg
  - name: intarray

# - hba - #
pg_hba_rules:
  - title: allow meta node password access
    role: common
    rules:
      - host    all     all                         10.10.10.10/32      md5

  - title: allow intranet admin password access
    role: common
    rules:
      - host    all     +dbrole_admin               10.0.0.0/8          md5
      - host    all     +dbrole_admin               172.16.0.0/12       md5
      - host    all     +dbrole_admin               192.168.0.0/16      md5

  - title: allow intranet password access
    role: common
    rules:
      - host    all             all                 10.0.0.0/8          md5
      - host    all             all                 172.16.0.0/12       md5
      - host    all             all                 192.168.0.0/16      md5

  - title: allow local read-write access (local production user via pgbouncer)
    role: common
    rules:
      - local   all     +dbrole_readwrite                               md5
      - host    all     +dbrole_readwrite           127.0.0.1/32        md5

  - title: allow read-only user (stats, personal) password directly access
    role: replica
    rules:
      - local   all     +dbrole_readonly                               md5
      - host    all     +dbrole_readonly           127.0.0.1/32        md5

# pgbouncer host-based authentication rules
pgbouncer_hba_rules:
  - title: local password access
    role: common
    rules:
      - local  all          all                                     md5
      - host   all          all                     127.0.0.1/32    md5

  - title: intranet password access
    role: common
    rules:
      - host   all          all                     10.0.0.0/8      md5
      - host   all          all                     172.16.0.0/12   md5
      - host   all          all                     192.168.0.0/16  md5

#------------------------------------------------------------------------------
# BUSINESS TEMPLATE
#------------------------------------------------------------------------------
# - business - #
# users that are ad hoc to each cluster
pg_users:
  - username: dbuser_test
    password: DBUser.Test
    options: LOGIN NOINHERIT
    comment: business read-write user
    groups: [dbrole_readwrite]

pg_databases: # additional business database
  - name: test                                # one object for each database
    owner: dbuser_test
    schemas: [monitor, public]
    extensions: [{name: "postgis", schema: "public"}]
    parameters:
      search_path: 'yay,public,monitor'       # set default search path

...

Playbook

initdb.yml will bootstrap PostgreSQL cluster according to inventory (assume infra provisioned)

tasks:
  Create os group postgres								TAGS: [instal, pg_dbsu, postgres]
  postgres : Make sure dcs group exists					TAGS: [instal, pg_dbsu, postgres]
  postgres : Create dbsu {{ pg_dbsu }}					TAGS: [instal, pg_dbsu, postgres]
  postgres : Grant dbsu nopass sudo						TAGS: [instal, pg_dbsu, postgres]
  postgres : Grant dbsu all sudo						TAGS: [instal, pg_dbsu, postgres]
  postgres : Grant dbsu limited sudo					TAGS: [instal, pg_dbsu, postgres]
  postgres : Config patroni watchdog support			TAGS: [instal, pg_dbsu, postgres]
  postgres : Add dbsu ssh no host checking				TAGS: [instal, pg_dbsu, postgres]
  postgres : Fetch dbsu public keys						TAGS: [instal, pg_dbsu, postgres]
  postgres : Exchange dbsu ssh keys						TAGS: [instal, pg_dbsu, postgres]
  postgres : Install offical pgdg yum repo				TAGS: [instal, pg_install, postgres]
  postgres : Install pg packages						TAGS: [instal, pg_install, postgres]
  postgres : Install pg extensions						TAGS: [instal, pg_install, postgres]
  postgres : Link /usr/pgsql to current version			TAGS: [instal, pg_install, postgres]
  postgres : Add pg bin dir to profile path				TAGS: [instal, pg_install, postgres]
  postgres : Fix directory ownership					TAGS: [instal, pg_install, postgres]
  Remove default postgres service						TAGS: [instal, pg_install, postgres]
  postgres : Check necessary variables exists			TAGS: [always, pg_preflight, postgres, preflight]
  postgres : Fetch variables via pg_cluster				TAGS: [always, pg_preflight, postgres, preflight]
  postgres : Set cluster basic facts for hosts			TAGS: [always, pg_preflight, postgres, preflight]
  postgres : Assert cluster primary singleton			TAGS: [always, pg_preflight, postgres, preflight]
  postgres : Setup cluster primary ip address			TAGS: [always, pg_preflight, postgres, preflight]
  postgres : Setup repl upstream for primary			TAGS: [always, pg_preflight, postgres, preflight]
  postgres : Setup repl upstream for replicas			TAGS: [always, pg_preflight, postgres, preflight]
  postgres : Debug print instance summary				TAGS: [always, pg_preflight, postgres, preflight]
  Check for existing postgres instance					TAGS: [pg_check, postgres, prepare]
  postgres : Set fact whether pg port is open			TAGS: [pg_check, postgres, prepare]
  Abort due to existing postgres instance				TAGS: [pg_check, postgres, prepare]
  Clean existing postgres instance						TAGS: [pg_check, postgres, prepare]
  Shutdown existing postgres service					TAGS: [pg_clean, postgres, prepare]
  postgres : Remove registerd consul service			TAGS: [pg_clean, postgres, prepare]
  Remove postgres metadata in consul					TAGS: [pg_clean, postgres, prepare]
  Remove existing postgres data							TAGS: [pg_clean, postgres, prepare]
  postgres : Make sure main and backup dir exists		TAGS: [pg_dir, postgres, prepare]
  Create postgres directory structure					TAGS: [pg_dir, postgres, prepare]
  postgres : Create pgbouncer directory structure		TAGS: [pg_dir, postgres, prepare]
  postgres : Create links from pgbkup to pgroot			TAGS: [pg_dir, postgres, prepare]
  postgres : Create links from current cluster			TAGS: [pg_dir, postgres, prepare]
  postgres : Copy pg_cluster to /pg/meta/cluster		TAGS: [pg_meta, postgres, prepare]
  postgres : Copy pg_version to /pg/meta/version		TAGS: [pg_meta, postgres, prepare]
  postgres : Copy pg_instance to /pg/meta/instance		TAGS: [pg_meta, postgres, prepare]
  postgres : Copy pg_seq to /pg/meta/sequence			TAGS: [pg_meta, postgres, prepare]
  postgres : Copy pg_role to /pg/meta/role				TAGS: [pg_meta, postgres, prepare]
  Copy postgres scripts to /pg/bin/						TAGS: [pg_scripts, postgres, prepare]
  postgres : Copy alias profile to /etc/profile.d		TAGS: [pg_scripts, postgres, prepare]
  Copy psqlrc to postgres home							TAGS: [pg_scripts, postgres, prepare]
  postgres : Setup hostname to pg instance name			TAGS: [pg_hostname, postgres, prepare]
  postgres : Copy consul node-meta definition			TAGS: [pg_nodemeta, postgres, prepare]
  postgres : Restart consul to load new node-meta		TAGS: [pg_nodemeta, postgres, prepare]
  postgres : Config patroni watchdog support			TAGS: [pg_watchdog, postgres, prepare]
  postgres : Get config parameter page count			TAGS: [pg_config, postgres]
  postgres : Get config parameter page size				TAGS: [pg_config, postgres]
  postgres : Tune shared buffer and work mem			TAGS: [pg_config, postgres]
  postgres : Hanlde small size mem occasion				TAGS: [pg_config, postgres]
  Calculate postgres mem params							TAGS: [pg_config, postgres]
  postgres : create patroni config dir					TAGS: [pg_config, postgres]
  postgres : use predefined patroni template			TAGS: [pg_config, postgres]
  postgres : Render default /pg/conf/patroni.yml		TAGS: [pg_config, postgres]
  postgres : Link /pg/conf/patroni to /pg/bin/			TAGS: [pg_config, postgres]
  postgres : Link /pg/bin/patroni.yml to /etc/patroni/	TAGS: [pg_config, postgres]
  postgres : Config patroni watchdog support			TAGS: [pg_config, postgres]
  postgres : create patroni systemd drop-in dir			TAGS: [pg_config, postgres]
  Copy postgres systemd service file					TAGS: [pg_config, postgres]
  postgres : create patroni systemd drop-in file		TAGS: [pg_config, postgres]
  postgres : Render default initdb scripts				TAGS: [pg_config, postgres]
  postgres : Launch patroni on primary instance			TAGS: [pg_primary, postgres]
  postgres : Wait for patroni primary online			TAGS: [pg_primary, postgres]
  Wait for postgres primary online						TAGS: [pg_primary, postgres]
  Check primary postgres service ready					TAGS: [pg_primary, postgres]
  postgres : Check replication connectivity to primary	TAGS: [pg_primary, postgres]
  postgres : Render default pg-init scripts				TAGS: [pg_init, pg_init_config, postgres]
  postgres : Render template init script				TAGS: [pg_init, pg_init_config, postgres]
  postgres : Execute initialization scripts				TAGS: [pg_init, postgres]
  postgres : Check primary instance ready				TAGS: [pg_init, postgres]
  postgres : Add dbsu password to pgpass if exists		TAGS: [pg_pass, postgres]
  postgres : Add system user to pgpass					TAGS: [pg_pass, postgres]
  postgres : Check replication connectivity to primary	TAGS: [pg_replica, postgres]
  postgres : Launch patroni on replica instances		TAGS: [pg_replica, postgres]
  postgres : Wait for patroni replica online			TAGS: [pg_replica, postgres]
  Wait for postgres replica online						TAGS: [pg_replica, postgres]
  Check replica postgres service ready					TAGS: [pg_replica, postgres]
  postgres : Render hba rules							TAGS: [pg_hba, postgres]
  postgres : Reload hba rules							TAGS: [pg_hba, postgres]
  postgres : Pause patroni								TAGS: [pg_patroni, postgres]
  postgres : Stop patroni on replica instance			TAGS: [pg_patroni, postgres]
  postgres : Stop patroni on primary instance			TAGS: [pg_patroni, postgres]
  Launch raw postgres on primary						TAGS: [pg_patroni, postgres]
  Launch raw postgres on primary						TAGS: [pg_patroni, postgres]
  Wait for postgres online								TAGS: [pg_patroni, postgres]
  postgres : Check pgbouncer is installed				TAGS: [pgbouncer, pgbouncer_check, postgres]
  postgres : Stop existing pgbouncer service			TAGS: [pgbouncer, pgbouncer_clean, postgres]
  postgres : Remove existing pgbouncer dirs				TAGS: [pgbouncer, pgbouncer_clean, postgres]
  Recreate dirs with owner postgres						TAGS: [pgbouncer, pgbouncer_clean, postgres]
  postgres : Copy /etc/pgbouncer/pgbouncer.ini			TAGS: [pgbouncer, pgbouncer_config, postgres]
  postgres : Copy /etc/pgbouncer/pgb_hba.conf			TAGS: [pgbouncer, pgbouncer_config, postgres]
  postgres : Touch userlist and database list			TAGS: [pgbouncer, pgbouncer_config, postgres]
  postgres : Add default users to pgbouncer				TAGS: [pgbouncer, pgbouncer_config, postgres]
  postgres : Copy pgbouncer systemd service				TAGS: [pgbouncer, pgbouncer_launch, postgres]
  postgres : Launch pgbouncer pool service				TAGS: [pgbouncer, pgbouncer_launch, postgres]
  postgres : Wait for pgbouncer service online			TAGS: [pgbouncer, pgbouncer_launch, postgres]
  postgres : Check pgbouncer service is ready			TAGS: [pgbouncer, pgbouncer_launch, postgres]
  postgres : Render business init script				TAGS: [business, pg_biz_config, pg_biz_init, postgres]
  postgres : Render database baseline sql				TAGS: [business, pg_biz_config, pg_biz_init, postgres]
  postgres : Execute business init script				TAGS: [business, pg_biz_init, postgres]
  postgres : Execute database baseline sql				TAGS: [business, pg_biz_init, postgres]
  postgres : Add pgbouncer busniess users				TAGS: [business, pg_biz_pgbouncer, postgres]
  postgres : Add pgbouncer busniess database			TAGS: [business, pg_biz_pgbouncer, postgres]
  postgres : Restart pgbouncer							TAGS: [business, pg_biz_pgbouncer, postgres]
  Copy postgres service definition						TAGS: [pg_register, postgres, register]
  postgres : Reload consul service						TAGS: [pg_register, postgres, register]
  postgres : Render grafana datasource definition		TAGS: [pg_grafana, postgres, register]
  postgres : Register datasource to grafana				TAGS: [pg_grafana, postgres, register]
  monitor : Create /etc/pg_exporter conf dir			TAGS: [monitor, pg_exporter]
  monitor : Copy default pg_exporter.yaml				TAGS: [monitor, pg_exporter]
  monitor : Config /etc/default/pg_exporter				TAGS: [monitor, pg_exporter]
  monitor : Config pg_exporter service unit				TAGS: [monitor, pg_exporter]
  monitor : Launch pg_exporter systemd service			TAGS: [monitor, pg_exporter]
  monitor : Wait for pg_exporter service online			TAGS: [monitor, pg_exporter]
  monitor : Register pg-exporter consul service			TAGS: [monitor, pg_exporter]
  monitor : Reload pg-exporter consul service			TAGS: [monitor, pg_exporter]
  monitor : Config pgbouncer_exporter opts				TAGS: [monitor, pgbouncer_exporter]
  monitor : Config pgbouncer_exporter service			TAGS: [monitor, pgbouncer_exporter]
  monitor : Launch pgbouncer_exporter service			TAGS: [monitor, pgbouncer_exporter]
  monitor : Wait for pgbouncer_exporter online			TAGS: [monitor, pgbouncer_exporter]
  monitor : Register pgb-exporter consul service		TAGS: [monitor, pgbouncer_exporter]
  monitor : Reload pgb-exporter consul service			TAGS: [monitor, pgbouncer_exporter]
  monitor : Copy node_exporter systemd service			TAGS: [monitor, node_exporter]
  monitor : Config default node_exporter options		TAGS: [monitor, node_exporter]
  monitor : Launch node_exporter service unit			TAGS: [monitor, node_exporter]
  monitor : Wait for node_exporter online				TAGS: [monitor, node_exporter]
  monitor : Register node-exporter service				TAGS: [monitor, node_exporter]
  monitor : Reload node-exporter consul service			TAGS: [monitor, node_exporter]
  proxy : Templating /etc/default/vip-manager.yml		TAGS: [proxy, vip]
  proxy : create vip-manager. systemd drop-in dir		TAGS: [proxy, vip]
  proxy : create vip-manager systemd drop-in file		TAGS: [proxy, vip]
  proxy : Launch vip-manager							TAGS: [proxy, vip]
  proxy : Set pg_instance in case of absence			TAGS: [haproxy, proxy]
  proxy : Fetch postgres cluster memberships			TAGS: [haproxy, proxy]
  Templating /etc/haproxyhaproxy.cfg					TAGS: [haproxy, proxy]
  Copy haproxy systemd service file						TAGS: [haproxy, proxy]
  Launch haproxy load balancer service					TAGS: [haproxy, proxy]
  Wait for haproxy load balancer online					TAGS: [haproxy, proxy]
  Copy haproxy service definition						TAGS: [haproxy_register, proxy]
  Reload haproxy consul service							TAGS: [haproxy_register, proxy]

5.5 - 集群模板

如何通过集群模版来定制您的数据库集群

Templates [DRAFT]

Customize

There are two ways to customize pigsty besides of variables, which are patroni template and initdb template

Patroni Template

For the sake of unification, Pigsty use patroni for cluster bootstrap even if you choose not enabling it at all. So you can customize your database cluster with patroni configuration.

Pigsty is shipped with four pre-defined patroni templates/

oltp.yml Common OTLP database cluster, default configuration
olap.yml OLAP database cluster, increasing throughput and long-run queries
crit.yml Critical database cluster which values security and intergity more than availability
tiny.yml Tiny database cluster that runs on small or virtual machine. Which is default for this demo

You can customize those templates or just write your own, and specify template path with variable pg_conf

Initdb Template

When database cluster is initialized. there’s a chance that user can intercede. E.g: create default roles and users, schemas, privilleges and so forth.

Pigsty will use ../roles/postgres/templates/pg-init as the default initdb scripts. It is a shell scripts run as dbsu that can do anything to a newly bootstrapped database.

The default initdb scripts will customize database according to following variables:

pg_default_username: postgres                 # non 'postgres' will create a default admin user (not superuser)
pg_default_password: postgres                 # dbsu password, omit for 'postgres'
pg_default_database: postgres                 # non 'postgres' will create a default database
pg_default_schema: public                     # default schema will be create under default database and used as first element of search_path
pg_default_extensions: "tablefunc,postgres_fdw,file_fdw,btree_gist,btree_gin,pg_trgm"

Of course, you can customize initdb template or just write your own. and specify template path with variable pg-init

定制初始化模板

在Pigsty中，除了上述的参数变量，还提供两种定制化的方式

数据库初始化模板

oltp.yml 常规OLTP模板，默认配置
olap.yml OLAP模板，提高并行度，针对吞吐量优化，针对长时间运行的查询进行优化。
crit.yml 核心业务模板，基于OLTP模板针对安全性，数据完整性进行优化，采用同步复制，启用数据校验和。
tiny.yml 微型数据库模板，针对低资源场景进行优化，例如运行于虚拟机中的演示数据库集群。

用户也可以基于上述模板进行定制与修改，并通过pg_conf参数使用相应的模板。

数据库初始化脚本

pg_default_username: postgres                 # non 'postgres' will create a default admin user (not superuser)
pg_default_password: postgres                 # dbsu password, omit for 'postgres'
pg_default_database: postgres                 # non 'postgres' will create a default database
pg_default_schema: public                     # default schema will be create under default database and used as first element of search_path
pg_default_extensions: "tablefunc,postgres_fdw,file_fdw,btree_gist,btree_gin,pg_trgm"

用户可以基于本脚本进行定制，并通过pg_init参数使用相应的自定义脚本。

5.6 - 服务发现

服务发现的工作原理与可选配置

Service Discovery [DRAFT]

Service Overview

Pigsty is intergreted with DCS based Service Discovery. All service are automatically registed to DCS. Which eliminate manual maintenance work on monitoring system. And you can see health status about all nodes and service in an intuitive way.

Consul is the only DCS that is supported (etcd will be added further). You can use consul as DNS service provider to achieve DNS based traffic routing.

Service Register

Service are registered by consul agent.

Service are defined in json format, put in /etc/consul.d/

each service have a json file named as svc-<service>.json

Take postgres service as an example:

{
  "service": {
    "name": "postgres",
    "port": {{ pg_port }},
    "tags": [
      "{{ pg_role }}",
      "{{ pg_cluster }}"
    ],
    "meta": {
      "type": "postgres",
      "role": "{{ pg_role }}",
      "seq": "{{ pg_seq }}",
      "instance": "{{ pg_instance }}",
      "service": "{{ pg_service }}",
      "cluster": "{{ pg_cluster }}",
      "version": "{{ pg_version }}"
    },
    "check": {
      "tcp": "127.0.0.1:{{ pg_port }}",
      "interval": "15s",
      "timeout": "1s"
    }
  }
}

Service Discovery

Prometheus can discover service from consul directly

  - job_name: pg
    # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config
    consul_sd_configs:
      - server: localhost:8500
        refresh_interval: 5s
        tags:
          - pg
          - exporter

Service Maintenance

Sometimes service metadata may change, it requires a consul reload to take effect.

Anti-Entropy script /pg/bin/pg-register will periodically check and fix postgres role. And it will be triggered when failover occurs.

blah blah

服务发现

Pigsty内置了基于DCS的配置管理与自动服务发现，用户可以直观地察看系统中的所有节点与服务信息，以及健康状态。Pigsty中的所有服务都会自动注册至DCS中，因此创建、销毁、修改数据库集群时，元数据会自动修正，监控系统能够自动发现监控目标，无需手动维护配置。

目前仅支持Consul作为DCS，用户亦可通过Consul提供的DNS与服务发现机制，实现基于DNS的自动流量切换。

6 - 任务

高可用演练，数据库试用，一些可以在Pigsty中探索的任务

在配置完Pigsty后，您可以用它做一些有趣的探索与实验。

6.1 - 访问数据库

Pigsty提供多种多样的策略来控制对数据库的访问

Database Access [DRAFT]

You can access provisioned database cluster via different approach. Take standard demo as an example:

If you want ultimate performance and complete database features, connect to 5432 (or haproxy, routes to 5432)
If you have thousands of perishable connections, using pgbouncer via 6432 (or haproxy, routes to 6432, default).
If you wish to connect to cluster primary via any cluster member, using haproxy primary via 5433 (to primary 5432/6432).
If you wish to connect to cluster replica via any cluster member, using haproxy replica via 5434 (to replicas 5432/6432)

VIP:              10.10.10.3 → active_primary([10.10.10.11, 10.10.10.12, 10.10.10.13])
DNS:              pg-test  → 10.10.10.3 (VIP)
                  pg-test-primary → active_primary([10.10.10.11, 10.10.10.12, 10.10.10.13])
                  pg-test-replica → active_replicas([10.10.10.11, 10.10.10.12, 10.10.10.13]) 
 
Primary Raw:      postgres://10.10.10.11
Primary Raw Pool: postgres://10.10.10.11:6432
Primary Raw Auto: postgres://10.10.10.11,10.10.10.12,10.10.10.13?target_session_attrs=read-write
Primary VIP:      postgres://10.10.10.2
Primary Proxy:    postgres://10.10.10.11:5433 , postgres://10.10.10.12:5433, postgres://10.10.10.13:5433
Primary DNS:      postgres://pg-test ,  postgres://pg-test:5433, postgres://pg-test-primary

Replica Raw:      postgres://10.10.10.12,      postgres://10.10.10.13
Replica Raw Pool: postgres://10.10.10.12:6432, postgres://10.10.10.13:6432
Replica Raw Auto: postgres://10.10.10.11,10.10.10.12,10.10.10.13:5432
Replica Proxy:    postgres://10.10.10.11:5434 , postgres://10.10.10.12:5434, postgres://10.10.10.13:5434
Replica DNS:      postgres://pg-test:5434, postgres://pg-test-replica

Default VIP for pg-meta is 10.10.10.2 , and default VIP for pg-test is 10.10.10.3.

6.2 - 加载数据

以ISD数据集为例，展现如何将数据导入数据库中

ISD数据集简介

6.3 - 慢查询优化

利用监控系统定位数据库系统中的慢查询

一个典型的慢查询

6.4 - 高可用演练

做好准备，测试Pigsty在系统故障时的表现！

HA Guide [DRAFT]

Quick Start

Use patronictl to trigger failover or switchover.

alias pt='patronictl -c /pg/bin/patroni.yml'

Failover

# run as postgres @ any member of cluster `pg-test`
$ pt failover
Candidate ['pg-test-2', 'pg-test-3'] []: pg-test-3
Current cluster topology
+ Cluster: pg-test (6886641621295638555) -----+----+-----------+-----------------+
| Member    | Host        | Role    | State   | TL | Lag in MB | Tags            |
+-----------+-------------+---------+---------+----+-----------+-----------------+
| pg-test-1 | 10.10.10.11 | Leader  | running |  1 |           | clonefrom: true |
| pg-test-2 | 10.10.10.12 | Replica | running |  1 |         0 | clonefrom: true |
| pg-test-3 | 10.10.10.13 | Replica | running |  1 |         0 | clonefrom: true |
+-----------+-------------+---------+---------+----+-----------+-----------------+
Are you sure you want to failover cluster pg-test, demoting current master pg-test-1? [y/N]: y
+ Cluster: pg-test (6886641621295638555) -----+----+-----------+-----------------+
| Member    | Host        | Role    | State   | TL | Lag in MB | Tags            |
+-----------+-------------+---------+---------+----+-----------+-----------------+
| pg-test-1 | 10.10.10.11 | Replica | running |  2 |         0 | clonefrom: true |
| pg-test-2 | 10.10.10.12 | Replica | running |  2 |         0 | clonefrom: true |
| pg-test-3 | 10.10.10.13 | Leader  | running |  2 |           | clonefrom: true |
+-----------+-------------+---------+---------+----+-----------+-----------------+

Switchover

$ pt switchover
Master [pg-test-3]: pg-test-3
Candidate ['pg-test-1', 'pg-test-2'] []: pg-test-1
When should the switchover take place (e.g. 2020-10-23T17:06 )  [now]: now
Current cluster topology
+ Cluster: pg-test (6886641621295638555) -----+----+-----------+-----------------+
| Member    | Host        | Role    | State   | TL | Lag in MB | Tags            |
+-----------+-------------+---------+---------+----+-----------+-----------------+
| pg-test-1 | 10.10.10.11 | Replica | running |  2 |         0 | clonefrom: true |
| pg-test-2 | 10.10.10.12 | Replica | running |  2 |         0 | clonefrom: true |
| pg-test-3 | 10.10.10.13 | Leader  | running |  2 |           | clonefrom: true |
+-----------+-------------+---------+---------+----+-----------+-----------------+
Are you sure you want to switchover cluster pg-test, demoting current master pg-test-3? [y/N]: y
2020-10-23 16:06:11.76252 Successfully switched over to "pg-test-1"

Maintenance Mode

https://patroni.readthedocs.io/en/latest/pause.html

pt pause <cluster>

HA Procedure

Failure Detection

https://patroni.readthedocs.io/en/latest/SETTINGS.html#dynamic-configuration-settings

Fencing

Configure Watchdog

https://patroni.readthedocs.io/en/latest/watchdog.html

Bad Cases

Traffic Routing

DNS

VIP

HAproxy

Pgbouncer

7 - 示例

在不同的环境中部署Pigsty

This is a placeholder page that shows you how to use this template site.

Do you have any example applications or code for your users in your repo or elsewhere? Link to your examples here.

Here is the default example for local vagrant sandbox

Vagrant Development Example

Here is an example config for vagrant local 4-node environment

---
######################################################################
# File      :   dev.yml
# Path      :   conf/dev.yml
# Desc      :   Configuration file for development (demo) environment
# Note      :   follow ansible inventory file format
# Ctime     :   2020-05-22
# Mtime     :   2020-12-22
# Copyright (C) 2019-2021 Ruohang Feng
######################################################################


######################################################################
#               Development Environment Inventory                    #
######################################################################
all: # top-level namespace, match all hosts


  #==================================================================#
  #                           Clusters                               #
  #==================================================================#
  children: # top-level groups, one group per database cluster (and special group 'meta')

    #-----------------------------
    # meta controller
    #-----------------------------
    meta: # special group 'meta' defines the main controller machine
      vars:
        meta_node: true                     # mark node as meta controller
        ansible_group_priority: 99          # meta group is top priority

      # nodes in meta group
      hosts: {10.10.10.10: {ansible_host: meta}}

    #-----------------------------
    # cluster: pg-meta
    #-----------------------------
    pg-meta:

      # - cluster members - #
      hosts:
        10.10.10.10: {pg_seq: 1, pg_role: primary, ansible_host: meta}

      # - cluster configs - #
      vars:
        pg_cluster: pg-meta                 # define actual cluster name
        pg_version: 13                      # define installed pgsql version
        node_tune: oltp                     # tune node into oltp|olap|crit|tiny mode
        pg_conf: oltp.yml                   # tune pgsql into oltp/olap/crit/tiny mode
        patroni_mode: pause                 # enter maintenance mode, {default|pause|remove}
        patroni_watchdog_mode: off          # disable watchdog (require|automatic|off)
        pg_users:                           # create a business user named 'dbuser_meta'
          - {username: dbuser_meta, password: DBUser.Meta, groups: [dbrole_readwrite]}
        pg_databases:                       # create a business database 'meta'
          - name: meta
            schemas: [meta]                 # create extra schema named 'meta'
            extensions: [{name: postgis}]   # create extra extension postgis
            parameters:                     # overwrite database meta's default search_path
              search_path: public, monitor
        pg_default_database: meta           # default database will be used as primary monitor target

        # proxy settings
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.2             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip


    #-----------------------------
    # cluster: pg-test
    #-----------------------------
    pg-test: # define cluster named 'pg-test'
      # - cluster members - #
      hosts:
        10.10.10.11: {pg_seq: 1, pg_role: primary, ansible_host: node-1}
        10.10.10.12: {pg_seq: 1, pg_role: replica, ansible_host: node-2}
        10.10.10.13: {pg_seq: 1, pg_role: replica, ansible_host: node-3}
      # - cluster configs - #
      vars:
        # basic settings
        pg_cluster: pg-test                 # define actual cluster name
        pg_version: 13                      # define installed pgsql version
        node_tune: tiny                     # tune node into oltp|olap|crit|tiny mode
        pg_conf: tiny.yml                   # tune pgsql into oltp/olap/crit/tiny mode

        pg_users:
          - username: test
            password: test
            comment: default test user
            groups: [ dbrole_readwrite ]
        pg_databases:                       # create a business database 'test'
          - name: test
            extensions: [{name: postgis}]   # create extra extension postgis
            parameters:                     # overwrite database meta's default search_path
              search_path: public,monitor
        pg_default_database: test           # default database will be used as primary monitor target

        # proxy settings
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.3             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip



  #==================================================================#
  #                           Globals                                #
  #==================================================================#
  vars:

    #------------------------------------------------------------------------------
    # CONNECTION PARAMETERS
    #------------------------------------------------------------------------------
    # this section defines connection parameters

    # ansible_user: vagrant             # admin user with ssh access and sudo privilege

    proxy_env: # global proxy env when downloading packages
      # http_proxy: 'http://xxxxxx'
      # https_proxy: 'http://xxxxxx'
      # all_proxy: 'http://xxxxxx'
      no_proxy: "localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16,*.pigsty,*.aliyun.com"

    #------------------------------------------------------------------------------
    # REPO PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to build a local repo

    repo_enabled: true                            # build local yum repo on meta nodes?
    repo_name: pigsty                             # local repo name
    repo_address: yum.pigsty                      # repo external address (ip:port or url)
    repo_port: 80                                 # listen address, must same as repo_address
    repo_home: /www                               # default repo dir location
    repo_rebuild: false                           # force re-download packages
    repo_remove: true                             # remove existing repos

    # - where to download - #
    repo_upstreams:
      - name: base
        description: CentOS-$releasever - Base - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: updates
        description: CentOS-$releasever - Updates - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: extras
        description: CentOS-$releasever - Extras - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: epel
        description: CentOS $releasever - EPEL - Aliyun Mirror
        baseurl: http://mirrors.aliyun.com/epel/$releasever/$basearch
        gpgcheck: no
        failovermethod: priority

      - name: grafana
        description: Grafana - TsingHua Mirror
        gpgcheck: no
        baseurl: https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm

      - name: prometheus
        description: Prometheus and exporters
        gpgcheck: no
        baseurl: https://packagecloud.io/prometheus-rpm/release/el/$releasever/$basearch

      - name: pgdg-common
        description: PostgreSQL common RPMs for RHEL/CentOS $releasever - $basearch
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-$releasever-$basearch

      - name: pgdg13
        description: PostgreSQL 13 for RHEL/CentOS $releasever - $basearch - Updates testing
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch

      - name: centos-sclo
        description: CentOS-$releasever - SCLo
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-sclo

      - name: centos-sclo-rh
        description: CentOS-$releasever - SCLo rh
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-rh

      - name: nginx
        description: Nginx Official Yum Repo
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: http://nginx.org/packages/centos/$releasever/$basearch/

      - name: haproxy
        description: Copr repo for haproxy
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: https://download.copr.fedorainfracloud.org/results/roidelapluie/haproxy/epel-$releasever-$basearch/

      # for latest consul & kubernetes
      - name: harbottle
        description: Copr repo for main owned by harbottle
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: https://download.copr.fedorainfracloud.org/results/harbottle/main/epel-$releasever-$basearch/


    # - what to download - #
    repo_packages:
      # repo bootstrap packages
      - epel-release nginx wget yum-utils yum createrepo                                      # bootstrap packages

      # node basic packages
      - ntp chrony uuid lz4 nc pv jq vim-enhanced make patch bash lsof wget unzip git tuned   # basic system util
      - readline zlib openssl libyaml libxml2 libxslt perl-ExtUtils-Embed ca-certificates     # basic pg dependency
      - numactl grubby sysstat dstat iotop bind-utils net-tools tcpdump socat ipvsadm telnet  # system utils

      # dcs & monitor packages
      - grafana prometheus2 pushgateway alertmanager                                          # monitor and ui
      - node_exporter postgres_exporter nginx_exporter blackbox_exporter                      # exporter
      - consul consul_exporter consul-template etcd                                           # dcs

      # python3 dependencies
      - ansible python python-pip python-psycopg2                                             # ansible & python
      - python3 python3-psycopg2 python36-requests python3-etcd python3-consul                # python3
      - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography               # python3 patroni extra deps

      # proxy and load balancer
      - haproxy keepalived dnsmasq                                                            # proxy and dns

      # postgres common Packages
      - patroni patroni-consul patroni-etcd pgbouncer pg_cli pgbadger pg_activity               # major components
      - pgcenter boxinfo check_postgres emaj pgbconsole pg_bloat_check pgquarrel                # other common utils
      - barman barman-cli pgloader pgFormatter pitrery pspg pgxnclient PyGreSQL pgadmin4 tail_n_mail

      # postgres 13 packages
      - postgresql13* postgis31* citus_13 pgrouting_13                                          # postgres 13 and postgis 31
      - pg_repack13 pg_squeeze13                                                                # maintenance extensions
      - pg_qualstats13 pg_stat_kcache13 system_stats_13 bgw_replstatus13                        # stats extensions
      - plr13 plsh13 plpgsql_check_13 plproxy13 plr13 plsh13 plpgsql_check_13 pldebugger13      # PL extensions                                      # pl extensions
      - hdfs_fdw_13 mongo_fdw13 mysql_fdw_13 ogr_fdw13 redis_fdw_13 pgbouncer_fdw13             # FDW extensions
      - wal2json13 count_distinct13 ddlx_13 geoip13 orafce13                                    # MISC extensions
      - rum_13 hypopg_13 ip4r13 jsquery_13 logerrors_13 periods_13 pg_auto_failover_13 pg_catcheck13
      - pg_fkpart13 pg_jobmon13 pg_partman13 pg_prioritize_13 pg_track_settings13 pgaudit15_13
      - pgcryptokey13 pgexportdoc13 pgimportdoc13 pgmemcache-13 pgmp13 pgq-13
      - pguint13 pguri13 prefix13  safeupdate_13 semver13  table_version13 tdigest13


    repo_url_packages:
      - https://github.com/Vonng/pg_exporter/releases/download/v0.3.1/pg_exporter-0.3.1-1.el7.x86_64.rpm
      - https://github.com/cybertec-postgresql/vip-manager/releases/download/v0.6/vip-manager_0.6-1_amd64.rpm
      - http://guichaz.free.fr/polysh/files/polysh-0.4-1.noarch.rpm





    #------------------------------------------------------------------------------
    # NODE PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to provision nodes

    # - node dns - #
    node_dns_hosts: # static dns records in /etc/hosts
      - 10.10.10.10 yum.pigsty
    node_dns_server: add                          # add (default) | none (skip) | overwrite (remove old settings)
    node_dns_servers: # dynamic nameserver in /etc/resolv.conf
      - 10.10.10.10
    node_dns_options: # dns resolv options
      - options single-request-reopen timeout:1 rotate
      - domain service.consul

    # - node repo - #
    node_repo_method: local                       # none|local|public (use local repo for production env)
    node_repo_remove: true                        # whether remove existing repo
    # local repo url (if method=local, make sure firewall is configured or disabled)
    node_local_repo_url:
      - http://yum.pigsty/pigsty.repo

    # - node packages - #
    node_packages: # common packages for all nodes
      - wget,yum-utils,ntp,chrony,tuned,uuid,lz4,vim-minimal,make,patch,bash,lsof,wget,unzip,git,readline,zlib,openssl
      - numactl,grubby,sysstat,dstat,iotop,bind-utils,net-tools,tcpdump,socat,ipvsadm,telnet,tuned,pv,jq
      - python3,python3-psycopg2,python36-requests,python3-etcd,python3-consul
      - python36-urllib3,python36-idna,python36-pyOpenSSL,python36-cryptography
      - node_exporter,consul,consul-template,etcd,haproxy,keepalived,vip-manager
    node_extra_packages: # extra packages for all nodes
      - patroni,patroni-consul,patroni-etcd,pgbouncer,pgbadger,pg_activity
    node_meta_packages: # packages for meta nodes only
      - grafana,prometheus2,alertmanager,nginx_exporter,blackbox_exporter,pushgateway
      - dnsmasq,nginx,ansible,pgbadger,polysh

    # - node features - #
    node_disable_numa: false                      # disable numa, important for production database, reboot required
    node_disable_swap: false                      # disable swap, important for production database
    node_disable_firewall: true                   # disable firewall (required if using kubernetes)
    node_disable_selinux: true                    # disable selinux  (required if using kubernetes)
    node_static_network: true                     # keep dns resolver settings after reboot
    node_disk_prefetch: false                     # setup disk prefetch on HDD to increase performance

    # - node kernel modules - #
    node_kernel_modules:
      - softdog
      - br_netfilter
      - ip_vs
      - ip_vs_rr
      - ip_vs_rr
      - ip_vs_wrr
      - ip_vs_sh
      - nf_conntrack_ipv4

    # - node tuned - #
    node_tune: tiny                               # install and activate tuned profile: none|oltp|olap|crit|tiny
    node_sysctl_params: # set additional sysctl parameters, k:v format
      net.bridge.bridge-nf-call-iptables: 1       # for kubernetes

    # - node user - #
    node_admin_setup: true                        # setup an default admin user ?
    node_admin_uid: 88                            # uid and gid for admin user
    node_admin_username: admin                    # default admin user
    node_admin_ssh_exchange: true                 # exchange ssh key among cluster ?
    node_admin_pks: # public key list that will be installed
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC7IMAMNavYtWwzAJajKqwdn3ar5BhvcwCnBTxxEkXhGlCO2vfgosSAQMEflfgvkiI5nM1HIFQ8KINlx1XLO7SdL5KdInG5LIJjAFh0pujS4kNCT9a5IGvSq1BrzGqhbEcwWYdju1ZPYBcJm/MG+JD0dYCh8vfrYB/cYMD0SOmNkQ== vagrant@pigsty.com'

    # - node ntp - #
    node_ntp_service: ntp                         # ntp or chrony
    node_ntp_config: true                         # overwrite existing ntp config?
    node_timezone: Asia/Shanghai                  # default node timezone
    node_ntp_servers: # default NTP servers
      - pool cn.pool.ntp.org iburst
      - pool pool.ntp.org iburst
      - pool time.pool.aliyun.com iburst
      - server 10.10.10.10 iburst


    #------------------------------------------------------------------------------
    # META PROVISION
    #------------------------------------------------------------------------------
    # - ca - #
    ca_method: create                             # create|copy|recreate
    ca_subject: "/CN=root-ca"                     # self-signed CA subject
    ca_homedir: /ca                               # ca cert directory
    ca_cert: ca.crt                               # ca public key/cert
    ca_key: ca.key                                # ca private key

    # - nginx - #
    nginx_upstream:
      - {name: home,           host: pigsty,   url: "127.0.0.1:3000"}
      - { name: consul,        host: c.pigsty, url: "127.0.0.1:8500" }
      - { name: grafana,       host: g.pigsty, url: "127.0.0.1:3000" }
      - { name: prometheus,    host: p.pigsty, url: "127.0.0.1:9090" }
      - { name: alertmanager,  host: a.pigsty, url: "127.0.0.1:9093" }

    # - nameserver - #
    dns_records: # dynamic dns record resolved by dnsmasq
      - 10.10.10.2  pg-meta                       # sandbox vip for pg-meta
      - 10.10.10.3  pg-test                       # sandbox vip for pg-test
      - 10.10.10.10 meta-1                        # sandbox node meta-1 (node-0)
      - 10.10.10.11 node-1                        # sandbox node node-1
      - 10.10.10.12 node-2                        # sandbox node node-2
      - 10.10.10.13 node-3                        # sandbox node node-3
      - 10.10.10.10 pigsty
      - 10.10.10.10 y.pigsty yum.pigsty
      - 10.10.10.10 c.pigsty consul.pigsty
      - 10.10.10.10 g.pigsty grafana.pigsty
      - 10.10.10.10 p.pigsty prometheus.pigsty
      - 10.10.10.10 a.pigsty alertmanager.pigsty
      - 10.10.10.10 n.pigsty ntp.pigsty

    # - prometheus - #
    prometheus_scrape_interval: 2s                # global scrape & evaluation interval (2s for dev, 15s for prod)
    prometheus_scrape_timeout: 1s                 # global scrape timeout (1s for dev, 1s for prod)
    prometheus_metrics_path: /metrics             # default metrics path (only affect job 'pg')
    prometheus_data_dir: /export/prometheus/data  # prometheus data dir
    prometheus_retention: 30d                     # how long to keep

    # - grafana - #
    grafana_url: http://admin:admin@10.10.10.10:3000 # grafana url
    grafana_admin_password: admin                  # default grafana admin user password
    grafana_plugin: install                        # none|install|reinstall
    grafana_cache: /www/pigsty/grafana/plugins.tar.gz # path to grafana plugins tarball
    grafana_customize: true                        # customize grafana resources
    grafana_plugins: # default grafana plugins list
      - redis-datasource
      - simpod-json-datasource
      - fifemon-graphql-datasource
      - sbueringer-consul-datasource
      - camptocamp-prometheus-alertmanager-datasource
      - ryantxu-ajax-panel
      - marcusolsson-hourly-heatmap-panel
      - michaeldmoore-multistat-panel
      - marcusolsson-treemap-panel
      - pr0ps-trackmap-panel
      - dalvany-image-panel
      - magnesium-wordcloud-panel
      - cloudspout-button-panel
      - speakyourcode-button-panel
      - jdbranham-diagram-panel
      - grafana-piechart-panel
      - snuids-radar-panel
      - digrich-bubblechart-panel
    grafana_git_plugins:
      - https://github.com/Vonng/grafana-echarts



    #------------------------------------------------------------------------------
    # DCS PROVISION
    #------------------------------------------------------------------------------
    dcs_type: consul                              # consul | etcd | both
    dcs_name: pigsty                              # consul dc name | etcd initial cluster token
    # dcs server dict in name:ip format
    dcs_servers:
      meta-1: 10.10.10.10                         # you could use existing dcs cluster
      # meta-2: 10.10.10.11                       # host which have their IP listed here will be init as server
      # meta-3: 10.10.10.12                       # 3 or 5 dcs nodes are recommend for production environment

    dcs_exists_action: skip                       # abort|skip|clean if dcs server already exists
    consul_data_dir: /var/lib/consul              # consul data dir (/var/lib/consul by default)
    etcd_data_dir: /var/lib/etcd                  # etcd data dir (/var/lib/consul by default)


    #------------------------------------------------------------------------------
    # POSTGRES INSTALLATION
    #------------------------------------------------------------------------------
    # - dbsu - #
    pg_dbsu: postgres                             # os user for database, postgres by default (change it is not recommended!)
    pg_dbsu_uid: 26                               # os dbsu uid and gid, 26 for default postgres users and groups
    pg_dbsu_sudo: limit                           # none|limit|all|nopass (Privilege for dbsu, limit is recommended)
    pg_dbsu_home: /var/lib/pgsql                  # postgresql binary
    pg_dbsu_ssh_exchange: false                   # exchange ssh key among same cluster

    # - postgres packages - #
    pg_version: 13                                # default postgresql version
    pgdg_repo: false                              # use official pgdg yum repo (disable if you have local mirror)
    pg_add_repo: false                            # add postgres related repo before install (useful if you want a simple install)
    pg_bin_dir: /usr/pgsql/bin                    # postgres binary dir
    pg_packages:
      - postgresql${pg_version}*
      - postgis31_${pg_version}*
      - pgbouncer patroni pg_exporter pgbadger
      - patroni patroni-consul patroni-etcd pgbouncer pgbadger pg_activity
      - python3 python3-psycopg2 python36-requests python3-etcd python3-consul
      - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography

    pg_extensions:
      - pg_repack${pg_version} pg_qualstats${pg_version} pg_stat_kcache${pg_version} wal2json${pg_version}
      # - ogr_fdw${pg_version} mysql_fdw_${pg_version} redis_fdw_${pg_version} mongo_fdw${pg_version} hdfs_fdw_${pg_version}
      # - count_distinct${version}  ddlx_${version}  geoip${version}  orafce${version}                                   # popular features
      # - hypopg_${version}  ip4r${version}  jsquery_${version}  logerrors_${version}  periods_${version}  pg_auto_failover_${version}  pg_catcheck${version}
      # - pg_fkpart${version}  pg_jobmon${version}  pg_partman${version}  pg_prioritize_${version}  pg_track_settings${version}  pgaudit15_${version}
      # - pgcryptokey${version}  pgexportdoc${version}  pgimportdoc${version}  pgmemcache-${version}  pgmp${version}  pgq-${version}  pgquarrel pgrouting_${version}
      # - pguint${version}  pguri${version}  prefix${version}   safeupdate_${version}  semver${version}   table_version${version}  tdigest${version}



    #------------------------------------------------------------------------------
    # POSTGRES PROVISION
    #------------------------------------------------------------------------------
    # - identity - #
    # pg_cluster:                                 # [REQUIRED] cluster name (validated during pg_preflight)
    # pg_seq: 0                                   # [REQUIRED] instance seq (validated during pg_preflight)
    # pg_role: replica                            # [REQUIRED] service role (validated during pg_preflight)
    pg_hostname: false                            # overwrite node hostname with pg instance name
    pg_nodename: true                             # overwrite consul nodename with pg instance name

    # - retention - #
    # pg_exists_action, available options: abort|clean|skip
    #  - abort: abort entire play's execution (default)
    #  - clean: remove existing cluster (dangerous)
    #  - skip: end current play for this host
    # pg_exists: false                            # auxiliary flag variable (DO NOT SET THIS)
    pg_exists_action: clean

    # - storage - #
    pg_data: /pg/data                             # postgres data directory
    pg_fs_main: /export                           # data disk mount point     /pg -> {{ pg_fs_main }}/postgres/{{ pg_instance }}
    pg_fs_bkup: /var/backups                      # backup disk mount point   /pg/* -> {{ pg_fs_bkup }}/postgres/{{ pg_instance }}/*

    # - connection - #
    pg_listen: '0.0.0.0'                          # postgres listen address, '0.0.0.0' by default (all ipv4 addr)
    pg_port: 5432                                 # postgres port (5432 by default)

    # - patroni - #
    # patroni_mode, available options: default|pause|remove
    #   - default: default ha mode
    #   - pause:   into maintenance mode
    #   - remove:  remove patroni after bootstrap
    patroni_mode: default                         # pause|default|remove
    pg_namespace: /pg                             # top level key namespace in dcs
    patroni_port: 8008                            # default patroni port
    patroni_watchdog_mode: automatic              # watchdog mode: off|automatic|required
    pg_conf: tiny.yml                             # user provided patroni config template path

    # - pgbouncer - #
    pgbouncer_port: 6432                          # default pgbouncer port
    pgbouncer_poolmode: transaction               # default pooling mode: transaction pooling
    pgbouncer_max_db_conn: 100                    # important! do not set this larger than postgres max conn or conn limit

    # - template - #
    pg_init: pg-init                              # init script for cluster template

    # - system roles - #
    pg_replication_username: replicator           # system replication user
    pg_replication_password: DBUser.Replicator    # system replication password
    pg_monitor_username: dbuser_monitor           # system monitor user
    pg_monitor_password: DBUser.Monitor           # system monitor password
    pg_admin_username: dbuser_admin               # system admin user
    pg_admin_password: DBUser.Admin               # system admin password

    # - default roles - #
    pg_default_roles:
      - username: dbrole_readonly                 # sample user:
        options: NOLOGIN                          # role can not login
        comment: role for readonly access         # comment string

      - username: dbrole_readwrite                # sample user: one object for each user
        options: NOLOGIN
        comment: role for read-write access
        groups: [ dbrole_readonly ]               # read-write includes read-only access

      - username: dbrole_admin                    # sample user: one object for each user
        options: NOLOGIN BYPASSRLS                # admin can bypass row level security
        comment: role for object creation
        groups: [dbrole_readwrite,pg_monitor,pg_signal_backend]

      # NOTE: replicator, monitor, admin password are overwrite by separated config entry
      - username: postgres                        # reset dbsu password to NULL (if dbsu is not postgres)
        options: SUPERUSER LOGIN
        comment: system superuser

      - username: replicator
        options: REPLICATION LOGIN
        groups: [pg_monitor, dbrole_readonly]
        comment: system replicator

      - username: dbuser_monitor
        options: LOGIN CONNECTION LIMIT 10
        comment: system monitor user
        groups: [pg_monitor, dbrole_readonly]

      - username: dbuser_admin
        options: LOGIN BYPASSRLS
        comment: system admin user
        groups: [dbrole_admin]

      - username: dbuser_stats
        password: DBUser.Stats
        options: LOGIN
        comment: business read-only user for statistics
        groups: [dbrole_readonly]


    # object created by dbsu and admin will have their privileges properly set
    pg_default_privilegs:
      - GRANT USAGE                         ON SCHEMAS   TO dbrole_readonly
      - GRANT SELECT                        ON TABLES    TO dbrole_readonly
      - GRANT SELECT                        ON SEQUENCES TO dbrole_readonly
      - GRANT EXECUTE                       ON FUNCTIONS TO dbrole_readonly
      - GRANT INSERT, UPDATE, DELETE        ON TABLES    TO dbrole_readwrite
      - GRANT USAGE,  UPDATE                ON SEQUENCES TO dbrole_readwrite
      - GRANT TRUNCATE, REFERENCES, TRIGGER ON TABLES    TO dbrole_admin
      - GRANT CREATE                        ON SCHEMAS   TO dbrole_admin
      - GRANT USAGE                         ON TYPES     TO dbrole_admin

    # schemas
    pg_default_schemas: [monitor]

    # extension
    pg_default_extensions:
      - { name: 'pg_stat_statements',  schema: 'monitor' }
      - { name: 'pgstattuple',         schema: 'monitor' }
      - { name: 'pg_qualstats',        schema: 'monitor' }
      - { name: 'pg_buffercache',      schema: 'monitor' }
      - { name: 'pageinspect',         schema: 'monitor' }
      - { name: 'pg_prewarm',          schema: 'monitor' }
      - { name: 'pg_visibility',       schema: 'monitor' }
      - { name: 'pg_freespacemap',     schema: 'monitor' }
      - { name: 'pg_repack',           schema: 'monitor' }
      - name: postgres_fdw
      - name: file_fdw
      - name: btree_gist
      - name: btree_gin
      - name: pg_trgm
      - name: intagg
      - name: intarray

    # postgres host-based authentication rules
    pg_hba_rules:
      - title: allow meta node password access
        role: common
        rules:
          - host    all     all                         10.10.10.10/32      md5

      - title: allow intranet admin password access
        role: common
        rules:
          - host    all     +dbrole_admin               10.0.0.0/8          md5
          - host    all     +dbrole_admin               172.16.0.0/12       md5
          - host    all     +dbrole_admin               192.168.0.0/16      md5

      - title: allow intranet password access
        role: common
        rules:
          - host    all             all                 10.0.0.0/8          md5
          - host    all             all                 172.16.0.0/12       md5
          - host    all             all                 192.168.0.0/16      md5

      - title: allow local read-write access (local production user via pgbouncer)
        role: common
        rules:
          - local   all     +dbrole_readwrite                               md5
          - host    all     +dbrole_readwrite           127.0.0.1/32        md5

      - title: allow read-only user (stats, personal) password directly access
        role: replica
        rules:
          - local   all     +dbrole_readonly                               md5
          - host    all     +dbrole_readonly           127.0.0.1/32        md5

    # pgbouncer host-based authentication rules
    pgbouncer_hba_rules:
      - title: local password access
        role: common
        rules:
          - local  all          all                                     md5
          - host   all          all                     127.0.0.1/32    md5

      - title: intranet password access
        role: common
        rules:
          - host   all          all                     10.0.0.0/8      md5
          - host   all          all                     172.16.0.0/12   md5
          - host   all          all                     192.168.0.0/16  md5

    #------------------------------------------------------------------------------
    # MONITOR PROVISION
    #------------------------------------------------------------------------------
    # - monitor options -
    pg_exporter_config: pg_exporter-demo.yaml     # default config files for pg_exporter
    node_exporter_port: 9100                      # default port for node exporter
    pg_exporter_port: 9630                        # default port for pg exporter
    pgbouncer_exporter_port: 9631                 # default port for pgbouncer exporter
    exporter_metrics_path: /metrics               # default metric path for pg related exporter
    pg_localhost: /var/run/postgresql             # localhost unix socket path


    #------------------------------------------------------------------------------
    # PROXY PROVISION
    #------------------------------------------------------------------------------
    # - haproxy - #
    haproxy_enabled: true                         # enable haproxy among every cluster members
    haproxy_policy: leastconn                     # roundrobin, leastconn
    haproxy_admin_username: admin                 # default haproxy admin username
    haproxy_admin_password: admin                 # default haproxy admin password
    haproxy_client_timeout: 3h                    # client side connection timeout
    haproxy_server_timeout: 3h                    # server side connection timeout
    haproxy_exporter_port: 9101                   # default admin/exporter port
    haproxy_check_port: 8008                      # default health check port (patroni 8008 by default)
    haproxy_primary_port: 5433                    # default primary port 5433
    haproxy_replica_port: 5434                    # default replica port 5434
    haproxy_backend_port: 6432                    # default target port: pgbouncer:6432 postgres:5432

    # - vip - #
    # vip_enabled: true                             # level2 vip requires primary/standby under same switch
    # vip_address: 127.0.0.1                      # virtual ip address ip/cidr
    # vip_cidrmask: 32                            # virtual ip address cidr mask
    # vip_interface: eth0                         # virtual ip network interface

...

7.1 - Vagrant沙箱环境

针对本地Vagrant沙箱的Pigsty配置示例

Vagrant Development Example

Here is an example config for vagrant local 4-node environment

---
######################################################################
# File      :   dev.yml
# Path      :   conf/dev.yml
# Desc      :   Configuration file for development (demo) environment
# Note      :   follow ansible inventory file format
# Ctime     :   2020-05-22
# Mtime     :   2020-12-22
# Copyright (C) 2019-2021 Ruohang Feng
######################################################################


######################################################################
#               Development Environment Inventory                    #
######################################################################
all: # top-level namespace, match all hosts


  #==================================================================#
  #                           Clusters                               #
  #==================================================================#
  children: # top-level groups, one group per database cluster (and special group 'meta')

    #-----------------------------
    # meta controller
    #-----------------------------
    meta: # special group 'meta' defines the main controller machine
      vars:
        meta_node: true                     # mark node as meta controller
        ansible_group_priority: 99          # meta group is top priority

      # nodes in meta group
      hosts: {10.10.10.10: {ansible_host: meta}}

    #-----------------------------
    # cluster: pg-meta
    #-----------------------------
    pg-meta:

      # - cluster members - #
      hosts:
        10.10.10.10: {pg_seq: 1, pg_role: primary, ansible_host: meta}

      # - cluster configs - #
      vars:
        pg_cluster: pg-meta                 # define actual cluster name
        pg_version: 13                      # define installed pgsql version
        node_tune: oltp                     # tune node into oltp|olap|crit|tiny mode
        pg_conf: oltp.yml                   # tune pgsql into oltp/olap/crit/tiny mode
        patroni_mode: pause                 # enter maintenance mode, {default|pause|remove}
        patroni_watchdog_mode: off          # disable watchdog (require|automatic|off)
        pg_users:                           # create a business user named 'dbuser_meta'
          - {username: dbuser_meta, password: DBUser.Meta, groups: [dbrole_readwrite]}
        pg_databases:                       # create a business database 'meta'
          - name: meta
            schemas: [meta]                 # create extra schema named 'meta'
            extensions: [{name: postgis}]   # create extra extension postgis
            parameters:                     # overwrite database meta's default search_path
              search_path: public, monitor
        pg_default_database: meta           # default database will be used as primary monitor target

        # proxy settings
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.2             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip


    #-----------------------------
    # cluster: pg-test
    #-----------------------------
    pg-test: # define cluster named 'pg-test'
      # - cluster members - #
      hosts:
        10.10.10.11: {pg_seq: 1, pg_role: primary, ansible_host: node-1}
        10.10.10.12: {pg_seq: 1, pg_role: replica, ansible_host: node-2}
        10.10.10.13: {pg_seq: 1, pg_role: replica, ansible_host: node-3}
      # - cluster configs - #
      vars:
        # basic settings
        pg_cluster: pg-test                 # define actual cluster name
        pg_version: 13                      # define installed pgsql version
        node_tune: tiny                     # tune node into oltp|olap|crit|tiny mode
        pg_conf: tiny.yml                   # tune pgsql into oltp/olap/crit/tiny mode

        pg_users:
          - username: test
            password: test
            comment: default test user
            groups: [ dbrole_readwrite ]
        pg_databases:                       # create a business database 'test'
          - name: test
            extensions: [{name: postgis}]   # create extra extension postgis
            parameters:                     # overwrite database meta's default search_path
              search_path: public,monitor
        pg_default_database: test           # default database will be used as primary monitor target

        # proxy settings
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.3             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip



  #==================================================================#
  #                           Globals                                #
  #==================================================================#
  vars:

    #------------------------------------------------------------------------------
    # CONNECTION PARAMETERS
    #------------------------------------------------------------------------------
    # this section defines connection parameters

    # ansible_user: vagrant             # admin user with ssh access and sudo privilege

    proxy_env: # global proxy env when downloading packages
      # http_proxy: 'http://xxxxxx'
      # https_proxy: 'http://xxxxxx'
      # all_proxy: 'http://xxxxxx'
      no_proxy: "localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16,*.pigsty,*.aliyun.com"

    #------------------------------------------------------------------------------
    # REPO PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to build a local repo

    repo_enabled: true                            # build local yum repo on meta nodes?
    repo_name: pigsty                             # local repo name
    repo_address: yum.pigsty                      # repo external address (ip:port or url)
    repo_port: 80                                 # listen address, must same as repo_address
    repo_home: /www                               # default repo dir location
    repo_rebuild: false                           # force re-download packages
    repo_remove: true                             # remove existing repos

    # - where to download - #
    repo_upstreams:
      - name: base
        description: CentOS-$releasever - Base - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: updates
        description: CentOS-$releasever - Updates - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: extras
        description: CentOS-$releasever - Extras - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: epel
        description: CentOS $releasever - EPEL - Aliyun Mirror
        baseurl: http://mirrors.aliyun.com/epel/$releasever/$basearch
        gpgcheck: no
        failovermethod: priority

      - name: grafana
        description: Grafana - TsingHua Mirror
        gpgcheck: no
        baseurl: https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm

      - name: prometheus
        description: Prometheus and exporters
        gpgcheck: no
        baseurl: https://packagecloud.io/prometheus-rpm/release/el/$releasever/$basearch

      - name: pgdg-common
        description: PostgreSQL common RPMs for RHEL/CentOS $releasever - $basearch
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-$releasever-$basearch

      - name: pgdg13
        description: PostgreSQL 13 for RHEL/CentOS $releasever - $basearch - Updates testing
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch

      - name: centos-sclo
        description: CentOS-$releasever - SCLo
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-sclo

      - name: centos-sclo-rh
        description: CentOS-$releasever - SCLo rh
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-rh

      - name: nginx
        description: Nginx Official Yum Repo
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: http://nginx.org/packages/centos/$releasever/$basearch/

      - name: haproxy
        description: Copr repo for haproxy
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: https://download.copr.fedorainfracloud.org/results/roidelapluie/haproxy/epel-$releasever-$basearch/

      # for latest consul & kubernetes
      - name: harbottle
        description: Copr repo for main owned by harbottle
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: https://download.copr.fedorainfracloud.org/results/harbottle/main/epel-$releasever-$basearch/


    # - what to download - #
    repo_packages:
      # repo bootstrap packages
      - epel-release nginx wget yum-utils yum createrepo                                      # bootstrap packages

      # node basic packages
      - ntp chrony uuid lz4 nc pv jq vim-enhanced make patch bash lsof wget unzip git tuned   # basic system util
      - readline zlib openssl libyaml libxml2 libxslt perl-ExtUtils-Embed ca-certificates     # basic pg dependency
      - numactl grubby sysstat dstat iotop bind-utils net-tools tcpdump socat ipvsadm telnet  # system utils

      # dcs & monitor packages
      - grafana prometheus2 pushgateway alertmanager                                          # monitor and ui
      - node_exporter postgres_exporter nginx_exporter blackbox_exporter                      # exporter
      - consul consul_exporter consul-template etcd                                           # dcs

      # python3 dependencies
      - ansible python python-pip python-psycopg2                                             # ansible & python
      - python3 python3-psycopg2 python36-requests python3-etcd python3-consul                # python3
      - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography               # python3 patroni extra deps

      # proxy and load balancer
      - haproxy keepalived dnsmasq                                                            # proxy and dns

      # postgres common Packages
      - patroni patroni-consul patroni-etcd pgbouncer pg_cli pgbadger pg_activity               # major components
      - pgcenter boxinfo check_postgres emaj pgbconsole pg_bloat_check pgquarrel                # other common utils
      - barman barman-cli pgloader pgFormatter pitrery pspg pgxnclient PyGreSQL pgadmin4 tail_n_mail

      # postgres 13 packages
      - postgresql13* postgis31* citus_13 pgrouting_13                                          # postgres 13 and postgis 31
      - pg_repack13 pg_squeeze13                                                                # maintenance extensions
      - pg_qualstats13 pg_stat_kcache13 system_stats_13 bgw_replstatus13                        # stats extensions
      - plr13 plsh13 plpgsql_check_13 plproxy13 plr13 plsh13 plpgsql_check_13 pldebugger13      # PL extensions                                      # pl extensions
      - hdfs_fdw_13 mongo_fdw13 mysql_fdw_13 ogr_fdw13 redis_fdw_13 pgbouncer_fdw13             # FDW extensions
      - wal2json13 count_distinct13 ddlx_13 geoip13 orafce13                                    # MISC extensions
      - rum_13 hypopg_13 ip4r13 jsquery_13 logerrors_13 periods_13 pg_auto_failover_13 pg_catcheck13
      - pg_fkpart13 pg_jobmon13 pg_partman13 pg_prioritize_13 pg_track_settings13 pgaudit15_13
      - pgcryptokey13 pgexportdoc13 pgimportdoc13 pgmemcache-13 pgmp13 pgq-13
      - pguint13 pguri13 prefix13  safeupdate_13 semver13  table_version13 tdigest13


    repo_url_packages:
      - https://github.com/Vonng/pg_exporter/releases/download/v0.3.1/pg_exporter-0.3.1-1.el7.x86_64.rpm
      - https://github.com/cybertec-postgresql/vip-manager/releases/download/v0.6/vip-manager_0.6-1_amd64.rpm
      - http://guichaz.free.fr/polysh/files/polysh-0.4-1.noarch.rpm





    #------------------------------------------------------------------------------
    # NODE PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to provision nodes

    # - node dns - #
    node_dns_hosts: # static dns records in /etc/hosts
      - 10.10.10.10 yum.pigsty
    node_dns_server: add                          # add (default) | none (skip) | overwrite (remove old settings)
    node_dns_servers: # dynamic nameserver in /etc/resolv.conf
      - 10.10.10.10
    node_dns_options: # dns resolv options
      - options single-request-reopen timeout:1 rotate
      - domain service.consul

    # - node repo - #
    node_repo_method: local                       # none|local|public (use local repo for production env)
    node_repo_remove: true                        # whether remove existing repo
    # local repo url (if method=local, make sure firewall is configured or disabled)
    node_local_repo_url:
      - http://yum.pigsty/pigsty.repo

    # - node packages - #
    node_packages: # common packages for all nodes
      - wget,yum-utils,ntp,chrony,tuned,uuid,lz4,vim-minimal,make,patch,bash,lsof,wget,unzip,git,readline,zlib,openssl
      - numactl,grubby,sysstat,dstat,iotop,bind-utils,net-tools,tcpdump,socat,ipvsadm,telnet,tuned,pv,jq
      - python3,python3-psycopg2,python36-requests,python3-etcd,python3-consul
      - python36-urllib3,python36-idna,python36-pyOpenSSL,python36-cryptography
      - node_exporter,consul,consul-template,etcd,haproxy,keepalived,vip-manager
    node_extra_packages: # extra packages for all nodes
      - patroni,patroni-consul,patroni-etcd,pgbouncer,pgbadger,pg_activity
    node_meta_packages: # packages for meta nodes only
      - grafana,prometheus2,alertmanager,nginx_exporter,blackbox_exporter,pushgateway
      - dnsmasq,nginx,ansible,pgbadger,polysh

    # - node features - #
    node_disable_numa: false                      # disable numa, important for production database, reboot required
    node_disable_swap: false                      # disable swap, important for production database
    node_disable_firewall: true                   # disable firewall (required if using kubernetes)
    node_disable_selinux: true                    # disable selinux  (required if using kubernetes)
    node_static_network: true                     # keep dns resolver settings after reboot
    node_disk_prefetch: false                     # setup disk prefetch on HDD to increase performance

    # - node kernel modules - #
    node_kernel_modules:
      - softdog
      - br_netfilter
      - ip_vs
      - ip_vs_rr
      - ip_vs_rr
      - ip_vs_wrr
      - ip_vs_sh
      - nf_conntrack_ipv4

    # - node tuned - #
    node_tune: tiny                               # install and activate tuned profile: none|oltp|olap|crit|tiny
    node_sysctl_params: # set additional sysctl parameters, k:v format
      net.bridge.bridge-nf-call-iptables: 1       # for kubernetes

    # - node user - #
    node_admin_setup: true                        # setup an default admin user ?
    node_admin_uid: 88                            # uid and gid for admin user
    node_admin_username: admin                    # default admin user
    node_admin_ssh_exchange: true                 # exchange ssh key among cluster ?
    node_admin_pks: # public key list that will be installed
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC7IMAMNavYtWwzAJajKqwdn3ar5BhvcwCnBTxxEkXhGlCO2vfgosSAQMEflfgvkiI5nM1HIFQ8KINlx1XLO7SdL5KdInG5LIJjAFh0pujS4kNCT9a5IGvSq1BrzGqhbEcwWYdju1ZPYBcJm/MG+JD0dYCh8vfrYB/cYMD0SOmNkQ== vagrant@pigsty.com'

    # - node ntp - #
    node_ntp_service: ntp                         # ntp or chrony
    node_ntp_config: true                         # overwrite existing ntp config?
    node_timezone: Asia/Shanghai                  # default node timezone
    node_ntp_servers: # default NTP servers
      - pool cn.pool.ntp.org iburst
      - pool pool.ntp.org iburst
      - pool time.pool.aliyun.com iburst
      - server 10.10.10.10 iburst


    #------------------------------------------------------------------------------
    # META PROVISION
    #------------------------------------------------------------------------------
    # - ca - #
    ca_method: create                             # create|copy|recreate
    ca_subject: "/CN=root-ca"                     # self-signed CA subject
    ca_homedir: /ca                               # ca cert directory
    ca_cert: ca.crt                               # ca public key/cert
    ca_key: ca.key                                # ca private key

    # - nginx - #
    nginx_upstream:
      - {name: home,           host: pigsty,   url: "127.0.0.1:3000"}
      - { name: consul,        host: c.pigsty, url: "127.0.0.1:8500" }
      - { name: grafana,       host: g.pigsty, url: "127.0.0.1:3000" }
      - { name: prometheus,    host: p.pigsty, url: "127.0.0.1:9090" }
      - { name: alertmanager,  host: a.pigsty, url: "127.0.0.1:9093" }

    # - nameserver - #
    dns_records: # dynamic dns record resolved by dnsmasq
      - 10.10.10.2  pg-meta                       # sandbox vip for pg-meta
      - 10.10.10.3  pg-test                       # sandbox vip for pg-test
      - 10.10.10.10 meta-1                        # sandbox node meta-1 (node-0)
      - 10.10.10.11 node-1                        # sandbox node node-1
      - 10.10.10.12 node-2                        # sandbox node node-2
      - 10.10.10.13 node-3                        # sandbox node node-3
      - 10.10.10.10 pigsty
      - 10.10.10.10 y.pigsty yum.pigsty
      - 10.10.10.10 c.pigsty consul.pigsty
      - 10.10.10.10 g.pigsty grafana.pigsty
      - 10.10.10.10 p.pigsty prometheus.pigsty
      - 10.10.10.10 a.pigsty alertmanager.pigsty
      - 10.10.10.10 n.pigsty ntp.pigsty

    # - prometheus - #
    prometheus_scrape_interval: 2s                # global scrape & evaluation interval (2s for dev, 15s for prod)
    prometheus_scrape_timeout: 1s                 # global scrape timeout (1s for dev, 1s for prod)
    prometheus_metrics_path: /metrics             # default metrics path (only affect job 'pg')
    prometheus_data_dir: /export/prometheus/data  # prometheus data dir
    prometheus_retention: 30d                     # how long to keep

    # - grafana - #
    grafana_url: http://admin:admin@10.10.10.10:3000 # grafana url
    grafana_admin_password: admin                  # default grafana admin user password
    grafana_plugin: install                        # none|install|reinstall
    grafana_cache: /www/pigsty/grafana/plugins.tar.gz # path to grafana plugins tarball
    grafana_customize: true                        # customize grafana resources
    grafana_plugins: # default grafana plugins list
      - redis-datasource
      - simpod-json-datasource
      - fifemon-graphql-datasource
      - sbueringer-consul-datasource
      - camptocamp-prometheus-alertmanager-datasource
      - ryantxu-ajax-panel
      - marcusolsson-hourly-heatmap-panel
      - michaeldmoore-multistat-panel
      - marcusolsson-treemap-panel
      - pr0ps-trackmap-panel
      - dalvany-image-panel
      - magnesium-wordcloud-panel
      - cloudspout-button-panel
      - speakyourcode-button-panel
      - jdbranham-diagram-panel
      - grafana-piechart-panel
      - snuids-radar-panel
      - digrich-bubblechart-panel
    grafana_git_plugins:
      - https://github.com/Vonng/grafana-echarts



    #------------------------------------------------------------------------------
    # DCS PROVISION
    #------------------------------------------------------------------------------
    dcs_type: consul                              # consul | etcd | both
    dcs_name: pigsty                              # consul dc name | etcd initial cluster token
    # dcs server dict in name:ip format
    dcs_servers:
      meta-1: 10.10.10.10                         # you could use existing dcs cluster
      # meta-2: 10.10.10.11                       # host which have their IP listed here will be init as server
      # meta-3: 10.10.10.12                       # 3 or 5 dcs nodes are recommend for production environment

    dcs_exists_action: skip                       # abort|skip|clean if dcs server already exists
    consul_data_dir: /var/lib/consul              # consul data dir (/var/lib/consul by default)
    etcd_data_dir: /var/lib/etcd                  # etcd data dir (/var/lib/consul by default)


    #------------------------------------------------------------------------------
    # POSTGRES INSTALLATION
    #------------------------------------------------------------------------------
    # - dbsu - #
    pg_dbsu: postgres                             # os user for database, postgres by default (change it is not recommended!)
    pg_dbsu_uid: 26                               # os dbsu uid and gid, 26 for default postgres users and groups
    pg_dbsu_sudo: limit                           # none|limit|all|nopass (Privilege for dbsu, limit is recommended)
    pg_dbsu_home: /var/lib/pgsql                  # postgresql binary
    pg_dbsu_ssh_exchange: false                   # exchange ssh key among same cluster

    # - postgres packages - #
    pg_version: 13                                # default postgresql version
    pgdg_repo: false                              # use official pgdg yum repo (disable if you have local mirror)
    pg_add_repo: false                            # add postgres related repo before install (useful if you want a simple install)
    pg_bin_dir: /usr/pgsql/bin                    # postgres binary dir
    pg_packages:
      - postgresql${pg_version}*
      - postgis31_${pg_version}*
      - pgbouncer patroni pg_exporter pgbadger
      - patroni patroni-consul patroni-etcd pgbouncer pgbadger pg_activity
      - python3 python3-psycopg2 python36-requests python3-etcd python3-consul
      - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography

    pg_extensions:
      - pg_repack${pg_version} pg_qualstats${pg_version} pg_stat_kcache${pg_version} wal2json${pg_version}
      # - ogr_fdw${pg_version} mysql_fdw_${pg_version} redis_fdw_${pg_version} mongo_fdw${pg_version} hdfs_fdw_${pg_version}
      # - count_distinct${version}  ddlx_${version}  geoip${version}  orafce${version}                                   # popular features
      # - hypopg_${version}  ip4r${version}  jsquery_${version}  logerrors_${version}  periods_${version}  pg_auto_failover_${version}  pg_catcheck${version}
      # - pg_fkpart${version}  pg_jobmon${version}  pg_partman${version}  pg_prioritize_${version}  pg_track_settings${version}  pgaudit15_${version}
      # - pgcryptokey${version}  pgexportdoc${version}  pgimportdoc${version}  pgmemcache-${version}  pgmp${version}  pgq-${version}  pgquarrel pgrouting_${version}
      # - pguint${version}  pguri${version}  prefix${version}   safeupdate_${version}  semver${version}   table_version${version}  tdigest${version}



    #------------------------------------------------------------------------------
    # POSTGRES PROVISION
    #------------------------------------------------------------------------------
    # - identity - #
    # pg_cluster:                                 # [REQUIRED] cluster name (validated during pg_preflight)
    # pg_seq: 0                                   # [REQUIRED] instance seq (validated during pg_preflight)
    # pg_role: replica                            # [REQUIRED] service role (validated during pg_preflight)
    pg_hostname: false                            # overwrite node hostname with pg instance name
    pg_nodename: true                             # overwrite consul nodename with pg instance name

    # - retention - #
    # pg_exists_action, available options: abort|clean|skip
    #  - abort: abort entire play's execution (default)
    #  - clean: remove existing cluster (dangerous)
    #  - skip: end current play for this host
    # pg_exists: false                            # auxiliary flag variable (DO NOT SET THIS)
    pg_exists_action: clean

    # - storage - #
    pg_data: /pg/data                             # postgres data directory
    pg_fs_main: /export                           # data disk mount point     /pg -> {{ pg_fs_main }}/postgres/{{ pg_instance }}
    pg_fs_bkup: /var/backups                      # backup disk mount point   /pg/* -> {{ pg_fs_bkup }}/postgres/{{ pg_instance }}/*

    # - connection - #
    pg_listen: '0.0.0.0'                          # postgres listen address, '0.0.0.0' by default (all ipv4 addr)
    pg_port: 5432                                 # postgres port (5432 by default)

    # - patroni - #
    # patroni_mode, available options: default|pause|remove
    #   - default: default ha mode
    #   - pause:   into maintenance mode
    #   - remove:  remove patroni after bootstrap
    patroni_mode: default                         # pause|default|remove
    pg_namespace: /pg                             # top level key namespace in dcs
    patroni_port: 8008                            # default patroni port
    patroni_watchdog_mode: automatic              # watchdog mode: off|automatic|required
    pg_conf: tiny.yml                             # user provided patroni config template path

    # - pgbouncer - #
    pgbouncer_port: 6432                          # default pgbouncer port
    pgbouncer_poolmode: transaction               # default pooling mode: transaction pooling
    pgbouncer_max_db_conn: 100                    # important! do not set this larger than postgres max conn or conn limit

    # - template - #
    pg_init: pg-init                              # init script for cluster template

    # - system roles - #
    pg_replication_username: replicator           # system replication user
    pg_replication_password: DBUser.Replicator    # system replication password
    pg_monitor_username: dbuser_monitor           # system monitor user
    pg_monitor_password: DBUser.Monitor           # system monitor password
    pg_admin_username: dbuser_admin               # system admin user
    pg_admin_password: DBUser.Admin               # system admin password

    # - default roles - #
    pg_default_roles:
      - username: dbrole_readonly                 # sample user:
        options: NOLOGIN                          # role can not login
        comment: role for readonly access         # comment string

      - username: dbrole_readwrite                # sample user: one object for each user
        options: NOLOGIN
        comment: role for read-write access
        groups: [ dbrole_readonly ]               # read-write includes read-only access

      - username: dbrole_admin                    # sample user: one object for each user
        options: NOLOGIN BYPASSRLS                # admin can bypass row level security
        comment: role for object creation
        groups: [dbrole_readwrite,pg_monitor,pg_signal_backend]

      # NOTE: replicator, monitor, admin password are overwrite by separated config entry
      - username: postgres                        # reset dbsu password to NULL (if dbsu is not postgres)
        options: SUPERUSER LOGIN
        comment: system superuser

      - username: replicator
        options: REPLICATION LOGIN
        groups: [pg_monitor, dbrole_readonly]
        comment: system replicator

      - username: dbuser_monitor
        options: LOGIN CONNECTION LIMIT 10
        comment: system monitor user
        groups: [pg_monitor, dbrole_readonly]

      - username: dbuser_admin
        options: LOGIN BYPASSRLS
        comment: system admin user
        groups: [dbrole_admin]

      - username: dbuser_stats
        password: DBUser.Stats
        options: LOGIN
        comment: business read-only user for statistics
        groups: [dbrole_readonly]


    # object created by dbsu and admin will have their privileges properly set
    pg_default_privilegs:
      - GRANT USAGE                         ON SCHEMAS   TO dbrole_readonly
      - GRANT SELECT                        ON TABLES    TO dbrole_readonly
      - GRANT SELECT                        ON SEQUENCES TO dbrole_readonly
      - GRANT EXECUTE                       ON FUNCTIONS TO dbrole_readonly
      - GRANT INSERT, UPDATE, DELETE        ON TABLES    TO dbrole_readwrite
      - GRANT USAGE,  UPDATE                ON SEQUENCES TO dbrole_readwrite
      - GRANT TRUNCATE, REFERENCES, TRIGGER ON TABLES    TO dbrole_admin
      - GRANT CREATE                        ON SCHEMAS   TO dbrole_admin
      - GRANT USAGE                         ON TYPES     TO dbrole_admin

    # schemas
    pg_default_schemas: [monitor]

    # extension
    pg_default_extensions:
      - { name: 'pg_stat_statements',  schema: 'monitor' }
      - { name: 'pgstattuple',         schema: 'monitor' }
      - { name: 'pg_qualstats',        schema: 'monitor' }
      - { name: 'pg_buffercache',      schema: 'monitor' }
      - { name: 'pageinspect',         schema: 'monitor' }
      - { name: 'pg_prewarm',          schema: 'monitor' }
      - { name: 'pg_visibility',       schema: 'monitor' }
      - { name: 'pg_freespacemap',     schema: 'monitor' }
      - { name: 'pg_repack',           schema: 'monitor' }
      - name: postgres_fdw
      - name: file_fdw
      - name: btree_gist
      - name: btree_gin
      - name: pg_trgm
      - name: intagg
      - name: intarray

    # postgres host-based authentication rules
    pg_hba_rules:
      - title: allow meta node password access
        role: common
        rules:
          - host    all     all                         10.10.10.10/32      md5

      - title: allow intranet admin password access
        role: common
        rules:
          - host    all     +dbrole_admin               10.0.0.0/8          md5
          - host    all     +dbrole_admin               172.16.0.0/12       md5
          - host    all     +dbrole_admin               192.168.0.0/16      md5

      - title: allow intranet password access
        role: common
        rules:
          - host    all             all                 10.0.0.0/8          md5
          - host    all             all                 172.16.0.0/12       md5
          - host    all             all                 192.168.0.0/16      md5

      - title: allow local read-write access (local production user via pgbouncer)
        role: common
        rules:
          - local   all     +dbrole_readwrite                               md5
          - host    all     +dbrole_readwrite           127.0.0.1/32        md5

      - title: allow read-only user (stats, personal) password directly access
        role: replica
        rules:
          - local   all     +dbrole_readonly                               md5
          - host    all     +dbrole_readonly           127.0.0.1/32        md5

    # pgbouncer host-based authentication rules
    pgbouncer_hba_rules:
      - title: local password access
        role: common
        rules:
          - local  all          all                                     md5
          - host   all          all                     127.0.0.1/32    md5

      - title: intranet password access
        role: common
        rules:
          - host   all          all                     10.0.0.0/8      md5
          - host   all          all                     172.16.0.0/12   md5
          - host   all          all                     192.168.0.0/16  md5

    #------------------------------------------------------------------------------
    # MONITOR PROVISION
    #------------------------------------------------------------------------------
    # - monitor options -
    pg_exporter_config: pg_exporter-demo.yaml     # default config files for pg_exporter
    node_exporter_port: 9100                      # default port for node exporter
    pg_exporter_port: 9630                        # default port for pg exporter
    pgbouncer_exporter_port: 9631                 # default port for pgbouncer exporter
    exporter_metrics_path: /metrics               # default metric path for pg related exporter
    pg_localhost: /var/run/postgresql             # localhost unix socket path


    #------------------------------------------------------------------------------
    # PROXY PROVISION
    #------------------------------------------------------------------------------
    # - haproxy - #
    haproxy_enabled: true                         # enable haproxy among every cluster members
    haproxy_policy: leastconn                     # roundrobin, leastconn
    haproxy_admin_username: admin                 # default haproxy admin username
    haproxy_admin_password: admin                 # default haproxy admin password
    haproxy_client_timeout: 3h                    # client side connection timeout
    haproxy_server_timeout: 3h                    # server side connection timeout
    haproxy_exporter_port: 9101                   # default admin/exporter port
    haproxy_check_port: 8008                      # default health check port (patroni 8008 by default)
    haproxy_primary_port: 5433                    # default primary port 5433
    haproxy_replica_port: 5434                    # default replica port 5434
    haproxy_backend_port: 6432                    # default target port: pgbouncer:6432 postgres:5432

    # - vip - #
    # vip_enabled: true                             # level2 vip requires primary/standby under same switch
    # vip_address: 127.0.0.1                      # virtual ip address ip/cidr
    # vip_cidrmask: 32                            # virtual ip address cidr mask
    # vip_interface: eth0                         # virtual ip network interface

...

7.2 - VMWare本地虚拟机

针对本地Vagrant沙箱的Pigsty配置示例

Vagrant Development Example

Here is an example config for vagrant local 4-node environment

---
######################################################################
# File      :   dev.yml
# Path      :   conf/dev.yml
# Desc      :   Configuration file for development (demo) environment
# Note      :   follow ansible inventory file format
# Ctime     :   2020-05-22
# Mtime     :   2020-12-22
# Copyright (C) 2019-2021 Ruohang Feng
######################################################################


######################################################################
#               Development Environment Inventory                    #
######################################################################
all: # top-level namespace, match all hosts


  #==================================================================#
  #                           Clusters                               #
  #==================================================================#
  children: # top-level groups, one group per database cluster (and special group 'meta')

    #-----------------------------
    # meta controller
    #-----------------------------
    meta: # special group 'meta' defines the main controller machine
      vars:
        meta_node: true                     # mark node as meta controller
        ansible_group_priority: 99          # meta group is top priority

      # nodes in meta group
      hosts: {10.10.10.10: {ansible_host: meta}}

    #-----------------------------
    # cluster: pg-meta
    #-----------------------------
    pg-meta:

      # - cluster members - #
      hosts:
        10.10.10.10: {pg_seq: 1, pg_role: primary, ansible_host: meta}

      # - cluster configs - #
      vars:
        pg_cluster: pg-meta                 # define actual cluster name
        pg_version: 13                      # define installed pgsql version
        node_tune: oltp                     # tune node into oltp|olap|crit|tiny mode
        pg_conf: oltp.yml                   # tune pgsql into oltp/olap/crit/tiny mode
        patroni_mode: pause                 # enter maintenance mode, {default|pause|remove}
        patroni_watchdog_mode: off          # disable watchdog (require|automatic|off)
        pg_users:                           # create a business user named 'dbuser_meta'
          - {username: dbuser_meta, password: DBUser.Meta, groups: [dbrole_readwrite]}
        pg_databases:                       # create a business database 'meta'
          - name: meta
            schemas: [meta]                 # create extra schema named 'meta'
            extensions: [{name: postgis}]   # create extra extension postgis
            parameters:                     # overwrite database meta's default search_path
              search_path: public, monitor
        pg_default_database: meta           # default database will be used as primary monitor target

        # proxy settings
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.2             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip


    #-----------------------------
    # cluster: pg-test
    #-----------------------------
    pg-test: # define cluster named 'pg-test'
      # - cluster members - #
      hosts:
        10.10.10.11: {pg_seq: 1, pg_role: primary, ansible_host: node-1}
        10.10.10.12: {pg_seq: 1, pg_role: replica, ansible_host: node-2}
        10.10.10.13: {pg_seq: 1, pg_role: replica, ansible_host: node-3}
      # - cluster configs - #
      vars:
        # basic settings
        pg_cluster: pg-test                 # define actual cluster name
        pg_version: 13                      # define installed pgsql version
        node_tune: tiny                     # tune node into oltp|olap|crit|tiny mode
        pg_conf: tiny.yml                   # tune pgsql into oltp/olap/crit/tiny mode

        pg_users:
          - username: test
            password: test
            comment: default test user
            groups: [ dbrole_readwrite ]
        pg_databases:                       # create a business database 'test'
          - name: test
            extensions: [{name: postgis}]   # create extra extension postgis
            parameters:                     # overwrite database meta's default search_path
              search_path: public,monitor
        pg_default_database: test           # default database will be used as primary monitor target

        # proxy settings
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.3             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip



  #==================================================================#
  #                           Globals                                #
  #==================================================================#
  vars:

    #------------------------------------------------------------------------------
    # CONNECTION PARAMETERS
    #------------------------------------------------------------------------------
    # this section defines connection parameters

    # ansible_user: vagrant             # admin user with ssh access and sudo privilege

    proxy_env: # global proxy env when downloading packages
      # http_proxy: 'http://xxxxxx'
      # https_proxy: 'http://xxxxxx'
      # all_proxy: 'http://xxxxxx'
      no_proxy: "localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16,*.pigsty,*.aliyun.com"

    #------------------------------------------------------------------------------
    # REPO PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to build a local repo

    repo_enabled: true                            # build local yum repo on meta nodes?
    repo_name: pigsty                             # local repo name
    repo_address: yum.pigsty                      # repo external address (ip:port or url)
    repo_port: 80                                 # listen address, must same as repo_address
    repo_home: /www                               # default repo dir location
    repo_rebuild: false                           # force re-download packages
    repo_remove: true                             # remove existing repos

    # - where to download - #
    repo_upstreams:
      - name: base
        description: CentOS-$releasever - Base - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: updates
        description: CentOS-$releasever - Updates - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: extras
        description: CentOS-$releasever - Extras - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: epel
        description: CentOS $releasever - EPEL - Aliyun Mirror
        baseurl: http://mirrors.aliyun.com/epel/$releasever/$basearch
        gpgcheck: no
        failovermethod: priority

      - name: grafana
        description: Grafana - TsingHua Mirror
        gpgcheck: no
        baseurl: https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm

      - name: prometheus
        description: Prometheus and exporters
        gpgcheck: no
        baseurl: https://packagecloud.io/prometheus-rpm/release/el/$releasever/$basearch

      - name: pgdg-common
        description: PostgreSQL common RPMs for RHEL/CentOS $releasever - $basearch
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-$releasever-$basearch

      - name: pgdg13
        description: PostgreSQL 13 for RHEL/CentOS $releasever - $basearch - Updates testing
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch

      - name: centos-sclo
        description: CentOS-$releasever - SCLo
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-sclo

      - name: centos-sclo-rh
        description: CentOS-$releasever - SCLo rh
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-rh

      - name: nginx
        description: Nginx Official Yum Repo
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: http://nginx.org/packages/centos/$releasever/$basearch/

      - name: haproxy
        description: Copr repo for haproxy
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: https://download.copr.fedorainfracloud.org/results/roidelapluie/haproxy/epel-$releasever-$basearch/

      # for latest consul & kubernetes
      - name: harbottle
        description: Copr repo for main owned by harbottle
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: https://download.copr.fedorainfracloud.org/results/harbottle/main/epel-$releasever-$basearch/


    # - what to download - #
    repo_packages:
      # repo bootstrap packages
      - epel-release nginx wget yum-utils yum createrepo                                      # bootstrap packages

      # node basic packages
      - ntp chrony uuid lz4 nc pv jq vim-enhanced make patch bash lsof wget unzip git tuned   # basic system util
      - readline zlib openssl libyaml libxml2 libxslt perl-ExtUtils-Embed ca-certificates     # basic pg dependency
      - numactl grubby sysstat dstat iotop bind-utils net-tools tcpdump socat ipvsadm telnet  # system utils

      # dcs & monitor packages
      - grafana prometheus2 pushgateway alertmanager                                          # monitor and ui
      - node_exporter postgres_exporter nginx_exporter blackbox_exporter                      # exporter
      - consul consul_exporter consul-template etcd                                           # dcs

      # python3 dependencies
      - ansible python python-pip python-psycopg2                                             # ansible & python
      - python3 python3-psycopg2 python36-requests python3-etcd python3-consul                # python3
      - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography               # python3 patroni extra deps

      # proxy and load balancer
      - haproxy keepalived dnsmasq                                                            # proxy and dns

      # postgres common Packages
      - patroni patroni-consul patroni-etcd pgbouncer pg_cli pgbadger pg_activity               # major components
      - pgcenter boxinfo check_postgres emaj pgbconsole pg_bloat_check pgquarrel                # other common utils
      - barman barman-cli pgloader pgFormatter pitrery pspg pgxnclient PyGreSQL pgadmin4 tail_n_mail

      # postgres 13 packages
      - postgresql13* postgis31* citus_13 pgrouting_13                                          # postgres 13 and postgis 31
      - pg_repack13 pg_squeeze13                                                                # maintenance extensions
      - pg_qualstats13 pg_stat_kcache13 system_stats_13 bgw_replstatus13                        # stats extensions
      - plr13 plsh13 plpgsql_check_13 plproxy13 plr13 plsh13 plpgsql_check_13 pldebugger13      # PL extensions                                      # pl extensions
      - hdfs_fdw_13 mongo_fdw13 mysql_fdw_13 ogr_fdw13 redis_fdw_13 pgbouncer_fdw13             # FDW extensions
      - wal2json13 count_distinct13 ddlx_13 geoip13 orafce13                                    # MISC extensions
      - rum_13 hypopg_13 ip4r13 jsquery_13 logerrors_13 periods_13 pg_auto_failover_13 pg_catcheck13
      - pg_fkpart13 pg_jobmon13 pg_partman13 pg_prioritize_13 pg_track_settings13 pgaudit15_13
      - pgcryptokey13 pgexportdoc13 pgimportdoc13 pgmemcache-13 pgmp13 pgq-13
      - pguint13 pguri13 prefix13  safeupdate_13 semver13  table_version13 tdigest13


    repo_url_packages:
      - https://github.com/Vonng/pg_exporter/releases/download/v0.3.1/pg_exporter-0.3.1-1.el7.x86_64.rpm
      - https://github.com/cybertec-postgresql/vip-manager/releases/download/v0.6/vip-manager_0.6-1_amd64.rpm
      - http://guichaz.free.fr/polysh/files/polysh-0.4-1.noarch.rpm





    #------------------------------------------------------------------------------
    # NODE PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to provision nodes

    # - node dns - #
    node_dns_hosts: # static dns records in /etc/hosts
      - 10.10.10.10 yum.pigsty
    node_dns_server: add                          # add (default) | none (skip) | overwrite (remove old settings)
    node_dns_servers: # dynamic nameserver in /etc/resolv.conf
      - 10.10.10.10
    node_dns_options: # dns resolv options
      - options single-request-reopen timeout:1 rotate
      - domain service.consul

    # - node repo - #
    node_repo_method: local                       # none|local|public (use local repo for production env)
    node_repo_remove: true                        # whether remove existing repo
    # local repo url (if method=local, make sure firewall is configured or disabled)
    node_local_repo_url:
      - http://yum.pigsty/pigsty.repo

    # - node packages - #
    node_packages: # common packages for all nodes
      - wget,yum-utils,ntp,chrony,tuned,uuid,lz4,vim-minimal,make,patch,bash,lsof,wget,unzip,git,readline,zlib,openssl
      - numactl,grubby,sysstat,dstat,iotop,bind-utils,net-tools,tcpdump,socat,ipvsadm,telnet,tuned,pv,jq
      - python3,python3-psycopg2,python36-requests,python3-etcd,python3-consul
      - python36-urllib3,python36-idna,python36-pyOpenSSL,python36-cryptography
      - node_exporter,consul,consul-template,etcd,haproxy,keepalived,vip-manager
    node_extra_packages: # extra packages for all nodes
      - patroni,patroni-consul,patroni-etcd,pgbouncer,pgbadger,pg_activity
    node_meta_packages: # packages for meta nodes only
      - grafana,prometheus2,alertmanager,nginx_exporter,blackbox_exporter,pushgateway
      - dnsmasq,nginx,ansible,pgbadger,polysh

    # - node features - #
    node_disable_numa: false                      # disable numa, important for production database, reboot required
    node_disable_swap: false                      # disable swap, important for production database
    node_disable_firewall: true                   # disable firewall (required if using kubernetes)
    node_disable_selinux: true                    # disable selinux  (required if using kubernetes)
    node_static_network: true                     # keep dns resolver settings after reboot
    node_disk_prefetch: false                     # setup disk prefetch on HDD to increase performance

    # - node kernel modules - #
    node_kernel_modules:
      - softdog
      - br_netfilter
      - ip_vs
      - ip_vs_rr
      - ip_vs_rr
      - ip_vs_wrr
      - ip_vs_sh
      - nf_conntrack_ipv4

    # - node tuned - #
    node_tune: tiny                               # install and activate tuned profile: none|oltp|olap|crit|tiny
    node_sysctl_params: # set additional sysctl parameters, k:v format
      net.bridge.bridge-nf-call-iptables: 1       # for kubernetes

    # - node user - #
    node_admin_setup: true                        # setup an default admin user ?
    node_admin_uid: 88                            # uid and gid for admin user
    node_admin_username: admin                    # default admin user
    node_admin_ssh_exchange: true                 # exchange ssh key among cluster ?
    node_admin_pks: # public key list that will be installed
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC7IMAMNavYtWwzAJajKqwdn3ar5BhvcwCnBTxxEkXhGlCO2vfgosSAQMEflfgvkiI5nM1HIFQ8KINlx1XLO7SdL5KdInG5LIJjAFh0pujS4kNCT9a5IGvSq1BrzGqhbEcwWYdju1ZPYBcJm/MG+JD0dYCh8vfrYB/cYMD0SOmNkQ== vagrant@pigsty.com'

    # - node ntp - #
    node_ntp_service: ntp                         # ntp or chrony
    node_ntp_config: true                         # overwrite existing ntp config?
    node_timezone: Asia/Shanghai                  # default node timezone
    node_ntp_servers: # default NTP servers
      - pool cn.pool.ntp.org iburst
      - pool pool.ntp.org iburst
      - pool time.pool.aliyun.com iburst
      - server 10.10.10.10 iburst


    #------------------------------------------------------------------------------
    # META PROVISION
    #------------------------------------------------------------------------------
    # - ca - #
    ca_method: create                             # create|copy|recreate
    ca_subject: "/CN=root-ca"                     # self-signed CA subject
    ca_homedir: /ca                               # ca cert directory
    ca_cert: ca.crt                               # ca public key/cert
    ca_key: ca.key                                # ca private key

    # - nginx - #
    nginx_upstream:
      - {name: home,           host: pigsty,   url: "127.0.0.1:3000"}
      - { name: consul,        host: c.pigsty, url: "127.0.0.1:8500" }
      - { name: grafana,       host: g.pigsty, url: "127.0.0.1:3000" }
      - { name: prometheus,    host: p.pigsty, url: "127.0.0.1:9090" }
      - { name: alertmanager,  host: a.pigsty, url: "127.0.0.1:9093" }

    # - nameserver - #
    dns_records: # dynamic dns record resolved by dnsmasq
      - 10.10.10.2  pg-meta                       # sandbox vip for pg-meta
      - 10.10.10.3  pg-test                       # sandbox vip for pg-test
      - 10.10.10.10 meta-1                        # sandbox node meta-1 (node-0)
      - 10.10.10.11 node-1                        # sandbox node node-1
      - 10.10.10.12 node-2                        # sandbox node node-2
      - 10.10.10.13 node-3                        # sandbox node node-3
      - 10.10.10.10 pigsty
      - 10.10.10.10 y.pigsty yum.pigsty
      - 10.10.10.10 c.pigsty consul.pigsty
      - 10.10.10.10 g.pigsty grafana.pigsty
      - 10.10.10.10 p.pigsty prometheus.pigsty
      - 10.10.10.10 a.pigsty alertmanager.pigsty
      - 10.10.10.10 n.pigsty ntp.pigsty

    # - prometheus - #
    prometheus_scrape_interval: 2s                # global scrape & evaluation interval (2s for dev, 15s for prod)
    prometheus_scrape_timeout: 1s                 # global scrape timeout (1s for dev, 1s for prod)
    prometheus_metrics_path: /metrics             # default metrics path (only affect job 'pg')
    prometheus_data_dir: /export/prometheus/data  # prometheus data dir
    prometheus_retention: 30d                     # how long to keep

    # - grafana - #
    grafana_url: http://admin:admin@10.10.10.10:3000 # grafana url
    grafana_admin_password: admin                  # default grafana admin user password
    grafana_plugin: install                        # none|install|reinstall
    grafana_cache: /www/pigsty/grafana/plugins.tar.gz # path to grafana plugins tarball
    grafana_customize: true                        # customize grafana resources
    grafana_plugins: # default grafana plugins list
      - redis-datasource
      - simpod-json-datasource
      - fifemon-graphql-datasource
      - sbueringer-consul-datasource
      - camptocamp-prometheus-alertmanager-datasource
      - ryantxu-ajax-panel
      - marcusolsson-hourly-heatmap-panel
      - michaeldmoore-multistat-panel
      - marcusolsson-treemap-panel
      - pr0ps-trackmap-panel
      - dalvany-image-panel
      - magnesium-wordcloud-panel
      - cloudspout-button-panel
      - speakyourcode-button-panel
      - jdbranham-diagram-panel
      - grafana-piechart-panel
      - snuids-radar-panel
      - digrich-bubblechart-panel
    grafana_git_plugins:
      - https://github.com/Vonng/grafana-echarts



    #------------------------------------------------------------------------------
    # DCS PROVISION
    #------------------------------------------------------------------------------
    dcs_type: consul                              # consul | etcd | both
    dcs_name: pigsty                              # consul dc name | etcd initial cluster token
    # dcs server dict in name:ip format
    dcs_servers:
      meta-1: 10.10.10.10                         # you could use existing dcs cluster
      # meta-2: 10.10.10.11                       # host which have their IP listed here will be init as server
      # meta-3: 10.10.10.12                       # 3 or 5 dcs nodes are recommend for production environment

    dcs_exists_action: skip                       # abort|skip|clean if dcs server already exists
    consul_data_dir: /var/lib/consul              # consul data dir (/var/lib/consul by default)
    etcd_data_dir: /var/lib/etcd                  # etcd data dir (/var/lib/consul by default)


    #------------------------------------------------------------------------------
    # POSTGRES INSTALLATION
    #------------------------------------------------------------------------------
    # - dbsu - #
    pg_dbsu: postgres                             # os user for database, postgres by default (change it is not recommended!)
    pg_dbsu_uid: 26                               # os dbsu uid and gid, 26 for default postgres users and groups
    pg_dbsu_sudo: limit                           # none|limit|all|nopass (Privilege for dbsu, limit is recommended)
    pg_dbsu_home: /var/lib/pgsql                  # postgresql binary
    pg_dbsu_ssh_exchange: false                   # exchange ssh key among same cluster

    # - postgres packages - #
    pg_version: 13                                # default postgresql version
    pgdg_repo: false                              # use official pgdg yum repo (disable if you have local mirror)
    pg_add_repo: false                            # add postgres related repo before install (useful if you want a simple install)
    pg_bin_dir: /usr/pgsql/bin                    # postgres binary dir
    pg_packages:
      - postgresql${pg_version}*
      - postgis31_${pg_version}*
      - pgbouncer patroni pg_exporter pgbadger
      - patroni patroni-consul patroni-etcd pgbouncer pgbadger pg_activity
      - python3 python3-psycopg2 python36-requests python3-etcd python3-consul
      - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography

    pg_extensions:
      - pg_repack${pg_version} pg_qualstats${pg_version} pg_stat_kcache${pg_version} wal2json${pg_version}
      # - ogr_fdw${pg_version} mysql_fdw_${pg_version} redis_fdw_${pg_version} mongo_fdw${pg_version} hdfs_fdw_${pg_version}
      # - count_distinct${version}  ddlx_${version}  geoip${version}  orafce${version}                                   # popular features
      # - hypopg_${version}  ip4r${version}  jsquery_${version}  logerrors_${version}  periods_${version}  pg_auto_failover_${version}  pg_catcheck${version}
      # - pg_fkpart${version}  pg_jobmon${version}  pg_partman${version}  pg_prioritize_${version}  pg_track_settings${version}  pgaudit15_${version}
      # - pgcryptokey${version}  pgexportdoc${version}  pgimportdoc${version}  pgmemcache-${version}  pgmp${version}  pgq-${version}  pgquarrel pgrouting_${version}
      # - pguint${version}  pguri${version}  prefix${version}   safeupdate_${version}  semver${version}   table_version${version}  tdigest${version}



    #------------------------------------------------------------------------------
    # POSTGRES PROVISION
    #------------------------------------------------------------------------------
    # - identity - #
    # pg_cluster:                                 # [REQUIRED] cluster name (validated during pg_preflight)
    # pg_seq: 0                                   # [REQUIRED] instance seq (validated during pg_preflight)
    # pg_role: replica                            # [REQUIRED] service role (validated during pg_preflight)
    pg_hostname: false                            # overwrite node hostname with pg instance name
    pg_nodename: true                             # overwrite consul nodename with pg instance name

    # - retention - #
    # pg_exists_action, available options: abort|clean|skip
    #  - abort: abort entire play's execution (default)
    #  - clean: remove existing cluster (dangerous)
    #  - skip: end current play for this host
    # pg_exists: false                            # auxiliary flag variable (DO NOT SET THIS)
    pg_exists_action: clean

    # - storage - #
    pg_data: /pg/data                             # postgres data directory
    pg_fs_main: /export                           # data disk mount point     /pg -> {{ pg_fs_main }}/postgres/{{ pg_instance }}
    pg_fs_bkup: /var/backups                      # backup disk mount point   /pg/* -> {{ pg_fs_bkup }}/postgres/{{ pg_instance }}/*

    # - connection - #
    pg_listen: '0.0.0.0'                          # postgres listen address, '0.0.0.0' by default (all ipv4 addr)
    pg_port: 5432                                 # postgres port (5432 by default)

    # - patroni - #
    # patroni_mode, available options: default|pause|remove
    #   - default: default ha mode
    #   - pause:   into maintenance mode
    #   - remove:  remove patroni after bootstrap
    patroni_mode: default                         # pause|default|remove
    pg_namespace: /pg                             # top level key namespace in dcs
    patroni_port: 8008                            # default patroni port
    patroni_watchdog_mode: automatic              # watchdog mode: off|automatic|required
    pg_conf: tiny.yml                             # user provided patroni config template path

    # - pgbouncer - #
    pgbouncer_port: 6432                          # default pgbouncer port
    pgbouncer_poolmode: transaction               # default pooling mode: transaction pooling
    pgbouncer_max_db_conn: 100                    # important! do not set this larger than postgres max conn or conn limit

    # - template - #
    pg_init: pg-init                              # init script for cluster template

    # - system roles - #
    pg_replication_username: replicator           # system replication user
    pg_replication_password: DBUser.Replicator    # system replication password
    pg_monitor_username: dbuser_monitor           # system monitor user
    pg_monitor_password: DBUser.Monitor           # system monitor password
    pg_admin_username: dbuser_admin               # system admin user
    pg_admin_password: DBUser.Admin               # system admin password

    # - default roles - #
    pg_default_roles:
      - username: dbrole_readonly                 # sample user:
        options: NOLOGIN                          # role can not login
        comment: role for readonly access         # comment string

      - username: dbrole_readwrite                # sample user: one object for each user
        options: NOLOGIN
        comment: role for read-write access
        groups: [ dbrole_readonly ]               # read-write includes read-only access

      - username: dbrole_admin                    # sample user: one object for each user
        options: NOLOGIN BYPASSRLS                # admin can bypass row level security
        comment: role for object creation
        groups: [dbrole_readwrite,pg_monitor,pg_signal_backend]

      # NOTE: replicator, monitor, admin password are overwrite by separated config entry
      - username: postgres                        # reset dbsu password to NULL (if dbsu is not postgres)
        options: SUPERUSER LOGIN
        comment: system superuser

      - username: replicator
        options: REPLICATION LOGIN
        groups: [pg_monitor, dbrole_readonly]
        comment: system replicator

      - username: dbuser_monitor
        options: LOGIN CONNECTION LIMIT 10
        comment: system monitor user
        groups: [pg_monitor, dbrole_readonly]

      - username: dbuser_admin
        options: LOGIN BYPASSRLS
        comment: system admin user
        groups: [dbrole_admin]

      - username: dbuser_stats
        password: DBUser.Stats
        options: LOGIN
        comment: business read-only user for statistics
        groups: [dbrole_readonly]


    # object created by dbsu and admin will have their privileges properly set
    pg_default_privilegs:
      - GRANT USAGE                         ON SCHEMAS   TO dbrole_readonly
      - GRANT SELECT                        ON TABLES    TO dbrole_readonly
      - GRANT SELECT                        ON SEQUENCES TO dbrole_readonly
      - GRANT EXECUTE                       ON FUNCTIONS TO dbrole_readonly
      - GRANT INSERT, UPDATE, DELETE        ON TABLES    TO dbrole_readwrite
      - GRANT USAGE,  UPDATE                ON SEQUENCES TO dbrole_readwrite
      - GRANT TRUNCATE, REFERENCES, TRIGGER ON TABLES    TO dbrole_admin
      - GRANT CREATE                        ON SCHEMAS   TO dbrole_admin
      - GRANT USAGE                         ON TYPES     TO dbrole_admin

    # schemas
    pg_default_schemas: [monitor]

    # extension
    pg_default_extensions:
      - { name: 'pg_stat_statements',  schema: 'monitor' }
      - { name: 'pgstattuple',         schema: 'monitor' }
      - { name: 'pg_qualstats',        schema: 'monitor' }
      - { name: 'pg_buffercache',      schema: 'monitor' }
      - { name: 'pageinspect',         schema: 'monitor' }
      - { name: 'pg_prewarm',          schema: 'monitor' }
      - { name: 'pg_visibility',       schema: 'monitor' }
      - { name: 'pg_freespacemap',     schema: 'monitor' }
      - { name: 'pg_repack',           schema: 'monitor' }
      - name: postgres_fdw
      - name: file_fdw
      - name: btree_gist
      - name: btree_gin
      - name: pg_trgm
      - name: intagg
      - name: intarray

    # postgres host-based authentication rules
    pg_hba_rules:
      - title: allow meta node password access
        role: common
        rules:
          - host    all     all                         10.10.10.10/32      md5

      - title: allow intranet admin password access
        role: common
        rules:
          - host    all     +dbrole_admin               10.0.0.0/8          md5
          - host    all     +dbrole_admin               172.16.0.0/12       md5
          - host    all     +dbrole_admin               192.168.0.0/16      md5

      - title: allow intranet password access
        role: common
        rules:
          - host    all             all                 10.0.0.0/8          md5
          - host    all             all                 172.16.0.0/12       md5
          - host    all             all                 192.168.0.0/16      md5

      - title: allow local read-write access (local production user via pgbouncer)
        role: common
        rules:
          - local   all     +dbrole_readwrite                               md5
          - host    all     +dbrole_readwrite           127.0.0.1/32        md5

      - title: allow read-only user (stats, personal) password directly access
        role: replica
        rules:
          - local   all     +dbrole_readonly                               md5
          - host    all     +dbrole_readonly           127.0.0.1/32        md5

    # pgbouncer host-based authentication rules
    pgbouncer_hba_rules:
      - title: local password access
        role: common
        rules:
          - local  all          all                                     md5
          - host   all          all                     127.0.0.1/32    md5

      - title: intranet password access
        role: common
        rules:
          - host   all          all                     10.0.0.0/8      md5
          - host   all          all                     172.16.0.0/12   md5
          - host   all          all                     192.168.0.0/16  md5

    #------------------------------------------------------------------------------
    # MONITOR PROVISION
    #------------------------------------------------------------------------------
    # - monitor options -
    pg_exporter_config: pg_exporter-demo.yaml     # default config files for pg_exporter
    node_exporter_port: 9100                      # default port for node exporter
    pg_exporter_port: 9630                        # default port for pg exporter
    pgbouncer_exporter_port: 9631                 # default port for pgbouncer exporter
    exporter_metrics_path: /metrics               # default metric path for pg related exporter
    pg_localhost: /var/run/postgresql             # localhost unix socket path


    #------------------------------------------------------------------------------
    # PROXY PROVISION
    #------------------------------------------------------------------------------
    # - haproxy - #
    haproxy_enabled: true                         # enable haproxy among every cluster members
    haproxy_policy: leastconn                     # roundrobin, leastconn
    haproxy_admin_username: admin                 # default haproxy admin username
    haproxy_admin_password: admin                 # default haproxy admin password
    haproxy_client_timeout: 3h                    # client side connection timeout
    haproxy_server_timeout: 3h                    # server side connection timeout
    haproxy_exporter_port: 9101                   # default admin/exporter port
    haproxy_check_port: 8008                      # default health check port (patroni 8008 by default)
    haproxy_primary_port: 5433                    # default primary port 5433
    haproxy_replica_port: 5434                    # default replica port 5434
    haproxy_backend_port: 6432                    # default target port: pgbouncer:6432 postgres:5432

    # - vip - #
    # vip_enabled: true                             # level2 vip requires primary/standby under same switch
    # vip_address: 127.0.0.1                      # virtual ip address ip/cidr
    # vip_cidrmask: 32                            # virtual ip address cidr mask
    # vip_interface: eth0                         # virtual ip network interface

...

7.3 - 阿里云ECS

针对本地Vagrant沙箱的Pigsty配置示例

Vagrant Development Example

Here is an example config for vagrant local 4-node environment

---
######################################################################
# File      :   dev.yml
# Path      :   conf/dev.yml
# Desc      :   Configuration file for development (demo) environment
# Note      :   follow ansible inventory file format
# Ctime     :   2020-05-22
# Mtime     :   2020-12-22
# Copyright (C) 2019-2021 Ruohang Feng
######################################################################


######################################################################
#               Development Environment Inventory                    #
######################################################################
all: # top-level namespace, match all hosts


  #==================================================================#
  #                           Clusters                               #
  #==================================================================#
  children: # top-level groups, one group per database cluster (and special group 'meta')

    #-----------------------------
    # meta controller
    #-----------------------------
    meta: # special group 'meta' defines the main controller machine
      vars:
        meta_node: true                     # mark node as meta controller
        ansible_group_priority: 99          # meta group is top priority

      # nodes in meta group
      hosts: {10.10.10.10: {ansible_host: meta}}

    #-----------------------------
    # cluster: pg-meta
    #-----------------------------
    pg-meta:

      # - cluster members - #
      hosts:
        10.10.10.10: {pg_seq: 1, pg_role: primary, ansible_host: meta}

      # - cluster configs - #
      vars:
        pg_cluster: pg-meta                 # define actual cluster name
        pg_version: 13                      # define installed pgsql version
        node_tune: oltp                     # tune node into oltp|olap|crit|tiny mode
        pg_conf: oltp.yml                   # tune pgsql into oltp/olap/crit/tiny mode
        patroni_mode: pause                 # enter maintenance mode, {default|pause|remove}
        patroni_watchdog_mode: off          # disable watchdog (require|automatic|off)
        pg_users:                           # create a business user named 'dbuser_meta'
          - {username: dbuser_meta, password: DBUser.Meta, groups: [dbrole_readwrite]}
        pg_databases:                       # create a business database 'meta'
          - name: meta
            schemas: [meta]                 # create extra schema named 'meta'
            extensions: [{name: postgis}]   # create extra extension postgis
            parameters:                     # overwrite database meta's default search_path
              search_path: public, monitor
        pg_default_database: meta           # default database will be used as primary monitor target

        # proxy settings
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.2             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip


    #-----------------------------
    # cluster: pg-test
    #-----------------------------
    pg-test: # define cluster named 'pg-test'
      # - cluster members - #
      hosts:
        10.10.10.11: {pg_seq: 1, pg_role: primary, ansible_host: node-1}
        10.10.10.12: {pg_seq: 1, pg_role: replica, ansible_host: node-2}
        10.10.10.13: {pg_seq: 1, pg_role: replica, ansible_host: node-3}
      # - cluster configs - #
      vars:
        # basic settings
        pg_cluster: pg-test                 # define actual cluster name
        pg_version: 13                      # define installed pgsql version
        node_tune: tiny                     # tune node into oltp|olap|crit|tiny mode
        pg_conf: tiny.yml                   # tune pgsql into oltp/olap/crit/tiny mode

        pg_users:
          - username: test
            password: test
            comment: default test user
            groups: [ dbrole_readwrite ]
        pg_databases:                       # create a business database 'test'
          - name: test
            extensions: [{name: postgis}]   # create extra extension postgis
            parameters:                     # overwrite database meta's default search_path
              search_path: public,monitor
        pg_default_database: test           # default database will be used as primary monitor target

        # proxy settings
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.3             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip



  #==================================================================#
  #                           Globals                                #
  #==================================================================#
  vars:

    #------------------------------------------------------------------------------
    # CONNECTION PARAMETERS
    #------------------------------------------------------------------------------
    # this section defines connection parameters

    # ansible_user: vagrant             # admin user with ssh access and sudo privilege

    proxy_env: # global proxy env when downloading packages
      # http_proxy: 'http://xxxxxx'
      # https_proxy: 'http://xxxxxx'
      # all_proxy: 'http://xxxxxx'
      no_proxy: "localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16,*.pigsty,*.aliyun.com"

    #------------------------------------------------------------------------------
    # REPO PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to build a local repo

    repo_enabled: true                            # build local yum repo on meta nodes?
    repo_name: pigsty                             # local repo name
    repo_address: yum.pigsty                      # repo external address (ip:port or url)
    repo_port: 80                                 # listen address, must same as repo_address
    repo_home: /www                               # default repo dir location
    repo_rebuild: false                           # force re-download packages
    repo_remove: true                             # remove existing repos

    # - where to download - #
    repo_upstreams:
      - name: base
        description: CentOS-$releasever - Base - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: updates
        description: CentOS-$releasever - Updates - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: extras
        description: CentOS-$releasever - Extras - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: epel
        description: CentOS $releasever - EPEL - Aliyun Mirror
        baseurl: http://mirrors.aliyun.com/epel/$releasever/$basearch
        gpgcheck: no
        failovermethod: priority

      - name: grafana
        description: Grafana - TsingHua Mirror
        gpgcheck: no
        baseurl: https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm

      - name: prometheus
        description: Prometheus and exporters
        gpgcheck: no
        baseurl: https://packagecloud.io/prometheus-rpm/release/el/$releasever/$basearch

      - name: pgdg-common
        description: PostgreSQL common RPMs for RHEL/CentOS $releasever - $basearch
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-$releasever-$basearch

      - name: pgdg13
        description: PostgreSQL 13 for RHEL/CentOS $releasever - $basearch - Updates testing
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch

      - name: centos-sclo
        description: CentOS-$releasever - SCLo
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-sclo

      - name: centos-sclo-rh
        description: CentOS-$releasever - SCLo rh
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-rh

      - name: nginx
        description: Nginx Official Yum Repo
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: http://nginx.org/packages/centos/$releasever/$basearch/

      - name: haproxy
        description: Copr repo for haproxy
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: https://download.copr.fedorainfracloud.org/results/roidelapluie/haproxy/epel-$releasever-$basearch/

      # for latest consul & kubernetes
      - name: harbottle
        description: Copr repo for main owned by harbottle
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: https://download.copr.fedorainfracloud.org/results/harbottle/main/epel-$releasever-$basearch/


    # - what to download - #
    repo_packages:
      # repo bootstrap packages
      - epel-release nginx wget yum-utils yum createrepo                                      # bootstrap packages

      # node basic packages
      - ntp chrony uuid lz4 nc pv jq vim-enhanced make patch bash lsof wget unzip git tuned   # basic system util
      - readline zlib openssl libyaml libxml2 libxslt perl-ExtUtils-Embed ca-certificates     # basic pg dependency
      - numactl grubby sysstat dstat iotop bind-utils net-tools tcpdump socat ipvsadm telnet  # system utils

      # dcs & monitor packages
      - grafana prometheus2 pushgateway alertmanager                                          # monitor and ui
      - node_exporter postgres_exporter nginx_exporter blackbox_exporter                      # exporter
      - consul consul_exporter consul-template etcd                                           # dcs

      # python3 dependencies
      - ansible python python-pip python-psycopg2                                             # ansible & python
      - python3 python3-psycopg2 python36-requests python3-etcd python3-consul                # python3
      - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography               # python3 patroni extra deps

      # proxy and load balancer
      - haproxy keepalived dnsmasq                                                            # proxy and dns

      # postgres common Packages
      - patroni patroni-consul patroni-etcd pgbouncer pg_cli pgbadger pg_activity               # major components
      - pgcenter boxinfo check_postgres emaj pgbconsole pg_bloat_check pgquarrel                # other common utils
      - barman barman-cli pgloader pgFormatter pitrery pspg pgxnclient PyGreSQL pgadmin4 tail_n_mail

      # postgres 13 packages
      - postgresql13* postgis31* citus_13 pgrouting_13                                          # postgres 13 and postgis 31
      - pg_repack13 pg_squeeze13                                                                # maintenance extensions
      - pg_qualstats13 pg_stat_kcache13 system_stats_13 bgw_replstatus13                        # stats extensions
      - plr13 plsh13 plpgsql_check_13 plproxy13 plr13 plsh13 plpgsql_check_13 pldebugger13      # PL extensions                                      # pl extensions
      - hdfs_fdw_13 mongo_fdw13 mysql_fdw_13 ogr_fdw13 redis_fdw_13 pgbouncer_fdw13             # FDW extensions
      - wal2json13 count_distinct13 ddlx_13 geoip13 orafce13                                    # MISC extensions
      - rum_13 hypopg_13 ip4r13 jsquery_13 logerrors_13 periods_13 pg_auto_failover_13 pg_catcheck13
      - pg_fkpart13 pg_jobmon13 pg_partman13 pg_prioritize_13 pg_track_settings13 pgaudit15_13
      - pgcryptokey13 pgexportdoc13 pgimportdoc13 pgmemcache-13 pgmp13 pgq-13
      - pguint13 pguri13 prefix13  safeupdate_13 semver13  table_version13 tdigest13


    repo_url_packages:
      - https://github.com/Vonng/pg_exporter/releases/download/v0.3.1/pg_exporter-0.3.1-1.el7.x86_64.rpm
      - https://github.com/cybertec-postgresql/vip-manager/releases/download/v0.6/vip-manager_0.6-1_amd64.rpm
      - http://guichaz.free.fr/polysh/files/polysh-0.4-1.noarch.rpm





    #------------------------------------------------------------------------------
    # NODE PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to provision nodes

    # - node dns - #
    node_dns_hosts: # static dns records in /etc/hosts
      - 10.10.10.10 yum.pigsty
    node_dns_server: add                          # add (default) | none (skip) | overwrite (remove old settings)
    node_dns_servers: # dynamic nameserver in /etc/resolv.conf
      - 10.10.10.10
    node_dns_options: # dns resolv options
      - options single-request-reopen timeout:1 rotate
      - domain service.consul

    # - node repo - #
    node_repo_method: local                       # none|local|public (use local repo for production env)
    node_repo_remove: true                        # whether remove existing repo
    # local repo url (if method=local, make sure firewall is configured or disabled)
    node_local_repo_url:
      - http://yum.pigsty/pigsty.repo

    # - node packages - #
    node_packages: # common packages for all nodes
      - wget,yum-utils,ntp,chrony,tuned,uuid,lz4,vim-minimal,make,patch,bash,lsof,wget,unzip,git,readline,zlib,openssl
      - numactl,grubby,sysstat,dstat,iotop,bind-utils,net-tools,tcpdump,socat,ipvsadm,telnet,tuned,pv,jq
      - python3,python3-psycopg2,python36-requests,python3-etcd,python3-consul
      - python36-urllib3,python36-idna,python36-pyOpenSSL,python36-cryptography
      - node_exporter,consul,consul-template,etcd,haproxy,keepalived,vip-manager
    node_extra_packages: # extra packages for all nodes
      - patroni,patroni-consul,patroni-etcd,pgbouncer,pgbadger,pg_activity
    node_meta_packages: # packages for meta nodes only
      - grafana,prometheus2,alertmanager,nginx_exporter,blackbox_exporter,pushgateway
      - dnsmasq,nginx,ansible,pgbadger,polysh

    # - node features - #
    node_disable_numa: false                      # disable numa, important for production database, reboot required
    node_disable_swap: false                      # disable swap, important for production database
    node_disable_firewall: true                   # disable firewall (required if using kubernetes)
    node_disable_selinux: true                    # disable selinux  (required if using kubernetes)
    node_static_network: true                     # keep dns resolver settings after reboot
    node_disk_prefetch: false                     # setup disk prefetch on HDD to increase performance

    # - node kernel modules - #
    node_kernel_modules:
      - softdog
      - br_netfilter
      - ip_vs
      - ip_vs_rr
      - ip_vs_rr
      - ip_vs_wrr
      - ip_vs_sh
      - nf_conntrack_ipv4

    # - node tuned - #
    node_tune: tiny                               # install and activate tuned profile: none|oltp|olap|crit|tiny
    node_sysctl_params: # set additional sysctl parameters, k:v format
      net.bridge.bridge-nf-call-iptables: 1       # for kubernetes

    # - node user - #
    node_admin_setup: true                        # setup an default admin user ?
    node_admin_uid: 88                            # uid and gid for admin user
    node_admin_username: admin                    # default admin user
    node_admin_ssh_exchange: true                 # exchange ssh key among cluster ?
    node_admin_pks: # public key list that will be installed
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC7IMAMNavYtWwzAJajKqwdn3ar5BhvcwCnBTxxEkXhGlCO2vfgosSAQMEflfgvkiI5nM1HIFQ8KINlx1XLO7SdL5KdInG5LIJjAFh0pujS4kNCT9a5IGvSq1BrzGqhbEcwWYdju1ZPYBcJm/MG+JD0dYCh8vfrYB/cYMD0SOmNkQ== vagrant@pigsty.com'

    # - node ntp - #
    node_ntp_service: ntp                         # ntp or chrony
    node_ntp_config: true                         # overwrite existing ntp config?
    node_timezone: Asia/Shanghai                  # default node timezone
    node_ntp_servers: # default NTP servers
      - pool cn.pool.ntp.org iburst
      - pool pool.ntp.org iburst
      - pool time.pool.aliyun.com iburst
      - server 10.10.10.10 iburst


    #------------------------------------------------------------------------------
    # META PROVISION
    #------------------------------------------------------------------------------
    # - ca - #
    ca_method: create                             # create|copy|recreate
    ca_subject: "/CN=root-ca"                     # self-signed CA subject
    ca_homedir: /ca                               # ca cert directory
    ca_cert: ca.crt                               # ca public key/cert
    ca_key: ca.key                                # ca private key

    # - nginx - #
    nginx_upstream:
      - {name: home,           host: pigsty,   url: "127.0.0.1:3000"}
      - { name: consul,        host: c.pigsty, url: "127.0.0.1:8500" }
      - { name: grafana,       host: g.pigsty, url: "127.0.0.1:3000" }
      - { name: prometheus,    host: p.pigsty, url: "127.0.0.1:9090" }
      - { name: alertmanager,  host: a.pigsty, url: "127.0.0.1:9093" }

    # - nameserver - #
    dns_records: # dynamic dns record resolved by dnsmasq
      - 10.10.10.2  pg-meta                       # sandbox vip for pg-meta
      - 10.10.10.3  pg-test                       # sandbox vip for pg-test
      - 10.10.10.10 meta-1                        # sandbox node meta-1 (node-0)
      - 10.10.10.11 node-1                        # sandbox node node-1
      - 10.10.10.12 node-2                        # sandbox node node-2
      - 10.10.10.13 node-3                        # sandbox node node-3
      - 10.10.10.10 pigsty
      - 10.10.10.10 y.pigsty yum.pigsty
      - 10.10.10.10 c.pigsty consul.pigsty
      - 10.10.10.10 g.pigsty grafana.pigsty
      - 10.10.10.10 p.pigsty prometheus.pigsty
      - 10.10.10.10 a.pigsty alertmanager.pigsty
      - 10.10.10.10 n.pigsty ntp.pigsty

    # - prometheus - #
    prometheus_scrape_interval: 2s                # global scrape & evaluation interval (2s for dev, 15s for prod)
    prometheus_scrape_timeout: 1s                 # global scrape timeout (1s for dev, 1s for prod)
    prometheus_metrics_path: /metrics             # default metrics path (only affect job 'pg')
    prometheus_data_dir: /export/prometheus/data  # prometheus data dir
    prometheus_retention: 30d                     # how long to keep

    # - grafana - #
    grafana_url: http://admin:admin@10.10.10.10:3000 # grafana url
    grafana_admin_password: admin                  # default grafana admin user password
    grafana_plugin: install                        # none|install|reinstall
    grafana_cache: /www/pigsty/grafana/plugins.tar.gz # path to grafana plugins tarball
    grafana_customize: true                        # customize grafana resources
    grafana_plugins: # default grafana plugins list
      - redis-datasource
      - simpod-json-datasource
      - fifemon-graphql-datasource
      - sbueringer-consul-datasource
      - camptocamp-prometheus-alertmanager-datasource
      - ryantxu-ajax-panel
      - marcusolsson-hourly-heatmap-panel
      - michaeldmoore-multistat-panel
      - marcusolsson-treemap-panel
      - pr0ps-trackmap-panel
      - dalvany-image-panel
      - magnesium-wordcloud-panel
      - cloudspout-button-panel
      - speakyourcode-button-panel
      - jdbranham-diagram-panel
      - grafana-piechart-panel
      - snuids-radar-panel
      - digrich-bubblechart-panel
    grafana_git_plugins:
      - https://github.com/Vonng/grafana-echarts



    #------------------------------------------------------------------------------
    # DCS PROVISION
    #------------------------------------------------------------------------------
    dcs_type: consul                              # consul | etcd | both
    dcs_name: pigsty                              # consul dc name | etcd initial cluster token
    # dcs server dict in name:ip format
    dcs_servers:
      meta-1: 10.10.10.10                         # you could use existing dcs cluster
      # meta-2: 10.10.10.11                       # host which have their IP listed here will be init as server
      # meta-3: 10.10.10.12                       # 3 or 5 dcs nodes are recommend for production environment

    dcs_exists_action: skip                       # abort|skip|clean if dcs server already exists
    consul_data_dir: /var/lib/consul              # consul data dir (/var/lib/consul by default)
    etcd_data_dir: /var/lib/etcd                  # etcd data dir (/var/lib/consul by default)


    #------------------------------------------------------------------------------
    # POSTGRES INSTALLATION
    #------------------------------------------------------------------------------
    # - dbsu - #
    pg_dbsu: postgres                             # os user for database, postgres by default (change it is not recommended!)
    pg_dbsu_uid: 26                               # os dbsu uid and gid, 26 for default postgres users and groups
    pg_dbsu_sudo: limit                           # none|limit|all|nopass (Privilege for dbsu, limit is recommended)
    pg_dbsu_home: /var/lib/pgsql                  # postgresql binary
    pg_dbsu_ssh_exchange: false                   # exchange ssh key among same cluster

    # - postgres packages - #
    pg_version: 13                                # default postgresql version
    pgdg_repo: false                              # use official pgdg yum repo (disable if you have local mirror)
    pg_add_repo: false                            # add postgres related repo before install (useful if you want a simple install)
    pg_bin_dir: /usr/pgsql/bin                    # postgres binary dir
    pg_packages:
      - postgresql${pg_version}*
      - postgis31_${pg_version}*
      - pgbouncer patroni pg_exporter pgbadger
      - patroni patroni-consul patroni-etcd pgbouncer pgbadger pg_activity
      - python3 python3-psycopg2 python36-requests python3-etcd python3-consul
      - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography

    pg_extensions:
      - pg_repack${pg_version} pg_qualstats${pg_version} pg_stat_kcache${pg_version} wal2json${pg_version}
      # - ogr_fdw${pg_version} mysql_fdw_${pg_version} redis_fdw_${pg_version} mongo_fdw${pg_version} hdfs_fdw_${pg_version}
      # - count_distinct${version}  ddlx_${version}  geoip${version}  orafce${version}                                   # popular features
      # - hypopg_${version}  ip4r${version}  jsquery_${version}  logerrors_${version}  periods_${version}  pg_auto_failover_${version}  pg_catcheck${version}
      # - pg_fkpart${version}  pg_jobmon${version}  pg_partman${version}  pg_prioritize_${version}  pg_track_settings${version}  pgaudit15_${version}
      # - pgcryptokey${version}  pgexportdoc${version}  pgimportdoc${version}  pgmemcache-${version}  pgmp${version}  pgq-${version}  pgquarrel pgrouting_${version}
      # - pguint${version}  pguri${version}  prefix${version}   safeupdate_${version}  semver${version}   table_version${version}  tdigest${version}



    #------------------------------------------------------------------------------
    # POSTGRES PROVISION
    #------------------------------------------------------------------------------
    # - identity - #
    # pg_cluster:                                 # [REQUIRED] cluster name (validated during pg_preflight)
    # pg_seq: 0                                   # [REQUIRED] instance seq (validated during pg_preflight)
    # pg_role: replica                            # [REQUIRED] service role (validated during pg_preflight)
    pg_hostname: false                            # overwrite node hostname with pg instance name
    pg_nodename: true                             # overwrite consul nodename with pg instance name

    # - retention - #
    # pg_exists_action, available options: abort|clean|skip
    #  - abort: abort entire play's execution (default)
    #  - clean: remove existing cluster (dangerous)
    #  - skip: end current play for this host
    # pg_exists: false                            # auxiliary flag variable (DO NOT SET THIS)
    pg_exists_action: clean

    # - storage - #
    pg_data: /pg/data                             # postgres data directory
    pg_fs_main: /export                           # data disk mount point     /pg -> {{ pg_fs_main }}/postgres/{{ pg_instance }}
    pg_fs_bkup: /var/backups                      # backup disk mount point   /pg/* -> {{ pg_fs_bkup }}/postgres/{{ pg_instance }}/*

    # - connection - #
    pg_listen: '0.0.0.0'                          # postgres listen address, '0.0.0.0' by default (all ipv4 addr)
    pg_port: 5432                                 # postgres port (5432 by default)

    # - patroni - #
    # patroni_mode, available options: default|pause|remove
    #   - default: default ha mode
    #   - pause:   into maintenance mode
    #   - remove:  remove patroni after bootstrap
    patroni_mode: default                         # pause|default|remove
    pg_namespace: /pg                             # top level key namespace in dcs
    patroni_port: 8008                            # default patroni port
    patroni_watchdog_mode: automatic              # watchdog mode: off|automatic|required
    pg_conf: tiny.yml                             # user provided patroni config template path

    # - pgbouncer - #
    pgbouncer_port: 6432                          # default pgbouncer port
    pgbouncer_poolmode: transaction               # default pooling mode: transaction pooling
    pgbouncer_max_db_conn: 100                    # important! do not set this larger than postgres max conn or conn limit

    # - template - #
    pg_init: pg-init                              # init script for cluster template

    # - system roles - #
    pg_replication_username: replicator           # system replication user
    pg_replication_password: DBUser.Replicator    # system replication password
    pg_monitor_username: dbuser_monitor           # system monitor user
    pg_monitor_password: DBUser.Monitor           # system monitor password
    pg_admin_username: dbuser_admin               # system admin user
    pg_admin_password: DBUser.Admin               # system admin password

    # - default roles - #
    pg_default_roles:
      - username: dbrole_readonly                 # sample user:
        options: NOLOGIN                          # role can not login
        comment: role for readonly access         # comment string

      - username: dbrole_readwrite                # sample user: one object for each user
        options: NOLOGIN
        comment: role for read-write access
        groups: [ dbrole_readonly ]               # read-write includes read-only access

      - username: dbrole_admin                    # sample user: one object for each user
        options: NOLOGIN BYPASSRLS                # admin can bypass row level security
        comment: role for object creation
        groups: [dbrole_readwrite,pg_monitor,pg_signal_backend]

      # NOTE: replicator, monitor, admin password are overwrite by separated config entry
      - username: postgres                        # reset dbsu password to NULL (if dbsu is not postgres)
        options: SUPERUSER LOGIN
        comment: system superuser

      - username: replicator
        options: REPLICATION LOGIN
        groups: [pg_monitor, dbrole_readonly]
        comment: system replicator

      - username: dbuser_monitor
        options: LOGIN CONNECTION LIMIT 10
        comment: system monitor user
        groups: [pg_monitor, dbrole_readonly]

      - username: dbuser_admin
        options: LOGIN BYPASSRLS
        comment: system admin user
        groups: [dbrole_admin]

      - username: dbuser_stats
        password: DBUser.Stats
        options: LOGIN
        comment: business read-only user for statistics
        groups: [dbrole_readonly]


    # object created by dbsu and admin will have their privileges properly set
    pg_default_privilegs:
      - GRANT USAGE                         ON SCHEMAS   TO dbrole_readonly
      - GRANT SELECT                        ON TABLES    TO dbrole_readonly
      - GRANT SELECT                        ON SEQUENCES TO dbrole_readonly
      - GRANT EXECUTE                       ON FUNCTIONS TO dbrole_readonly
      - GRANT INSERT, UPDATE, DELETE        ON TABLES    TO dbrole_readwrite
      - GRANT USAGE,  UPDATE                ON SEQUENCES TO dbrole_readwrite
      - GRANT TRUNCATE, REFERENCES, TRIGGER ON TABLES    TO dbrole_admin
      - GRANT CREATE                        ON SCHEMAS   TO dbrole_admin
      - GRANT USAGE                         ON TYPES     TO dbrole_admin

    # schemas
    pg_default_schemas: [monitor]

    # extension
    pg_default_extensions:
      - { name: 'pg_stat_statements',  schema: 'monitor' }
      - { name: 'pgstattuple',         schema: 'monitor' }
      - { name: 'pg_qualstats',        schema: 'monitor' }
      - { name: 'pg_buffercache',      schema: 'monitor' }
      - { name: 'pageinspect',         schema: 'monitor' }
      - { name: 'pg_prewarm',          schema: 'monitor' }
      - { name: 'pg_visibility',       schema: 'monitor' }
      - { name: 'pg_freespacemap',     schema: 'monitor' }
      - { name: 'pg_repack',           schema: 'monitor' }
      - name: postgres_fdw
      - name: file_fdw
      - name: btree_gist
      - name: btree_gin
      - name: pg_trgm
      - name: intagg
      - name: intarray

    # postgres host-based authentication rules
    pg_hba_rules:
      - title: allow meta node password access
        role: common
        rules:
          - host    all     all                         10.10.10.10/32      md5

      - title: allow intranet admin password access
        role: common
        rules:
          - host    all     +dbrole_admin               10.0.0.0/8          md5
          - host    all     +dbrole_admin               172.16.0.0/12       md5
          - host    all     +dbrole_admin               192.168.0.0/16      md5

      - title: allow intranet password access
        role: common
        rules:
          - host    all             all                 10.0.0.0/8          md5
          - host    all             all                 172.16.0.0/12       md5
          - host    all             all                 192.168.0.0/16      md5

      - title: allow local read-write access (local production user via pgbouncer)
        role: common
        rules:
          - local   all     +dbrole_readwrite                               md5
          - host    all     +dbrole_readwrite           127.0.0.1/32        md5

      - title: allow read-only user (stats, personal) password directly access
        role: replica
        rules:
          - local   all     +dbrole_readonly                               md5
          - host    all     +dbrole_readonly           127.0.0.1/32        md5

    # pgbouncer host-based authentication rules
    pgbouncer_hba_rules:
      - title: local password access
        role: common
        rules:
          - local  all          all                                     md5
          - host   all          all                     127.0.0.1/32    md5

      - title: intranet password access
        role: common
        rules:
          - host   all          all                     10.0.0.0/8      md5
          - host   all          all                     172.16.0.0/12   md5
          - host   all          all                     192.168.0.0/16  md5

    #------------------------------------------------------------------------------
    # MONITOR PROVISION
    #------------------------------------------------------------------------------
    # - monitor options -
    pg_exporter_config: pg_exporter-demo.yaml     # default config files for pg_exporter
    node_exporter_port: 9100                      # default port for node exporter
    pg_exporter_port: 9630                        # default port for pg exporter
    pgbouncer_exporter_port: 9631                 # default port for pgbouncer exporter
    exporter_metrics_path: /metrics               # default metric path for pg related exporter
    pg_localhost: /var/run/postgresql             # localhost unix socket path


    #------------------------------------------------------------------------------
    # PROXY PROVISION
    #------------------------------------------------------------------------------
    # - haproxy - #
    haproxy_enabled: true                         # enable haproxy among every cluster members
    haproxy_policy: leastconn                     # roundrobin, leastconn
    haproxy_admin_username: admin                 # default haproxy admin username
    haproxy_admin_password: admin                 # default haproxy admin password
    haproxy_client_timeout: 3h                    # client side connection timeout
    haproxy_server_timeout: 3h                    # server side connection timeout
    haproxy_exporter_port: 9101                   # default admin/exporter port
    haproxy_check_port: 8008                      # default health check port (patroni 8008 by default)
    haproxy_primary_port: 5433                    # default primary port 5433
    haproxy_replica_port: 5434                    # default replica port 5434
    haproxy_backend_port: 6432                    # default target port: pgbouncer:6432 postgres:5432

    # - vip - #
    # vip_enabled: true                             # level2 vip requires primary/standby under same switch
    # vip_address: 127.0.0.1                      # virtual ip address ip/cidr
    # vip_cidrmask: 32                            # virtual ip address cidr mask
    # vip_interface: eth0                         # virtual ip network interface

...

8 - 参考

Pigsty配置项细节参考

This is a placeholder page that shows you how to use this template site.

If your project has an API, configuration, or other reference - anything that users need to look up that’s at an even lower level than a single task - put (or link to it) here. You can serve and link to generated reference docs created using Doxygen, Javadoc, or other doc generation tools by putting them in your static/ directory. Find out more in Adding static content. For OpenAPI reference, Docsy also provides a Swagger UI layout and shortcode that renders Swagger UI using any OpenAPI YAML or JSON file as source.

8.1 - 配置参数

配置参数详细介绍

---
######################################################################
# File      :   dev.yml
# Path      :   conf/dev.yml
# Desc      :   Configuration file for development (demo) environment
# Note      :   follow ansible inventory file format
# Ctime     :   2020-05-22
# Mtime     :   2020-12-22
# Copyright (C) 2019-2021 Ruohang Feng
######################################################################


######################################################################
#               Development Environment Inventory                    #
######################################################################
all: # top-level namespace, match all hosts


  #==================================================================#
  #                           Clusters                               #
  #==================================================================#
  children: # top-level groups, one group per database cluster (and special group 'meta')

    #-----------------------------
    # meta controller
    #-----------------------------
    meta: # special group 'meta' defines the main controller machine
      vars:
        meta_node: true                     # mark node as meta controller
        ansible_group_priority: 99          # meta group is top priority

      # nodes in meta group
      hosts: {10.10.10.10: {ansible_host: meta}}

    #-----------------------------
    # cluster: pg-meta
    #-----------------------------
    pg-meta:

      # - cluster members - #
      hosts:
        10.10.10.10: {pg_seq: 1, pg_role: primary, ansible_host: meta}

      # - cluster configs - #
      vars:
        pg_cluster: pg-meta                 # define actual cluster name
        pg_version: 13                      # define installed pgsql version
        node_tune: oltp                     # tune node into oltp|olap|crit|tiny mode
        pg_conf: oltp.yml                   # tune pgsql into oltp/olap/crit/tiny mode
        patroni_mode: pause                 # enter maintenance mode, {default|pause|remove}
        patroni_watchdog_mode: off          # disable watchdog (require|automatic|off)
        pg_users:                           # create a business user named 'dbuser_meta'
          - {username: dbuser_meta, password: DBUser.Meta, groups: [dbrole_readwrite]}
        pg_databases:                       # create a business database 'meta'
          - name: meta
            schemas: [meta]                 # create extra schema named 'meta'
            extensions: [{name: postgis}]   # create extra extension postgis
            parameters:                     # overwrite database meta's default search_path
              search_path: public, monitor
        pg_default_database: meta           # default database will be used as primary monitor target

        # proxy settings
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.2             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip


    #-----------------------------
    # cluster: pg-test
    #-----------------------------
    pg-test: # define cluster named 'pg-test'
      # - cluster members - #
      hosts:
        10.10.10.11: {pg_seq: 1, pg_role: primary, ansible_host: node-1}
        10.10.10.12: {pg_seq: 1, pg_role: replica, ansible_host: node-2}
        10.10.10.13: {pg_seq: 1, pg_role: replica, ansible_host: node-3}
      # - cluster configs - #
      vars:
        # basic settings
        pg_cluster: pg-test                 # define actual cluster name
        pg_version: 13                      # define installed pgsql version
        node_tune: tiny                     # tune node into oltp|olap|crit|tiny mode
        pg_conf: tiny.yml                   # tune pgsql into oltp/olap/crit/tiny mode

        pg_users:
          - username: test
            password: test
            comment: default test user
            groups: [ dbrole_readwrite ]
        pg_databases:                       # create a business database 'test'
          - name: test
            extensions: [{name: postgis}]   # create extra extension postgis
            parameters:                     # overwrite database meta's default search_path
              search_path: public,monitor
        pg_default_database: test           # default database will be used as primary monitor target

        # proxy settings
        vip_enabled: true                   # enable/disable vip (require members in same LAN)
        vip_address: 10.10.10.3             # virtual ip address
        vip_cidrmask: 8                     # cidr network mask length
        vip_interface: eth1                 # interface to add virtual ip



  #==================================================================#
  #                           Globals                                #
  #==================================================================#
  vars:

    #------------------------------------------------------------------------------
    # CONNECTION PARAMETERS
    #------------------------------------------------------------------------------
    # this section defines connection parameters

    # ansible_user: vagrant             # admin user with ssh access and sudo privilege

    proxy_env: # global proxy env when downloading packages
      # http_proxy: 'http://xxxxxx'
      # https_proxy: 'http://xxxxxx'
      # all_proxy: 'http://xxxxxx'
      no_proxy: "localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16,*.pigsty,*.aliyun.com"

    #------------------------------------------------------------------------------
    # REPO PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to build a local repo

    repo_enabled: true                            # build local yum repo on meta nodes?
    repo_name: pigsty                             # local repo name
    repo_address: yum.pigsty                      # repo external address (ip:port or url)
    repo_port: 80                                 # listen address, must same as repo_address
    repo_home: /www                               # default repo dir location
    repo_rebuild: false                           # force re-download packages
    repo_remove: true                             # remove existing repos

    # - where to download - #
    repo_upstreams:
      - name: base
        description: CentOS-$releasever - Base - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: updates
        description: CentOS-$releasever - Updates - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: extras
        description: CentOS-$releasever - Extras - Aliyun Mirror
        baseurl:
          - http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
          - http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
          - http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
        gpgcheck: no
        failovermethod: priority

      - name: epel
        description: CentOS $releasever - EPEL - Aliyun Mirror
        baseurl: http://mirrors.aliyun.com/epel/$releasever/$basearch
        gpgcheck: no
        failovermethod: priority

      - name: grafana
        description: Grafana - TsingHua Mirror
        gpgcheck: no
        baseurl: https://mirrors.tuna.tsinghua.edu.cn/grafana/yum/rpm

      - name: prometheus
        description: Prometheus and exporters
        gpgcheck: no
        baseurl: https://packagecloud.io/prometheus-rpm/release/el/$releasever/$basearch

      - name: pgdg-common
        description: PostgreSQL common RPMs for RHEL/CentOS $releasever - $basearch
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-$releasever-$basearch

      - name: pgdg13
        description: PostgreSQL 13 for RHEL/CentOS $releasever - $basearch - Updates testing
        gpgcheck: no
        baseurl: https://download.postgresql.org/pub/repos/yum/13/redhat/rhel-$releasever-$basearch

      - name: centos-sclo
        description: CentOS-$releasever - SCLo
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-sclo

      - name: centos-sclo-rh
        description: CentOS-$releasever - SCLo rh
        gpgcheck: no
        mirrorlist: http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-rh

      - name: nginx
        description: Nginx Official Yum Repo
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: http://nginx.org/packages/centos/$releasever/$basearch/

      - name: haproxy
        description: Copr repo for haproxy
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: https://download.copr.fedorainfracloud.org/results/roidelapluie/haproxy/epel-$releasever-$basearch/

      # for latest consul & kubernetes
      - name: harbottle
        description: Copr repo for main owned by harbottle
        skip_if_unavailable: true
        gpgcheck: no
        baseurl: https://download.copr.fedorainfracloud.org/results/harbottle/main/epel-$releasever-$basearch/


    # - what to download - #
    repo_packages:
      # repo bootstrap packages
      - epel-release nginx wget yum-utils yum createrepo                                      # bootstrap packages

      # node basic packages
      - ntp chrony uuid lz4 nc pv jq vim-enhanced make patch bash lsof wget unzip git tuned   # basic system util
      - readline zlib openssl libyaml libxml2 libxslt perl-ExtUtils-Embed ca-certificates     # basic pg dependency
      - numactl grubby sysstat dstat iotop bind-utils net-tools tcpdump socat ipvsadm telnet  # system utils

      # dcs & monitor packages
      - grafana prometheus2 pushgateway alertmanager                                          # monitor and ui
      - node_exporter postgres_exporter nginx_exporter blackbox_exporter                      # exporter
      - consul consul_exporter consul-template etcd                                           # dcs

      # python3 dependencies
      - ansible python python-pip python-psycopg2                                             # ansible & python
      - python3 python3-psycopg2 python36-requests python3-etcd python3-consul                # python3
      - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography               # python3 patroni extra deps

      # proxy and load balancer
      - haproxy keepalived dnsmasq                                                            # proxy and dns

      # postgres common Packages
      - patroni patroni-consul patroni-etcd pgbouncer pg_cli pgbadger pg_activity               # major components
      - pgcenter boxinfo check_postgres emaj pgbconsole pg_bloat_check pgquarrel                # other common utils
      - barman barman-cli pgloader pgFormatter pitrery pspg pgxnclient PyGreSQL pgadmin4 tail_n_mail

      # postgres 13 packages
      - postgresql13* postgis31* citus_13 pgrouting_13                                          # postgres 13 and postgis 31
      - pg_repack13 pg_squeeze13                                                                # maintenance extensions
      - pg_qualstats13 pg_stat_kcache13 system_stats_13 bgw_replstatus13                        # stats extensions
      - plr13 plsh13 plpgsql_check_13 plproxy13 plr13 plsh13 plpgsql_check_13 pldebugger13      # PL extensions                                      # pl extensions
      - hdfs_fdw_13 mongo_fdw13 mysql_fdw_13 ogr_fdw13 redis_fdw_13 pgbouncer_fdw13             # FDW extensions
      - wal2json13 count_distinct13 ddlx_13 geoip13 orafce13                                    # MISC extensions
      - rum_13 hypopg_13 ip4r13 jsquery_13 logerrors_13 periods_13 pg_auto_failover_13 pg_catcheck13
      - pg_fkpart13 pg_jobmon13 pg_partman13 pg_prioritize_13 pg_track_settings13 pgaudit15_13
      - pgcryptokey13 pgexportdoc13 pgimportdoc13 pgmemcache-13 pgmp13 pgq-13
      - pguint13 pguri13 prefix13  safeupdate_13 semver13  table_version13 tdigest13


    repo_url_packages:
      - https://github.com/Vonng/pg_exporter/releases/download/v0.3.1/pg_exporter-0.3.1-1.el7.x86_64.rpm
      - https://github.com/cybertec-postgresql/vip-manager/releases/download/v0.6/vip-manager_0.6-1_amd64.rpm
      - http://guichaz.free.fr/polysh/files/polysh-0.4-1.noarch.rpm





    #------------------------------------------------------------------------------
    # NODE PROVISION
    #------------------------------------------------------------------------------
    # this section defines how to provision nodes

    # - node dns - #
    node_dns_hosts: # static dns records in /etc/hosts
      - 10.10.10.10 yum.pigsty
    node_dns_server: add                          # add (default) | none (skip) | overwrite (remove old settings)
    node_dns_servers: # dynamic nameserver in /etc/resolv.conf
      - 10.10.10.10
    node_dns_options: # dns resolv options
      - options single-request-reopen timeout:1 rotate
      - domain service.consul

    # - node repo - #
    node_repo_method: local                       # none|local|public (use local repo for production env)
    node_repo_remove: true                        # whether remove existing repo
    # local repo url (if method=local, make sure firewall is configured or disabled)
    node_local_repo_url:
      - http://yum.pigsty/pigsty.repo

    # - node packages - #
    node_packages: # common packages for all nodes
      - wget,yum-utils,ntp,chrony,tuned,uuid,lz4,vim-minimal,make,patch,bash,lsof,wget,unzip,git,readline,zlib,openssl
      - numactl,grubby,sysstat,dstat,iotop,bind-utils,net-tools,tcpdump,socat,ipvsadm,telnet,tuned,pv,jq
      - python3,python3-psycopg2,python36-requests,python3-etcd,python3-consul
      - python36-urllib3,python36-idna,python36-pyOpenSSL,python36-cryptography
      - node_exporter,consul,consul-template,etcd,haproxy,keepalived,vip-manager
    node_extra_packages: # extra packages for all nodes
      - patroni,patroni-consul,patroni-etcd,pgbouncer,pgbadger,pg_activity
    node_meta_packages: # packages for meta nodes only
      - grafana,prometheus2,alertmanager,nginx_exporter,blackbox_exporter,pushgateway
      - dnsmasq,nginx,ansible,pgbadger,polysh

    # - node features - #
    node_disable_numa: false                      # disable numa, important for production database, reboot required
    node_disable_swap: false                      # disable swap, important for production database
    node_disable_firewall: true                   # disable firewall (required if using kubernetes)
    node_disable_selinux: true                    # disable selinux  (required if using kubernetes)
    node_static_network: true                     # keep dns resolver settings after reboot
    node_disk_prefetch: false                     # setup disk prefetch on HDD to increase performance

    # - node kernel modules - #
    node_kernel_modules:
      - softdog
      - br_netfilter
      - ip_vs
      - ip_vs_rr
      - ip_vs_rr
      - ip_vs_wrr
      - ip_vs_sh
      - nf_conntrack_ipv4

    # - node tuned - #
    node_tune: tiny                               # install and activate tuned profile: none|oltp|olap|crit|tiny
    node_sysctl_params: # set additional sysctl parameters, k:v format
      net.bridge.bridge-nf-call-iptables: 1       # for kubernetes

    # - node user - #
    node_admin_setup: true                        # setup an default admin user ?
    node_admin_uid: 88                            # uid and gid for admin user
    node_admin_username: admin                    # default admin user
    node_admin_ssh_exchange: true                 # exchange ssh key among cluster ?
    node_admin_pks: # public key list that will be installed
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC7IMAMNavYtWwzAJajKqwdn3ar5BhvcwCnBTxxEkXhGlCO2vfgosSAQMEflfgvkiI5nM1HIFQ8KINlx1XLO7SdL5KdInG5LIJjAFh0pujS4kNCT9a5IGvSq1BrzGqhbEcwWYdju1ZPYBcJm/MG+JD0dYCh8vfrYB/cYMD0SOmNkQ== vagrant@pigsty.com'

    # - node ntp - #
    node_ntp_service: ntp                         # ntp or chrony
    node_ntp_config: true                         # overwrite existing ntp config?
    node_timezone: Asia/Shanghai                  # default node timezone
    node_ntp_servers: # default NTP servers
      - pool cn.pool.ntp.org iburst
      - pool pool.ntp.org iburst
      - pool time.pool.aliyun.com iburst
      - server 10.10.10.10 iburst


    #------------------------------------------------------------------------------
    # META PROVISION
    #------------------------------------------------------------------------------
    # - ca - #
    ca_method: create                             # create|copy|recreate
    ca_subject: "/CN=root-ca"                     # self-signed CA subject
    ca_homedir: /ca                               # ca cert directory
    ca_cert: ca.crt                               # ca public key/cert
    ca_key: ca.key                                # ca private key

    # - nginx - #
    nginx_upstream:
      - {name: home,           host: pigsty,   url: "127.0.0.1:3000"}
      - { name: consul,        host: c.pigsty, url: "127.0.0.1:8500" }
      - { name: grafana,       host: g.pigsty, url: "127.0.0.1:3000" }
      - { name: prometheus,    host: p.pigsty, url: "127.0.0.1:9090" }
      - { name: alertmanager,  host: a.pigsty, url: "127.0.0.1:9093" }

    # - nameserver - #
    dns_records: # dynamic dns record resolved by dnsmasq
      - 10.10.10.2  pg-meta                       # sandbox vip for pg-meta
      - 10.10.10.3  pg-test                       # sandbox vip for pg-test
      - 10.10.10.10 meta-1                        # sandbox node meta-1 (node-0)
      - 10.10.10.11 node-1                        # sandbox node node-1
      - 10.10.10.12 node-2                        # sandbox node node-2
      - 10.10.10.13 node-3                        # sandbox node node-3
      - 10.10.10.10 pigsty
      - 10.10.10.10 y.pigsty yum.pigsty
      - 10.10.10.10 c.pigsty consul.pigsty
      - 10.10.10.10 g.pigsty grafana.pigsty
      - 10.10.10.10 p.pigsty prometheus.pigsty
      - 10.10.10.10 a.pigsty alertmanager.pigsty
      - 10.10.10.10 n.pigsty ntp.pigsty

    # - prometheus - #
    prometheus_scrape_interval: 2s                # global scrape & evaluation interval (2s for dev, 15s for prod)
    prometheus_scrape_timeout: 1s                 # global scrape timeout (1s for dev, 1s for prod)
    prometheus_metrics_path: /metrics             # default metrics path (only affect job 'pg')
    prometheus_data_dir: /export/prometheus/data  # prometheus data dir
    prometheus_retention: 30d                     # how long to keep

    # - grafana - #
    grafana_url: http://admin:admin@10.10.10.10:3000 # grafana url
    grafana_admin_password: admin                  # default grafana admin user password
    grafana_plugin: install                        # none|install|reinstall
    grafana_cache: /www/pigsty/grafana/plugins.tar.gz # path to grafana plugins tarball
    grafana_customize: true                        # customize grafana resources
    grafana_plugins: # default grafana plugins list
      - redis-datasource
      - simpod-json-datasource
      - fifemon-graphql-datasource
      - sbueringer-consul-datasource
      - camptocamp-prometheus-alertmanager-datasource
      - ryantxu-ajax-panel
      - marcusolsson-hourly-heatmap-panel
      - michaeldmoore-multistat-panel
      - marcusolsson-treemap-panel
      - pr0ps-trackmap-panel
      - dalvany-image-panel
      - magnesium-wordcloud-panel
      - cloudspout-button-panel
      - speakyourcode-button-panel
      - jdbranham-diagram-panel
      - grafana-piechart-panel
      - snuids-radar-panel
      - digrich-bubblechart-panel
    grafana_git_plugins:
      - https://github.com/Vonng/grafana-echarts



    #------------------------------------------------------------------------------
    # DCS PROVISION
    #------------------------------------------------------------------------------
    dcs_type: consul                              # consul | etcd | both
    dcs_name: pigsty                              # consul dc name | etcd initial cluster token
    # dcs server dict in name:ip format
    dcs_servers:
      meta-1: 10.10.10.10                         # you could use existing dcs cluster
      # meta-2: 10.10.10.11                       # host which have their IP listed here will be init as server
      # meta-3: 10.10.10.12                       # 3 or 5 dcs nodes are recommend for production environment

    dcs_exists_action: skip                       # abort|skip|clean if dcs server already exists
    consul_data_dir: /var/lib/consul              # consul data dir (/var/lib/consul by default)
    etcd_data_dir: /var/lib/etcd                  # etcd data dir (/var/lib/consul by default)


    #------------------------------------------------------------------------------
    # POSTGRES INSTALLATION
    #------------------------------------------------------------------------------
    # - dbsu - #
    pg_dbsu: postgres                             # os user for database, postgres by default (change it is not recommended!)
    pg_dbsu_uid: 26                               # os dbsu uid and gid, 26 for default postgres users and groups
    pg_dbsu_sudo: limit                           # none|limit|all|nopass (Privilege for dbsu, limit is recommended)
    pg_dbsu_home: /var/lib/pgsql                  # postgresql binary
    pg_dbsu_ssh_exchange: false                   # exchange ssh key among same cluster

    # - postgres packages - #
    pg_version: 13                                # default postgresql version
    pgdg_repo: false                              # use official pgdg yum repo (disable if you have local mirror)
    pg_add_repo: false                            # add postgres related repo before install (useful if you want a simple install)
    pg_bin_dir: /usr/pgsql/bin                    # postgres binary dir
    pg_packages:
      - postgresql${pg_version}*
      - postgis31_${pg_version}*
      - pgbouncer patroni pg_exporter pgbadger
      - patroni patroni-consul patroni-etcd pgbouncer pgbadger pg_activity
      - python3 python3-psycopg2 python36-requests python3-etcd python3-consul
      - python36-urllib3 python36-idna python36-pyOpenSSL python36-cryptography

    pg_extensions:
      - pg_repack${pg_version} pg_qualstats${pg_version} pg_stat_kcache${pg_version} wal2json${pg_version}
      # - ogr_fdw${pg_version} mysql_fdw_${pg_version} redis_fdw_${pg_version} mongo_fdw${pg_version} hdfs_fdw_${pg_version}
      # - count_distinct${version}  ddlx_${version}  geoip${version}  orafce${version}                                   # popular features
      # - hypopg_${version}  ip4r${version}  jsquery_${version}  logerrors_${version}  periods_${version}  pg_auto_failover_${version}  pg_catcheck${version}
      # - pg_fkpart${version}  pg_jobmon${version}  pg_partman${version}  pg_prioritize_${version}  pg_track_settings${version}  pgaudit15_${version}
      # - pgcryptokey${version}  pgexportdoc${version}  pgimportdoc${version}  pgmemcache-${version}  pgmp${version}  pgq-${version}  pgquarrel pgrouting_${version}
      # - pguint${version}  pguri${version}  prefix${version}   safeupdate_${version}  semver${version}   table_version${version}  tdigest${version}



    #------------------------------------------------------------------------------
    # POSTGRES PROVISION
    #------------------------------------------------------------------------------
    # - identity - #
    # pg_cluster:                                 # [REQUIRED] cluster name (validated during pg_preflight)
    # pg_seq: 0                                   # [REQUIRED] instance seq (validated during pg_preflight)
    # pg_role: replica                            # [REQUIRED] service role (validated during pg_preflight)
    pg_hostname: false                            # overwrite node hostname with pg instance name
    pg_nodename: true                             # overwrite consul nodename with pg instance name

    # - retention - #
    # pg_exists_action, available options: abort|clean|skip
    #  - abort: abort entire play's execution (default)
    #  - clean: remove existing cluster (dangerous)
    #  - skip: end current play for this host
    # pg_exists: false                            # auxiliary flag variable (DO NOT SET THIS)
    pg_exists_action: clean

    # - storage - #
    pg_data: /pg/data                             # postgres data directory
    pg_fs_main: /export                           # data disk mount point     /pg -> {{ pg_fs_main }}/postgres/{{ pg_instance }}
    pg_fs_bkup: /var/backups                      # backup disk mount point   /pg/* -> {{ pg_fs_bkup }}/postgres/{{ pg_instance }}/*

    # - connection - #
    pg_listen: '0.0.0.0'                          # postgres listen address, '0.0.0.0' by default (all ipv4 addr)
    pg_port: 5432                                 # postgres port (5432 by default)

    # - patroni - #
    # patroni_mode, available options: default|pause|remove
    #   - default: default ha mode
    #   - pause:   into maintenance mode
    #   - remove:  remove patroni after bootstrap
    patroni_mode: default                         # pause|default|remove
    pg_namespace: /pg                             # top level key namespace in dcs
    patroni_port: 8008                            # default patroni port
    patroni_watchdog_mode: automatic              # watchdog mode: off|automatic|required
    pg_conf: tiny.yml                             # user provided patroni config template path

    # - pgbouncer - #
    pgbouncer_port: 6432                          # default pgbouncer port
    pgbouncer_poolmode: transaction               # default pooling mode: transaction pooling
    pgbouncer_max_db_conn: 100                    # important! do not set this larger than postgres max conn or conn limit

    # - template - #
    pg_init: pg-init                              # init script for cluster template

    # - system roles - #
    pg_replication_username: replicator           # system replication user
    pg_replication_password: DBUser.Replicator    # system replication password
    pg_monitor_username: dbuser_monitor           # system monitor user
    pg_monitor_password: DBUser.Monitor           # system monitor password
    pg_admin_username: dbuser_admin               # system admin user
    pg_admin_password: DBUser.Admin               # system admin password

    # - default roles - #
    pg_default_roles:
      - username: dbrole_readonly                 # sample user:
        options: NOLOGIN                          # role can not login
        comment: role for readonly access         # comment string

      - username: dbrole_readwrite                # sample user: one object for each user
        options: NOLOGIN
        comment: role for read-write access
        groups: [ dbrole_readonly ]               # read-write includes read-only access

      - username: dbrole_admin                    # sample user: one object for each user
        options: NOLOGIN BYPASSRLS                # admin can bypass row level security
        comment: role for object creation
        groups: [dbrole_readwrite,pg_monitor,pg_signal_backend]

      # NOTE: replicator, monitor, admin password are overwrite by separated config entry
      - username: postgres                        # reset dbsu password to NULL (if dbsu is not postgres)
        options: SUPERUSER LOGIN
        comment: system superuser

      - username: replicator
        options: REPLICATION LOGIN
        groups: [pg_monitor, dbrole_readonly]
        comment: system replicator

      - username: dbuser_monitor
        options: LOGIN CONNECTION LIMIT 10
        comment: system monitor user
        groups: [pg_monitor, dbrole_readonly]

      - username: dbuser_admin
        options: LOGIN BYPASSRLS
        comment: system admin user
        groups: [dbrole_admin]

      - username: dbuser_stats
        password: DBUser.Stats
        options: LOGIN
        comment: business read-only user for statistics
        groups: [dbrole_readonly]


    # object created by dbsu and admin will have their privileges properly set
    pg_default_privilegs:
      - GRANT USAGE                         ON SCHEMAS   TO dbrole_readonly
      - GRANT SELECT                        ON TABLES    TO dbrole_readonly
      - GRANT SELECT                        ON SEQUENCES TO dbrole_readonly
      - GRANT EXECUTE                       ON FUNCTIONS TO dbrole_readonly
      - GRANT INSERT, UPDATE, DELETE        ON TABLES    TO dbrole_readwrite
      - GRANT USAGE,  UPDATE                ON SEQUENCES TO dbrole_readwrite
      - GRANT TRUNCATE, REFERENCES, TRIGGER ON TABLES    TO dbrole_admin
      - GRANT CREATE                        ON SCHEMAS   TO dbrole_admin
      - GRANT USAGE                         ON TYPES     TO dbrole_admin

    # schemas
    pg_default_schemas: [monitor]

    # extension
    pg_default_extensions:
      - { name: 'pg_stat_statements',  schema: 'monitor' }
      - { name: 'pgstattuple',         schema: 'monitor' }
      - { name: 'pg_qualstats',        schema: 'monitor' }
      - { name: 'pg_buffercache',      schema: 'monitor' }
      - { name: 'pageinspect',         schema: 'monitor' }
      - { name: 'pg_prewarm',          schema: 'monitor' }
      - { name: 'pg_visibility',       schema: 'monitor' }
      - { name: 'pg_freespacemap',     schema: 'monitor' }
      - { name: 'pg_repack',           schema: 'monitor' }
      - name: postgres_fdw
      - name: file_fdw
      - name: btree_gist
      - name: btree_gin
      - name: pg_trgm
      - name: intagg
      - name: intarray

    # postgres host-based authentication rules
    pg_hba_rules:
      - title: allow meta node password access
        role: common
        rules:
          - host    all     all                         10.10.10.10/32      md5

      - title: allow intranet admin password access
        role: common
        rules:
          - host    all     +dbrole_admin               10.0.0.0/8          md5
          - host    all     +dbrole_admin               172.16.0.0/12       md5
          - host    all     +dbrole_admin               192.168.0.0/16      md5

      - title: allow intranet password access
        role: common
        rules:
          - host    all             all                 10.0.0.0/8          md5
          - host    all             all                 172.16.0.0/12       md5
          - host    all             all                 192.168.0.0/16      md5

      - title: allow local read-write access (local production user via pgbouncer)
        role: common
        rules:
          - local   all     +dbrole_readwrite                               md5
          - host    all     +dbrole_readwrite           127.0.0.1/32        md5

      - title: allow read-only user (stats, personal) password directly access
        role: replica
        rules:
          - local   all     +dbrole_readonly                               md5
          - host    all     +dbrole_readonly           127.0.0.1/32        md5

    # pgbouncer host-based authentication rules
    pgbouncer_hba_rules:
      - title: local password access
        role: common
        rules:
          - local  all          all                                     md5
          - host   all          all                     127.0.0.1/32    md5

      - title: intranet password access
        role: common
        rules:
          - host   all          all                     10.0.0.0/8      md5
          - host   all          all                     172.16.0.0/12   md5
          - host   all          all                     192.168.0.0/16  md5

    #------------------------------------------------------------------------------
    # MONITOR PROVISION
    #------------------------------------------------------------------------------
    # - monitor options -
    pg_exporter_config: pg_exporter-demo.yaml     # default config files for pg_exporter
    node_exporter_port: 9100                      # default port for node exporter
    pg_exporter_port: 9630                        # default port for pg exporter
    pgbouncer_exporter_port: 9631                 # default port for pgbouncer exporter
    exporter_metrics_path: /metrics               # default metric path for pg related exporter
    pg_localhost: /var/run/postgresql             # localhost unix socket path


    #------------------------------------------------------------------------------
    # PROXY PROVISION
    #------------------------------------------------------------------------------
    # - haproxy - #
    haproxy_enabled: true                         # enable haproxy among every cluster members
    haproxy_policy: leastconn                     # roundrobin, leastconn
    haproxy_admin_username: admin                 # default haproxy admin username
    haproxy_admin_password: admin                 # default haproxy admin password
    haproxy_client_timeout: 3h                    # client side connection timeout
    haproxy_server_timeout: 3h                    # server side connection timeout
    haproxy_exporter_port: 9101                   # default admin/exporter port
    haproxy_check_port: 8008                      # default health check port (patroni 8008 by default)
    haproxy_primary_port: 5433                    # default primary port 5433
    haproxy_replica_port: 5434                    # default replica port 5434
    haproxy_backend_port: 6432                    # default target port: pgbouncer:6432 postgres:5432

    # - vip - #
    # vip_enabled: true                             # level2 vip requires primary/standby under same switch
    # vip_address: 127.0.0.1                      # virtual ip address ip/cidr
    # vip_cidrmask: 32                            # virtual ip address cidr mask
    # vip_interface: eth0                         # virtual ip network interface

...

8.2 - 操作系统内核参数

Pigsty针对操作系统内核进行的参数调整

Database kernel optimisation

# Database kernel optimisation
fs.aio-max-nr = 1048576 # 限制并发未完成的异步请求数目，，不应小于1M
fs.file-max = 16777216  # 最大打开16M个文件

# kernel
kernel.shmmax = 485058		# 共享内存最大页面数量: $(expr $(getconf _PHYS_PAGES) / 2)
kernel.shmall = 1986797568 	# 共享内存总大小： $(expr $(getconf _PHYS_PAGES) / 2 \* $(getconf PAGE_SIZE))
kernel.shmmni = 16384 		# 系统范围内共享内存段的最大数量 4096 -> 16384
kernel.msgmni = 32768		# 系统的消息队列数目,影响可以启动的代理程序数 设为内存MB数
kernel.msgmnb = 65536		# 影响队列的大小
kernel.msgmax = 65536		# 影响队列中可以发送的消息的大小
kernel.numa_balancing = 0   # Numa禁用
kernel.sched_migration_cost_ns = 5000000 # 5ms内，调度认为进程还是Hot的。
kernel.sem = 2048 134217728 2048 65536   # 每个信号集最大信号量2048，系统总共可用信号量134217728，单次最大操作2048，信号集总数65536

# vm
vm.dirty_ratio = 80                       # 绝对限制，超过80%阻塞写请求刷盘
vm.dirty_background_bytes = 268435456     # 256MB脏数据唤醒刷盘进程
vm.dirty_expire_centisecs = 6000          # 1分钟前的数据被认为需要刷盘
vm.dirty_writeback_centisecs= 500         # 刷新进程运行间隔5秒
vm.mmap_min_addr = 65536                  # 禁止访问0x10000下的内存
vm.zone_reclaim_mode = 0                  # Numa禁用

# vm swap
vm.swappiness = 0                         # 禁用SWAP，但高水位仍会有
vm.overcommit_memory = 2                  # 允许一定程度的Overcommit
vm.overcommit_ratio = 50                  # 允许的Overcommit:$((($mem - $swap) * 100 / $mem))

# tcp memory
net.ipv4.tcp_rmem = 8192 65536 16777216		# tcp读buffer: 32M/256M/16G
net.ipv4.tcp_wmem = 8192 65536 16777216		# tcp写buffer: 32M/256M/16G
net.ipv4.tcp_mem = 131072 262144 16777216	# tcp 内存使用 512M/1G/16G
net.core.rmem_default = 262144      		# 接受缓冲区默认大小: 256K
net.core.rmem_max = 4194304         		# 接受缓冲区最大大小: 4M
net.core.wmem_default = 262144      		# 发送缓冲区默认大小: 256K
net.core.wmem_max = 4194304         		# 发送缓冲区最大大小: 4M
# tcp keepalive
net.ipv4.tcp_keepalive_intvl = 20	# 探测没有确认时，重新发送探测的频度。默认75s -> 20s
net.ipv4.tcp_keepalive_probes = 3	# 3 * 20 = 1分钟超时断开
net.ipv4.tcp_keepalive_time = 60	# 探活周期1分钟
# tcp port resure
net.ipv4.tcp_tw_reuse = 1           # 允许将TIME_WAIT socket用于新的TCP连接。默认为0
net.ipv4.tcp_tw_recycle = 0			# 快速回收，已弃用
net.ipv4.tcp_fin_timeout = 5        # 保持在FIN-WAIT-2状态的秒时间
net.ipv4.tcp_timestamps = 1
# tcp anti-flood
net.ipv4.tcp_syncookies = 1			# SYN_RECV队列满后发cookie，防止恶意攻击
net.ipv4.tcp_synack_retries = 1		# 收到不完整sync后的重试次数 5->2
net.ipv4.tcp_syn_retries = 1         #表示在内核放弃建立连接之前发送SYN包的数量。
# tcp load-balancer
net.ipv4.ip_forward = 1						# IP转发
net.ipv4.ip_nonlocal_bind = 1				# 绑定非本机地址
net.netfilter.nf_conntrack_max = 1048576	# 最大跟踪连接数
net.ipv4.ip_local_port_range = 10000 65535	# 端口范围
net.ipv4.tcp_max_tw_buckets = 262144		# 256k  TIME_WAIT
net.core.somaxconn = 65535          		# 限制LISTEN队列最大数据包量，触发重传机制。
net.ipv4.tcp_max_syn_backlog = 8192 		# SYN队列大小：1024->8192
net.core.netdev_max_backlog = 8192			# 网卡收包快于内核时，允许队列长度

8.3 - 监控系统可用指标清单

监控系统可用指标清单

pg_activity_count,gauge,"connection count of given (datname,state)"
pg_activity_max_conn_duration,gauge,"max backend session duration since state change among (datname, state)"
pg_activity_max_duration,gauge,"max duration since state change among (datname, state)"
pg_activity_max_tx_duration,gauge,"max transaction duration since state change among (datname, state)"
pg_backend_count,gauge,backend process count
pg_backup_time,gauge,seconds since current backup start. null if don't have one
pg_bgwriter_buffers_alloc,counter,buffers allocated
pg_bgwriter_buffers_backend,counter,buffers written directly by a backend
pg_bgwriter_buffers_backend_fsync,counter,times a backend had to execute its own fsync
pg_bgwriter_buffers_checkpoint,counter,buffers written during checkpoints
pg_bgwriter_buffers_clean,counter,buffers written by the background writer
pg_bgwriter_checkpoint_sync_time,counter,"time spending on syncing files to disk, in µs"
pg_bgwriter_checkpoint_write_time,counter,"time spending on writing files to disk, in µs"
pg_bgwriter_checkpoints_req,counter,requested checkpoints that have been performed
pg_bgwriter_checkpoints_timed,counter,scheduled checkpoints that have been performed
pg_bgwriter_maxwritten_clean,counter,times that bgwriter stopped a cleaning scan
pg_bgwriter_stats_reset,counter,time when statistics were last reset
pg_boot_time,gauge,unix timestamp when postmaster boot
pg_checkpoint_checkpoint_lsn,counter,lsn of checkpoint
pg_checkpoint_elapse,gauge,time elapsed since this checkpoint in seconds
pg_checkpoint_full_page_writes,gauge,is full page write enabled ?
pg_checkpoint_newest_commit_ts_xid,gauge,xid with newest commit ts by the checkpoint
pg_checkpoint_next_multi_offset,gauge,next multixact id offset of this checkpoint
pg_checkpoint_next_multixact_id,gauge,next multixact id of this checkpoint
pg_checkpoint_next_oid,gauge,next object id since this checkpoint
pg_checkpoint_next_xid,gauge,next xid since this checkpoint
pg_checkpoint_next_xid_epoch,gauge,next xid epoch since this checkpoint
pg_checkpoint_oldest_active_xid,gauge,oldest active xid of the checkpoint
pg_checkpoint_oldest_commit_ts_xid,gauge,xid with oldest commit ts by the checkpoint
pg_checkpoint_oldest_multi_dbid,gauge,which db contins the oldest multi xid
pg_checkpoint_oldest_multi_xid,gauge,oldest active multi xid of the checkpoint
pg_checkpoint_oldest_xid,gauge,oldest existing xid of the checkpoint
pg_checkpoint_oldest_xid_dbid,gauge,which db contains the oldest xid
pg_checkpoint_prev_tli,gauge,previous WAL timeline
pg_checkpoint_redo_lsn,counter,redo start LSN
pg_checkpoint_time,gauge,timestamp of this checkpoint
pg_checkpoint_tli,gauge,current WAL timeline
pg_class_relage,gauge,age of non-index relation
pg_class_relpages,gauge,exact page count of this relation
pg_class_relsize,gauge,size of this relation
pg_class_reltuples,gauge,estimate relation tuples
pg_conf_reload_time,gauge,seconds since last configuration reload
pg_database_age,gauge,database age calculated by age(datfrozenxid)
pg_database_allow_conn,gauge,"1 allow connection, 0 does not allow"
pg_database_conn_limit,gauge,"connection limit, -1 for no limit"
pg_database_frozen_xid,gauge,tuple with xmin below this will always be visable (until wrap around)
pg_database_is_template,gauge,"1 for template db , 0 for normal db"
pg_db_blk_read_time,counter,"Time spent reading data file blocks by backends in this database, in milliseconds"
pg_db_blk_write_time,counter,"Time spent writing data file blocks by backends in this database, in milliseconds"
pg_db_blks_access,counter,blocks read plus blocks hit
pg_db_blks_hit,counter,blocks found in pg buffer
pg_db_blks_read,counter,blocks read from disk in this database
pg_db_checksum_failures,counter,"Number of data page checksum failures detected in this database, 12+ only"
pg_db_checksum_last_failure,gauge,"Time at which the last data page checksum failure was detected, 12+ only"
pg_db_confl_bufferpin,counter,Number of queries in this database that have been canceled due to pinned buffers
pg_db_confl_deadlock,counter,Number of queries in this database that have been canceled due to deadlocks
pg_db_confl_lock,counter,Number of queries in this database that have been canceled due to lock timeouts
pg_db_confl_snapshot,counter,Number of queries in this database that have been canceled due to old snapshots
pg_db_confl_tablespace,counter,Number of queries in this database that have been canceled due to dropped tablespaces
pg_db_conflicts,counter,Number of queries canceled due to conflicts with recovery in this database. (slave only)
pg_db_deadlocks,counter,Number of deadlocks detected in this database
pg_db_numbackends,gauge,backends currently connected to this database
pg_db_stats_reset,counter,Time at which these statistics were last reset
pg_db_temp_bytes,counter,Temporary file byte count
pg_db_temp_files,counter,Number of temporary files created by queries in this database
pg_db_tup_deleted,counter,rows deleted by queries in this database
pg_db_tup_fetched,counter,rows fetched by queries in this database
pg_db_tup_inserted,counter,rows inserted by queries in this database
pg_db_tup_modified,counter,rows modified by queries in this database
pg_db_tup_returned,counter,rows returned by queries in this database
pg_db_tup_updated,counter,rows updated by queries in this database
pg_db_xact_commit,counter,transactions in this database that have been committed
pg_db_xact_rollback,counter,transactions in this database that have been rolled back
pg_db_xact_total,counter,transactions in this database that have been issued
pg_downstream_count,gauge,count of corresponding replication state
pg_exporter_last_scrape_time,gauge,seconds exporter spending on scrapping
pg_exporter_query_cache_ttl,gauge,times to live of query cache
pg_exporter_query_scrape_duration,gauge,seconds query spending on scrapping
pg_exporter_query_scrape_error_count,gauge,times the query failed
pg_exporter_query_scrape_hit_count,gauge,numbers  been scrapped from this query
pg_exporter_query_scrape_metric_count,gauge,numbers of metrics been scrapped from this query
pg_exporter_query_scrape_total_count,gauge,times exporter server was scraped for metrics
pg_exporter_scrape_duration,gauge,seconds exporter spending on scrapping
pg_exporter_scrape_error_count,counter,times exporter was scraped for metrics and failed
pg_exporter_scrape_total_count,counter,times exporter was scraped for metrics
pg_exporter_server_scrape_duration,gauge,seconds exporter server spending on scrapping
pg_exporter_server_scrape_total_count,gauge,times exporter server was scraped for metrics
pg_exporter_server_scrape_total_seconds,gauge,seconds exporter server spending on scrapping
pg_exporter_up,gauge,always be 1 if your could retrieve metrics
pg_exporter_uptime,gauge,seconds since exporter primary server inited
pg_flush_lsn,counter,"primary only, location of current wal syncing"
pg_func_calls,counter,how many times this function has been called
pg_func_self_time,counter,"how much time spent in this function itself (other func not included), in ms"
pg_func_total_time,counter,"how much time spent in this function and it's child function, in ms"
pg_in_recovery,gauge,server is in recovery mode? 1 for yes 0 for no
pg_index_idx_blks_hit,counter,blocks hit from cache of this index
pg_index_idx_blks_read,counter,blocks been read from disk of this index
pg_index_idx_scan,counter,index scans initiated on this index
pg_index_idx_tup_fetch,counter,live table rows fetched by simple index scans using this index
pg_index_idx_tup_read,counter,index entries returned by scans on this index
pg_insert_lsn,counter,"primary only, location of current wal inserting"
pg_is_in_backup,gauge,1 if backup is in progress
pg_is_in_recovery,gauge,1 if in recovery mode
pg_is_wal_replay_paused,gauge,1 if wal play paused
pg_lag,gauge,replication lag in seconds from view of standby server
pg_last_replay_time,gauge,time when last transaction been replayed
pg_lock_count,counter,Number of locks of corresponding mode
pg_lsn,counter,"log sequence number, current write location"
pg_meta_info,gauge,constant 1
pg_query_blk_io_time,counter,time spent reading/writing blocks in µs (if track_io_timing is enabled)
pg_query_calls,counter,times been executed
pg_query_max_time,gauge,"Maximum time spent in the statement, in µs"
pg_query_mean_time,gauge,"Mean time spent in the statement, in µs"
pg_query_min_time,gauge,"Minimum time spent in the statement, in µs"
pg_query_rows,counter,rows retrieved or affected by the statement
pg_query_stddev_time,gauge,"Population standard deviation of time spent in the statement, in µs"
pg_query_total_time,counter,"Total time spent in the statement, in µs"
pg_receive_lsn,counter,"standby only, location of wal synced to disk"
pg_recovery_backup_end_lsn,counter,pg control recovery backup end lsn
pg_recovery_backup_start_lsn,counter,pg control recovery backup start lsn
pg_recovery_min_lsn,counter,pg control recovery min lsn
pg_recovery_min_timeline,counter,pg control recovery min timeline
pg_recovery_require_record,gauge,do recovery need a end of backup record
pg_replay_lsn,counter,"standby only, location of wal applied"
pg_replication_backend_uptime,gauge,how long since standby connect to this server
pg_replication_backend_xmin,gauge,this standby's xmin horizon reported by hot_standby_feedback.
pg_replication_flush_diff,gauge,last log position flushed to disk by this standby server diff with current lsn
pg_replication_flush_lag,gauge,latest ACK lsn diff with flush (sync-remote-flush lag)
pg_replication_flush_lsn,counter,last log position flushed to disk by this standby server
pg_replication_lsn,counter,current log position on this server
pg_replication_replay_diff,gauge,last log position replayed into the database on this standby server diff with current lsn
pg_replication_replay_lag,gauge,latest ACK lsn diff with replay (sync-remote-apply lag)
pg_replication_replay_lsn,counter,last log position replayed into the database on this standby server
pg_replication_sent_diff,gauge,last log position sent to this standby server diff with current lsn
pg_replication_sent_lsn,counter,last log position sent to this standby server
pg_replication_sync_priority,gauge,priority of being chosen as synchronous standby
pg_replication_write_diff,gauge,last log position written to disk by this standby server diff with current lsn
pg_replication_write_lag,gauge,latest ACK lsn diff with write (sync-remote-write lag)
pg_replication_write_lsn,counter,last log position written to disk by this standby server
pg_setting_block_size,gauge,"pg page block size, 8192 by default"
pg_setting_data_checksums,gauge,"whether data checksum is enabled, 1 enabled 0 disabled"
pg_setting_max_connections,gauge,number of concurrent connections to the database server
pg_setting_max_locks_per_transaction,gauge,no more than this many distinct objects can be locked at any one time
pg_setting_max_prepared_transactions,gauge,maximum number of transactions that can be in the prepared state simultaneously
pg_setting_max_replication_slots,gauge,maximum number of replication slots
pg_setting_max_wal_senders,gauge,maximum number of concurrent connections from standby servers
pg_setting_max_worker_processes,gauge,maximum number of background processes that the system can support
pg_setting_wal_keep_segments,gauge,minimum number of past log file segments kept in the pg_wal directory
pg_setting_wal_log_hints,gauge,"whether wal_log_hints is enabled, 1 enabled 0 disabled"
pg_size_bytes,gauge,file size in bytes
pg_slot_active,gauge,whether the slot is currently being used
pg_slot_catalog_xmin,gauge,oldest txid that this slot needs the database to retain for catalog
pg_slot_confirm_lsn,counter,"lsn that confirmed by logical standby, null for physical slot"
pg_slot_restart_lsn,counter,"lsn that needs retain, wal after that will be kept"
pg_slot_retained_bytes,gauge,bytes retained for this slot
pg_slot_temporary,gauge,whether the slot is a temporary replication slot
pg_slot_xmin,gauge,oldest txid that this slot needs the database to retain
pg_sync_standby_disabled,gauge,"1 if disabled, 0 if enabled"
pg_sync_standby_enabled,gauge,"1 if enabled, 0 if disabled"
pg_table_analyze_count,counter,manual analyze count
pg_table_autoanalyze_count,counter,automatic analyze count
pg_table_autovacuum_count,counter,automatic vacuum count
pg_table_bloat_ratio,gauge,"estimated bloat ratio of this table, 0~1"
pg_table_bloat_size,gauge,total size in bytes of this table
pg_table_heap_blks_hit,counter,relation heap hit
pg_table_heap_blks_read,counter,relation heap read
pg_table_idx_blks_hit,counter,index hit
pg_table_idx_blks_read,counter,index read
pg_table_idx_scan,counter,index scans initiated on this table
pg_table_idx_tup_fetch,counter,rows fetched by index scans
pg_table_last_analyze,gauge,when table was manually analyzed last time
pg_table_last_autoanalyze,gauge,when table was automatically analyzed last time
pg_table_last_autovacuum,gauge,when table was automatically vacuumed last time
pg_table_last_vacuum,gauge,when table was manually vacuumed last time (FULL not count)
pg_table_n_dead_tup,gauge,estimated dead rows
pg_table_n_live_tup,gauge,estimated live rows
pg_table_n_mod_since_analyze,gauge,rows changed since last analyze
pg_table_n_tup_del,counter,rows deleted
pg_table_n_tup_hot_upd,counter,rows updated in HOT mode
pg_table_n_tup_ins,counter,rows inserted
pg_table_n_tup_mod,counter,rows modified (insert + update + delete)
pg_table_n_tup_upd,counter,rows updated
pg_table_seq_scan,counter,sequential scans initiated on this table
pg_table_seq_tup_read,counter,live rows fetched by sequential scans
pg_table_size_bytes,gauge,"total size of this table (including toast, index, toast index)"
pg_table_size_indexsize,gauge,size of all related indexes
pg_table_size_relsize,gauge,"size of this table itself (main, vm, fsm)"
pg_table_size_toastsize,gauge,size of corresponding toast tables
pg_table_tbl_scan,counter,total table scan = index scan + seq scan
pg_table_tidx_blks_hit,counter,toast index hit
pg_table_tidx_blks_read,counter,toast index read
pg_table_toast_blks_hit,counter,toast heap hit
pg_table_toast_blks_read,counter,toast heap read
pg_table_tup_read,counter,total tuples read = index fetch + seq read
pg_table_vacuum_count,counter,manual vacuum count (FULL not count)
pg_timestamp,gauge,database current timestamp
pg_up,gauge,"last scrape was able to connect to the server: 1 for yes, 0 for no"
pg_uptime,gauge,seconds since postmaster start
pg_version,gauge,server version number
pg_walreceiver_current_ts,gauge,current_timestamp
pg_walreceiver_init_lsn,counter,first time received lsn when WAL receiver is started
pg_walreceiver_init_tli,gauge,first time received timeline number when WAL receiver is started
pg_walreceiver_last_lsn,counter,latest lsn that already flushed to standby disk
pg_walreceiver_last_tli,gauge,latest timeline that already flushed to standby disk
pg_walreceiver_receive_ts,gauge,receipt time of last message received from origin WAL sender
pg_walreceiver_report_lsn,counter,with time zone	Time of last write-ahead log location reported to origin WAL sender
pg_walreceiver_report_ts,gauge,timestamp of last time reporting to sender
pg_walreceiver_send_ts,gauge,send time of last message received from origin WAL sender
pg_write_lsn,counter,"primary only, location of current wal writing"
pg_xact_xmax,gauge,first as-yet-unassigned txid. txid >= this are invisible.
pg_xact_xmin,gauge,earliest txid that is still active
pg_xact_xnum,gauge,current active transaction count
pgbouncer_database_current_connections,gauge,current number of connections for this database
pgbouncer_database_disabled,gauge,"1 if this database is currently disabled, else 0"
pgbouncer_database_max_connections,gauge,maximum number of allowed connections for this database
pgbouncer_database_paused,gauge,"1 if this database is currently paused, else 0"
pgbouncer_database_pool_size,counter,maximum number of server connections
pgbouncer_database_reserve_pool,gauge,maximum number of additional connections for this database
pgbouncer_exporter_last_scrape_time,gauge,seconds exporter spending on scrapping
pgbouncer_exporter_query_cache_ttl,gauge,times to live of query cache
pgbouncer_exporter_query_scrape_duration,gauge,seconds query spending on scrapping
pgbouncer_exporter_query_scrape_error_count,gauge,times the query failed
pgbouncer_exporter_query_scrape_hit_count,gauge,numbers  been scrapped from this query
pgbouncer_exporter_query_scrape_metric_count,gauge,numbers of metrics been scrapped from this query
pgbouncer_exporter_query_scrape_total_count,gauge,times exporter server was scraped for metrics
pgbouncer_exporter_scrape_duration,gauge,seconds exporter spending on scrapping
pgbouncer_exporter_scrape_error_count,counter,times exporter was scraped for metrics and failed
pgbouncer_exporter_scrape_total_count,counter,times exporter was scraped for metrics
pgbouncer_exporter_server_scrape_duration,gauge,seconds exporter server spending on scrapping
pgbouncer_exporter_server_scrape_total_count,gauge,times exporter server was scraped for metrics
pgbouncer_exporter_server_scrape_total_seconds,gauge,seconds exporter server spending on scrapping
pgbouncer_exporter_up,gauge,always be 1 if your could retrieve metrics
pgbouncer_exporter_uptime,gauge,seconds since exporter primary server inited
pgbouncer_in_recovery,gauge,server is in recovery mode? 1 for yes 0 for no
pgbouncer_list_items,gauge,count of curresponding pgbouncer object
pgbouncer_pool_active_clients,gauge,client connections that are linked to server connection and can process queries
pgbouncer_pool_active_servers,gauge,server connections that are linked to a client
pgbouncer_pool_idle_servers,gauge,server connections that are unused and immediately usable for client queries
pgbouncer_pool_login_servers,gauge,server connections currently in the process of logging in
pgbouncer_pool_maxwait,gauge,"how long the first(oldest) client in the queue has waited, in seconds, key metric"
pgbouncer_pool_maxwait_us,gauge,microsecond part of the maximum waiting time.
pgbouncer_pool_tested_servers,gauge,server connections that are currently running reset or check query
pgbouncer_pool_used_servers,gauge,server connections that have been idle for more than server_check_delay (means have to run check query)
pgbouncer_pool_waiting_clients,gauge,client connections that have sent queries but have not yet got a server connection
pgbouncer_stat_avg_query_count,gauge,how many times this function has been called
pgbouncer_stat_avg_query_time,gauge,"how much time spent in this function and it's child function, in ms"
pgbouncer_stat_avg_recv,gauge,"how much time spent in this function and it's child function, in ms"
pgbouncer_stat_avg_sent,gauge,"how much time spent in this function itself (other func not included), in ms"
pgbouncer_stat_avg_wait_time,gauge,"how much time spent in this function itself (other func not included), in ms"
pgbouncer_stat_avg_xact_count,gauge,"how much time spent in this function itself (other func not included), in ms"
pgbouncer_stat_avg_xact_time,gauge,how many times this function has been called
pgbouncer_stat_total_query_count,gauge,relation name of this relation
node_arp_entries,gauge,ARP entries by device
node_boot_time_seconds,gauge,"Node boot time, in unixtime."
node_context_switches_total,counter,Total number of context switches.
node_cooling_device_cur_state,gauge,Current throttle state of the cooling device
node_cooling_device_max_state,gauge,Maximum throttle state of the cooling device
node_cpu_guest_seconds_total,counter,Seconds the cpus spent in guests (VMs) for each mode.
node_cpu_seconds_total,counter,Seconds the cpus spent in each mode.
node_disk_discard_time_seconds_total,counter,This is the total number of seconds spent by all discards.
node_disk_discarded_sectors_total,counter,The total number of sectors discarded successfully.
node_disk_discards_completed_total,counter,The total number of discards completed successfully.
node_disk_discards_merged_total,counter,The total number of discards merged.
node_disk_io_now,gauge,The number of I/Os currently in progress.
node_disk_io_time_seconds_total,counter,Total seconds spent doing I/Os.
node_disk_io_time_weighted_seconds_total,counter,The weighted # of seconds spent doing I/Os.
node_disk_read_bytes_total,counter,The total number of bytes read successfully.
node_disk_read_time_seconds_total,counter,The total number of seconds spent by all reads.
node_disk_reads_completed_total,counter,The total number of reads completed successfully.
node_disk_reads_merged_total,counter,The total number of reads merged.
node_disk_write_time_seconds_total,counter,This is the total number of seconds spent by all writes.
node_disk_writes_completed_total,counter,The total number of writes completed successfully.
node_disk_writes_merged_total,counter,The number of writes merged.
node_disk_written_bytes_total,counter,The total number of bytes written successfully.
node_entropy_available_bits,gauge,Bits of available entropy.
node_exporter_build_info,gauge,"A metric with a constant '1' value labeled by version, revision, branch, and goversion from which node_exporter was built."
node_filefd_allocated,gauge,File descriptor statistics: allocated.
node_filefd_maximum,gauge,File descriptor statistics: maximum.
node_filesystem_avail_bytes,gauge,Filesystem space available to non-root users in bytes.
node_filesystem_device_error,gauge,Whether an error occurred while getting statistics for the given device.
node_filesystem_files,gauge,Filesystem total file nodes.
node_filesystem_files_free,gauge,Filesystem total free file nodes.
node_filesystem_free_bytes,gauge,Filesystem free space in bytes.
node_filesystem_readonly,gauge,Filesystem read-only status.
node_filesystem_size_bytes,gauge,Filesystem size in bytes.
node_forks_total,counter,Total number of forks.
node_intr_total,counter,Total number of interrupts serviced.
node_ipvs_connections_total,counter,The total number of connections made.
node_ipvs_incoming_bytes_total,counter,The total amount of incoming data.
node_ipvs_incoming_packets_total,counter,The total number of incoming packets.
node_ipvs_outgoing_bytes_total,counter,The total amount of outgoing data.
node_ipvs_outgoing_packets_total,counter,The total number of outgoing packets.
node_load1,gauge,1m load average.
node_load15,gauge,15m load average.
node_load5,gauge,5m load average.
node_memory_Active_anon_bytes,gauge,Memory information field Active_anon_bytes.
node_memory_Active_bytes,gauge,Memory information field Active_bytes.
node_memory_Active_file_bytes,gauge,Memory information field Active_file_bytes.
node_memory_AnonHugePages_bytes,gauge,Memory information field AnonHugePages_bytes.
node_memory_AnonPages_bytes,gauge,Memory information field AnonPages_bytes.
node_memory_Bounce_bytes,gauge,Memory information field Bounce_bytes.
node_memory_Buffers_bytes,gauge,Memory information field Buffers_bytes.
node_memory_Cached_bytes,gauge,Memory information field Cached_bytes.
node_memory_CmaFree_bytes,gauge,Memory information field CmaFree_bytes.
node_memory_CmaTotal_bytes,gauge,Memory information field CmaTotal_bytes.
node_memory_CommitLimit_bytes,gauge,Memory information field CommitLimit_bytes.
node_memory_Committed_AS_bytes,gauge,Memory information field Committed_AS_bytes.
node_memory_DirectMap1G_bytes,gauge,Memory information field DirectMap1G_bytes.
node_memory_DirectMap2M_bytes,gauge,Memory information field DirectMap2M_bytes.
node_memory_DirectMap4k_bytes,gauge,Memory information field DirectMap4k_bytes.
node_memory_Dirty_bytes,gauge,Memory information field Dirty_bytes.
node_memory_HardwareCorrupted_bytes,gauge,Memory information field HardwareCorrupted_bytes.
node_memory_HugePages_Free,gauge,Memory information field HugePages_Free.
node_memory_HugePages_Rsvd,gauge,Memory information field HugePages_Rsvd.
node_memory_HugePages_Surp,gauge,Memory information field HugePages_Surp.
node_memory_HugePages_Total,gauge,Memory information field HugePages_Total.
node_memory_Hugepagesize_bytes,gauge,Memory information field Hugepagesize_bytes.
node_memory_Hugetlb_bytes,gauge,Memory information field Hugetlb_bytes.
node_memory_Inactive_anon_bytes,gauge,Memory information field Inactive_anon_bytes.
node_memory_Inactive_bytes,gauge,Memory information field Inactive_bytes.
node_memory_Inactive_file_bytes,gauge,Memory information field Inactive_file_bytes.
node_memory_KernelStack_bytes,gauge,Memory information field KernelStack_bytes.
node_memory_Mapped_bytes,gauge,Memory information field Mapped_bytes.
node_memory_MemAvailable_bytes,gauge,Memory information field MemAvailable_bytes.
node_memory_MemFree_bytes,gauge,Memory information field MemFree_bytes.
node_memory_MemTotal_bytes,gauge,Memory information field MemTotal_bytes.
node_memory_Mlocked_bytes,gauge,Memory information field Mlocked_bytes.
node_memory_NFS_Unstable_bytes,gauge,Memory information field NFS_Unstable_bytes.
node_memory_PageTables_bytes,gauge,Memory information field PageTables_bytes.
node_memory_Percpu_bytes,gauge,Memory information field Percpu_bytes.
node_memory_SReclaimable_bytes,gauge,Memory information field SReclaimable_bytes.
node_memory_SUnreclaim_bytes,gauge,Memory information field SUnreclaim_bytes.
node_memory_ShmemHugePages_bytes,gauge,Memory information field ShmemHugePages_bytes.
node_memory_ShmemPmdMapped_bytes,gauge,Memory information field ShmemPmdMapped_bytes.
node_memory_Shmem_bytes,gauge,Memory information field Shmem_bytes.
node_memory_Slab_bytes,gauge,Memory information field Slab_bytes.
node_memory_SwapCached_bytes,gauge,Memory information field SwapCached_bytes.
node_memory_SwapFree_bytes,gauge,Memory information field SwapFree_bytes.
node_memory_SwapTotal_bytes,gauge,Memory information field SwapTotal_bytes.
node_memory_Unevictable_bytes,gauge,Memory information field Unevictable_bytes.
node_memory_VmallocChunk_bytes,gauge,Memory information field VmallocChunk_bytes.
node_memory_VmallocTotal_bytes,gauge,Memory information field VmallocTotal_bytes.
node_memory_VmallocUsed_bytes,gauge,Memory information field VmallocUsed_bytes.
node_memory_WritebackTmp_bytes,gauge,Memory information field WritebackTmp_bytes.
node_memory_Writeback_bytes,gauge,Memory information field Writeback_bytes.
node_netstat_Icmp6_InErrors,unknown,Statistic Icmp6InErrors.
node_netstat_Icmp6_InMsgs,unknown,Statistic Icmp6InMsgs.
node_netstat_Icmp6_OutMsgs,unknown,Statistic Icmp6OutMsgs.
node_netstat_Icmp_InErrors,unknown,Statistic IcmpInErrors.
node_netstat_Icmp_InMsgs,unknown,Statistic IcmpInMsgs.
node_netstat_Icmp_OutMsgs,unknown,Statistic IcmpOutMsgs.
node_netstat_Ip6_InOctets,unknown,Statistic Ip6InOctets.
node_netstat_Ip6_OutOctets,unknown,Statistic Ip6OutOctets.
node_netstat_IpExt_InOctets,unknown,Statistic IpExtInOctets.
node_netstat_IpExt_OutOctets,unknown,Statistic IpExtOutOctets.
node_netstat_Ip_Forwarding,unknown,Statistic IpForwarding.
node_netstat_TcpExt_ListenDrops,unknown,Statistic TcpExtListenDrops.
node_netstat_TcpExt_ListenOverflows,unknown,Statistic TcpExtListenOverflows.
node_netstat_TcpExt_SyncookiesFailed,unknown,Statistic TcpExtSyncookiesFailed.
node_netstat_TcpExt_SyncookiesRecv,unknown,Statistic TcpExtSyncookiesRecv.
node_netstat_TcpExt_SyncookiesSent,unknown,Statistic TcpExtSyncookiesSent.
node_netstat_TcpExt_TCPSynRetrans,unknown,Statistic TcpExtTCPSynRetrans.
node_netstat_Tcp_ActiveOpens,unknown,Statistic TcpActiveOpens.
node_netstat_Tcp_CurrEstab,unknown,Statistic TcpCurrEstab.
node_netstat_Tcp_InErrs,unknown,Statistic TcpInErrs.
node_netstat_Tcp_InSegs,unknown,Statistic TcpInSegs.
node_netstat_Tcp_OutSegs,unknown,Statistic TcpOutSegs.
node_netstat_Tcp_PassiveOpens,unknown,Statistic TcpPassiveOpens.
node_netstat_Tcp_RetransSegs,unknown,Statistic TcpRetransSegs.
node_netstat_Udp6_InDatagrams,unknown,Statistic Udp6InDatagrams.
node_netstat_Udp6_InErrors,unknown,Statistic Udp6InErrors.
node_netstat_Udp6_NoPorts,unknown,Statistic Udp6NoPorts.
node_netstat_Udp6_OutDatagrams,unknown,Statistic Udp6OutDatagrams.
node_netstat_Udp6_RcvbufErrors,unknown,Statistic Udp6RcvbufErrors.
node_netstat_Udp6_SndbufErrors,unknown,Statistic Udp6SndbufErrors.
node_netstat_UdpLite6_InErrors,unknown,Statistic UdpLite6InErrors.
node_netstat_UdpLite_InErrors,unknown,Statistic UdpLiteInErrors.
node_netstat_Udp_InDatagrams,unknown,Statistic UdpInDatagrams.
node_netstat_Udp_InErrors,unknown,Statistic UdpInErrors.
node_netstat_Udp_NoPorts,unknown,Statistic UdpNoPorts.
node_netstat_Udp_OutDatagrams,unknown,Statistic UdpOutDatagrams.
node_netstat_Udp_RcvbufErrors,unknown,Statistic UdpRcvbufErrors.
node_netstat_Udp_SndbufErrors,unknown,Statistic UdpSndbufErrors.
node_network_address_assign_type,gauge,address_assign_type value of /sys/class/net/<iface>.
node_network_carrier,gauge,carrier value of /sys/class/net/<iface>.
node_network_carrier_changes_total,counter,carrier_changes_total value of /sys/class/net/<iface>.
node_network_carrier_down_changes_total,counter,carrier_down_changes_total value of /sys/class/net/<iface>.
node_network_carrier_up_changes_total,counter,carrier_up_changes_total value of /sys/class/net/<iface>.
node_network_device_id,gauge,device_id value of /sys/class/net/<iface>.
node_network_dormant,gauge,dormant value of /sys/class/net/<iface>.
node_network_flags,gauge,flags value of /sys/class/net/<iface>.
node_network_iface_id,gauge,iface_id value of /sys/class/net/<iface>.
node_network_iface_link,gauge,iface_link value of /sys/class/net/<iface>.
node_network_iface_link_mode,gauge,iface_link_mode value of /sys/class/net/<iface>.
node_network_info,gauge,"Non-numeric data from /sys/class/net/<iface>, value is always 1."
node_network_mtu_bytes,gauge,mtu_bytes value of /sys/class/net/<iface>.
node_network_net_dev_group,gauge,net_dev_group value of /sys/class/net/<iface>.
node_network_protocol_type,gauge,protocol_type value of /sys/class/net/<iface>.
node_network_receive_bytes_total,counter,Network device statistic receive_bytes.
node_network_receive_compressed_total,counter,Network device statistic receive_compressed.
node_network_receive_drop_total,counter,Network device statistic receive_drop.
node_network_receive_errs_total,counter,Network device statistic receive_errs.
node_network_receive_fifo_total,counter,Network device statistic receive_fifo.
node_network_receive_frame_total,counter,Network device statistic receive_frame.
node_network_receive_multicast_total,counter,Network device statistic receive_multicast.
node_network_receive_packets_total,counter,Network device statistic receive_packets.
node_network_speed_bytes,gauge,speed_bytes value of /sys/class/net/<iface>.
node_network_transmit_bytes_total,counter,Network device statistic transmit_bytes.
node_network_transmit_carrier_total,counter,Network device statistic transmit_carrier.
node_network_transmit_colls_total,counter,Network device statistic transmit_colls.
node_network_transmit_compressed_total,counter,Network device statistic transmit_compressed.
node_network_transmit_drop_total,counter,Network device statistic transmit_drop.
node_network_transmit_errs_total,counter,Network device statistic transmit_errs.
node_network_transmit_fifo_total,counter,Network device statistic transmit_fifo.
node_network_transmit_packets_total,counter,Network device statistic transmit_packets.
node_network_transmit_queue_length,gauge,transmit_queue_length value of /sys/class/net/<iface>.
node_network_up,gauge,"Value is 1 if operstate is 'up', 0 otherwise."
node_nf_conntrack_entries,gauge,Number of currently allocated flow entries for connection tracking.
node_nf_conntrack_entries_limit,gauge,Maximum size of connection tracking table.
node_ntp_leap,gauge,"NTPD leap second indicator, 2 bits."
node_ntp_offset_seconds,gauge,ClockOffset between NTP and local clock.
node_ntp_reference_timestamp_seconds,gauge,"NTPD ReferenceTime, UNIX timestamp."
node_ntp_root_delay_seconds,gauge,NTPD RootDelay.
node_ntp_root_dispersion_seconds,gauge,NTPD RootDispersion.
node_ntp_rtt_seconds,gauge,RTT to NTPD.
node_ntp_sanity,gauge,NTPD sanity according to RFC5905 heuristics and configured limits.
node_ntp_stratum,gauge,NTPD stratum.
node_processes_max_processes,gauge,Number of max PIDs limit
node_processes_max_threads,gauge,Limit of threads in the system
node_processes_pids,gauge,Number of PIDs
node_processes_state,gauge,Number of processes in each state.
node_processes_threads,gauge,Allocated threads in system
node_procs_blocked,gauge,Number of processes blocked waiting for I/O to complete.
node_procs_running,gauge,Number of processes in runnable state.
node_schedstat_running_seconds_total,counter,Number of seconds CPU spent running a process.
node_schedstat_timeslices_total,counter,Number of timeslices executed by CPU.
node_schedstat_waiting_seconds_total,counter,Number of seconds spent by processing waiting for this CPU.
node_scrape_collector_duration_seconds,gauge,node_exporter: Duration of a collector scrape.
node_scrape_collector_success,gauge,node_exporter: Whether a collector succeeded.
node_sockstat_FRAG6_inuse,gauge,Number of FRAG6 sockets in state inuse.
node_sockstat_FRAG6_memory,gauge,Number of FRAG6 sockets in state memory.
node_sockstat_FRAG_inuse,gauge,Number of FRAG sockets in state inuse.
node_sockstat_FRAG_memory,gauge,Number of FRAG sockets in state memory.
node_sockstat_RAW6_inuse,gauge,Number of RAW6 sockets in state inuse.
node_sockstat_RAW_inuse,gauge,Number of RAW sockets in state inuse.
node_sockstat_TCP6_inuse,gauge,Number of TCP6 sockets in state inuse.
node_sockstat_TCP_alloc,gauge,Number of TCP sockets in state alloc.
node_sockstat_TCP_inuse,gauge,Number of TCP sockets in state inuse.
node_sockstat_TCP_mem,gauge,Number of TCP sockets in state mem.
node_sockstat_TCP_mem_bytes,gauge,Number of TCP sockets in state mem_bytes.
node_sockstat_TCP_orphan,gauge,Number of TCP sockets in state orphan.
node_sockstat_TCP_tw,gauge,Number of TCP sockets in state tw.
node_sockstat_UDP6_inuse,gauge,Number of UDP6 sockets in state inuse.
node_sockstat_UDPLITE6_inuse,gauge,Number of UDPLITE6 sockets in state inuse.
node_sockstat_UDPLITE_inuse,gauge,Number of UDPLITE sockets in state inuse.
node_sockstat_UDP_inuse,gauge,Number of UDP sockets in state inuse.
node_sockstat_UDP_mem,gauge,Number of UDP sockets in state mem.
node_sockstat_UDP_mem_bytes,gauge,Number of UDP sockets in state mem_bytes.
node_sockstat_sockets_used,gauge,Number of IPv4 sockets in use.
node_systemd_socket_accepted_connections_total,counter,Total number of accepted socket connections
node_systemd_socket_current_connections,gauge,Current number of socket connections
node_systemd_system_running,gauge,Whether the system is operational (see 'systemctl is-system-running')
node_systemd_timer_last_trigger_seconds,gauge,Seconds since epoch of last trigger.
node_systemd_unit_state,gauge,Systemd unit
node_systemd_units,gauge,Summary of systemd unit states
node_systemd_version,gauge,Detected systemd version
node_tcp_connection_states,gauge,Number of connection states.
node_textfile_scrape_error,gauge,"1 if there was an error opening or reading a file, 0 otherwise"
node_time_seconds,gauge,System time in seconds since epoch (1970).
node_timex_estimated_error_seconds,gauge,Estimated error in seconds.
node_timex_frequency_adjustment_ratio,gauge,Local clock frequency adjustment.
node_timex_loop_time_constant,gauge,Phase-locked loop time constant.
node_timex_maxerror_seconds,gauge,Maximum error in seconds.
node_timex_offset_seconds,gauge,Time offset in between local system and reference clock.
node_timex_pps_calibration_total,counter,Pulse per second count of calibration intervals.
node_timex_pps_error_total,counter,Pulse per second count of calibration errors.
node_timex_pps_frequency_hertz,gauge,Pulse per second frequency.
node_timex_pps_jitter_seconds,gauge,Pulse per second jitter.
node_timex_pps_jitter_total,counter,Pulse per second count of jitter limit exceeded events.
node_timex_pps_shift_seconds,gauge,Pulse per second interval duration.
node_timex_pps_stability_exceeded_total,counter,Pulse per second count of stability limit exceeded events.
node_timex_pps_stability_hertz,gauge,"Pulse per second stability, average of recent frequency changes."
node_timex_status,gauge,Value of the status array bits.
node_timex_sync_status,gauge,"Is clock synchronized to a reliable server (1 = yes, 0 = no)."
node_timex_tai_offset_seconds,gauge,International Atomic Time (TAI) offset.
node_timex_tick_seconds,gauge,Seconds between clock ticks.
node_udp_queues,gauge,Number of allocated memory in the kernel for UDP datagrams in bytes.
node_uname_info,gauge,Labeled system information as provided by the uname system call.
node_vmstat_oom_kill,unknown,/proc/vmstat information field oom_kill.
node_vmstat_pgfault,unknown,/proc/vmstat information field pgfault.
node_vmstat_pgmajfault,unknown,/proc/vmstat information field pgmajfault.
node_vmstat_pgpgin,unknown,/proc/vmstat information field pgpgin.
node_vmstat_pgpgout,unknown,/proc/vmstat information field pgpgout.
node_vmstat_pswpin,unknown,/proc/vmstat information field pswpin.
node_vmstat_pswpout,unknown,/proc/vmstat information field pswpout.
node_xfs_allocation_btree_compares_total,counter,Number of allocation B-tree compares for a filesystem.
node_xfs_allocation_btree_lookups_total,counter,Number of allocation B-tree lookups for a filesystem.
node_xfs_allocation_btree_records_deleted_total,counter,Number of allocation B-tree records deleted for a filesystem.
node_xfs_allocation_btree_records_inserted_total,counter,Number of allocation B-tree records inserted for a filesystem.
node_xfs_block_map_btree_compares_total,counter,Number of block map B-tree compares for a filesystem.
node_xfs_block_map_btree_lookups_total,counter,Number of block map B-tree lookups for a filesystem.
node_xfs_block_map_btree_records_deleted_total,counter,Number of block map B-tree records deleted for a filesystem.
node_xfs_block_map_btree_records_inserted_total,counter,Number of block map B-tree records inserted for a filesystem.
node_xfs_block_mapping_extent_list_compares_total,counter,Number of extent list compares for a filesystem.
node_xfs_block_mapping_extent_list_deletions_total,counter,Number of extent list deletions for a filesystem.
node_xfs_block_mapping_extent_list_insertions_total,counter,Number of extent list insertions for a filesystem.
node_xfs_block_mapping_extent_list_lookups_total,counter,Number of extent list lookups for a filesystem.
node_xfs_block_mapping_reads_total,counter,Number of block map for read operations for a filesystem.
node_xfs_block_mapping_unmaps_total,counter,Number of block unmaps (deletes) for a filesystem.
node_xfs_block_mapping_writes_total,counter,Number of block map for write operations for a filesystem.
node_xfs_directory_operation_create_total,counter,Number of times a new directory entry was created for a filesystem.
node_xfs_directory_operation_getdents_total,counter,Number of times the directory getdents operation was performed for a filesystem.
node_xfs_directory_operation_lookup_total,counter,Number of file name directory lookups which miss the operating systems directory name lookup cache.
node_xfs_directory_operation_remove_total,counter,Number of times an existing directory entry was created for a filesystem.
node_xfs_extent_allocation_blocks_allocated_total,counter,Number of blocks allocated for a filesystem.
node_xfs_extent_allocation_blocks_freed_total,counter,Number of blocks freed for a filesystem.
node_xfs_extent_allocation_extents_allocated_total,counter,Number of extents allocated for a filesystem.
node_xfs_extent_allocation_extents_freed_total,counter,Number of extents freed for a filesystem.
node_xfs_read_calls_total,counter,Number of read(2) system calls made to files in a filesystem.
node_xfs_vnode_active_total,counter,Number of vnodes not on free lists for a filesystem.
node_xfs_vnode_allocate_total,counter,Number of times vn_alloc called for a filesystem.
node_xfs_vnode_get_total,counter,Number of times vn_get called for a filesystem.
node_xfs_vnode_hold_total,counter,Number of times vn_hold called for a filesystem.
node_xfs_vnode_reclaim_total,counter,Number of times vn_reclaim called for a filesystem.
node_xfs_vnode_release_total,counter,Number of times vn_rele called for a filesystem.
node_xfs_vnode_remove_total,counter,Number of times vn_remove called for a filesystem.
node_xfs_write_calls_total,counter,Number of write(2) system calls made to files in a filesystem.

9 - 商业支持

需要商业支持？看看这儿！

Pigsty是一个开源系统，欢迎各位贡献PR或ISSUE。但Pigsty亦提供可选的商业支持，包括下列扩展内容与服务支持。

完整的监控系统，包含约三千余项监控指标。
安全加固
额外的监控面板，提供更为丰富的集群监控信息。
生产级部署运维管理方案
元数据库建设，全局数据字典
日志收集系统，日志摘要信息聚合汇总
备份/恢复，并发备份、延时备份、备份校验等一条龙解决方案
协助部署，系统集成，对接监控报警基础设施或接入已有数据库
n x 24小时支持与答疑，故障诊断服务
其他定制化需求

9.1 - 同类对比

与其他PostgreSQL监控系统的横向对比

俺就实话实说了，下面这几个候选没一个能打的。还是得我行我上。

9.2 - 路线图

Pigsty项目的下一步发展规划

Roadmap [DRAFT]

Database Administration

admin-report.yml
admin-backup.yml
admin-repack.yml
admin-vacuum.yml
admin-deploy.yml
admin-restart.yml
admin-reload.yml
admin-createdb.yml
admin-createuser.yml
admin-edit-hba.yml
admin-edit-config.yml
admin-dump-schema.yml
admin-dump-table.yml
admin-copy-data.yml
admin-pg-exporter-reload.yml

Database HA

ha-switchover.yml
ha-failover.yml
ha-election.yml
ha-rewind.yml
ha-restore.yml
ha-pitr.yml
ha-drain.yml
ha-proxy-add.yml
ha-proxy-remove.yml
ha-proxy-switch.yml
ha-repl-report.yml
ha-repl-sync.yml
ha-repl-retarget.yml
ha-pool-retarget.yml
ha-pool-pause.yml
ha-pool-resume.yml

欢迎来到Pigsty中文文档

1 - 全局概览

Pigsty是什么？

Pigsty是监控系统

Pigsty是供给方案

Pigsty是开源软件

接下来做什么

2 - 快速上手

太长；不看

TL;DR

Preparation

Get Started

Step 1: Prepare

Step 2: Configuration

Step 3: Provision

Step 4: Explore

快速开始

3 - 基本概念

Architecture Overview [DRAFT]

Entity and Concept

Overview

Service Overview

3.1 - 可观测性

Observability / 可观测性

3.2 - 高可用

一、意义

二、目标

目标层次

关键指标

交付方式

三、效果

场景演示

Patroni原理：故障检测

Patroni原理：Fencing

Patroni原理：选主

流量切换原理

搭建环境

五、细节，问题，与风险

场景演示

问题探讨

切换流程细节

主动切换流程

自动切换流程

3.3 - 系统架构

Architecture

TL;DR

3.4 - 层次关系

Hierarchy

Hierarchy of Dashboards

Hierarchy of Metrics

3.5 - 监控面板

Dashboards

PG Overview

PG Cluster Dashboard

PG Service Dashboard

PG Instsance Dashboard

PG Database Dashboard

PG Table Overview

PG Query

PG Table Catalog

Node

3.6 - 监控指标

Metrics

Source

Category

Derived Metrics

4 - 监控系统

Quick start with Netlify

Updating a single page

Previewing your changes locally

Creating an issue

Useful resources

4.1 - Overview/全局监控

Quick start with Netlify

Updating a single page

Previewing your changes locally

Creating an issue

Useful resources

4.2 - Cluster/集群监控

Quick start with Netlify