active_postgres 0.4.0

data/lib/tasks/rolling_update.rake

@@ -0,0 +1,258 @@
+namespace :postgres do
+  namespace :update do
+    desc 'Rolling update PostgreSQL version (zero downtime)'
+    task :version, [:new_version] => :environment do |_t, args|
+      require 'active_postgres'
+
+      new_version = args[:new_version]
+      unless new_version
+        puts 'Usage: rake postgres:update:version[18]'
+        puts 'Example: rake postgres:update:version[18] (upgrade from 16 to 18)'
+        exit 1
+      end
+
+      config = ActivePostgres::Configuration.load
+      ssh_executor = ActivePostgres::SSHExecutor.new(config)
+      current_version = config.version
+
+      if current_version.to_s == new_version.to_s
+        puts "Already running version #{new_version}"
+        exit 0
+      end
+
+      puts "🔄 Rolling update: PostgreSQL #{current_version} → #{new_version}"
+      puts ''
+      puts 'This will:'
+      puts '  1. Update standby to new version'
+      puts '  2. Verify standby health'
+      puts '  3. Promote standby to primary (brief switchover ~5-10s)'
+      puts '  4. Update old primary to new version'
+      puts '  5. Optionally switchback to original primary'
+      puts ''
+      puts '⚠️  IMPORTANT: Test this in staging first!'
+      puts ''
+      print 'Continue? (yes/no): '
+      response = $stdin.gets.chomp.downcase
+      exit 0 unless %w[yes y].include?(response)
+
+      primary = config.primary_host
+      standby = config.standby_hosts.first
+
+      unless standby
+        puts '❌ No standby configured - cannot do rolling update'
+        puts 'For single-node updates, use: rake postgres:update:in_place'
+        exit 1
+      end
+
+      puts "\n📋 Cluster Status:"
+      puts "  Primary: #{primary} (version #{current_version})"
+      puts "  Standby: #{standby} (version #{current_version})"
+      puts ''
+
+      puts '=' * 60
+      puts 'STEP 1: Update standby to new version'
+      puts '=' * 60
+
+      puts "\nUpdating #{standby}..."
+      ssh_executor.execute_on_host(standby) do
+        execute :sudo, 'systemctl', 'stop', "postgresql@#{current_version}-main"
+        execute :sudo, 'apt-get', 'update'
+        execute :sudo, 'apt-get', 'install', '-y', "postgresql-#{new_version}", "postgresql-contrib-#{new_version}"
+
+        puts "Upgrading cluster from #{current_version} to #{new_version}..."
+        execute :sudo, 'pg_upgradecluster', current_version.to_s, 'main'
+        execute :sudo, 'pg_dropcluster', '--stop', current_version.to_s, 'main'
+      end
+
+      puts "✓ Standby upgraded to version #{new_version}"
+      puts ''
+
+      puts '=' * 60
+      puts 'STEP 2: Verify standby health'
+      puts '=' * 60
+
+      Rake::Task['postgres:verify'].invoke
+      puts ''
+
+      puts '=' * 60
+      puts 'STEP 3: Promote standby to primary'
+      puts '=' * 60
+
+      puts '⚠️  Brief downtime during switchover (~5-10 seconds)'
+      puts ''
+      print 'Promote standby? (yes/no): '
+      response = $stdin.gets.chomp.downcase
+      exit 0 unless %w[yes y].include?(response)
+
+      Rake::Task['postgres:repmgr:promote'].invoke(standby)
+      puts ''
+
+      puts '✓ Switchover complete'
+      puts "  New primary: #{standby} (version #{new_version})"
+      puts "  Old primary: #{primary} (version #{current_version})"
+      puts ''
+
+      puts '=' * 60
+      puts 'STEP 4: Update old primary'
+      puts '=' * 60
+
+      puts "\nUpdating #{primary}..."
+      ssh_executor.execute_on_host(primary) do
+        execute :sudo, 'systemctl', 'stop', "postgresql@#{current_version}-main"
+        execute :sudo, 'apt-get', 'update'
+        execute :sudo, 'apt-get', 'install', '-y', "postgresql-#{new_version}", "postgresql-contrib-#{new_version}"
+
+        puts "Upgrading cluster from #{current_version} to #{new_version}..."
+        execute :sudo, 'pg_upgradecluster', current_version.to_s, 'main'
+        execute :sudo, 'pg_dropcluster', '--stop', current_version.to_s, 'main'
+      end
+
+      puts "✓ All nodes upgraded to version #{new_version}"
+      puts ''
+
+      puts '=' * 60
+      puts '✅ Rolling update complete!'
+      puts '=' * 60
+      puts ''
+      puts "Cluster is now running PostgreSQL #{new_version}"
+      puts "Current primary: #{standby}"
+      puts ''
+      puts '📋 Next steps:'
+      puts "  1. Update config/postgres.yml: version: #{new_version}"
+      puts '  2. Test application thoroughly'
+      puts "  3. Optionally switchback: rake postgres:repmgr:promote[#{primary}]"
+      puts '  4. Commit config changes'
+    end
+
+    desc 'Patch current PostgreSQL version (zero downtime)'
+    task patch: :environment do
+      require 'active_postgres'
+
+      config = ActivePostgres::Configuration.load
+      ssh_executor = ActivePostgres::SSHExecutor.new(config)
+      version = config.version
+
+      primary = config.primary_host
+      standby = config.standby_hosts.first
+
+      unless standby
+        puts '❌ No standby configured - cannot do rolling patch'
+        puts 'For single-node patching, use: rake postgres:update:in_place_patch'
+        exit 1
+      end
+
+      puts '🔄 Rolling security patch update'
+      puts ''
+      puts 'This will:'
+      puts '  1. Patch standby and restart'
+      puts '  2. Verify standby health'
+      puts '  3. Promote standby (brief switchover ~5s)'
+      puts '  4. Patch old primary'
+      puts '  5. Switchback'
+      puts ''
+      print 'Continue? (yes/no): '
+      response = $stdin.gets.chomp.downcase
+      exit 0 unless %w[yes y].include?(response)
+
+      puts "\n📋 Step 1: Patch standby #{standby}"
+      ssh_executor.execute_on_host(standby) do
+        execute :sudo, 'apt-get', 'update'
+        execute :sudo, 'apt-get', 'install', '--only-upgrade', '-y', "postgresql-#{version}"
+        execute :sudo, 'systemctl', 'restart', "postgresql@#{version}-main"
+      end
+      puts '✓ Standby patched and restarted'
+      sleep 5
+
+      puts "\n📋 Step 2: Promote standby"
+      Rake::Task['postgres:repmgr:promote'].invoke(standby)
+      sleep 5
+
+      puts "\n📋 Step 3: Patch old primary #{primary}"
+      ssh_executor.execute_on_host(primary) do
+        execute :sudo, 'apt-get', 'update'
+        execute :sudo, 'apt-get', 'install', '--only-upgrade', '-y', "postgresql-#{version}"
+        execute :sudo, 'systemctl', 'restart', "postgresql@#{version}-main"
+      end
+      puts '✓ Old primary patched'
+      sleep 5
+
+      puts "\n📋 Step 4: Switchback to #{primary}"
+      Rake::Task['postgres:repmgr:promote'].invoke(primary)
+
+      puts ''
+      puts '✅ Security patches applied!'
+      puts '  Total downtime: ~10 seconds (during switchovers)'
+    end
+
+    desc 'In-place update (requires downtime)'
+    task :in_place, [:new_version] => :environment do |_t, args|
+      require 'active_postgres'
+
+      new_version = args[:new_version]
+      unless new_version
+        puts 'Usage: rake postgres:update:in_place[18]'
+        exit 1
+      end
+
+      config = ActivePostgres::Configuration.load
+      ssh_executor = ActivePostgres::SSHExecutor.new(config)
+      current_version = config.version
+      host = config.primary_host
+
+      puts '⚠️  WARNING: In-place update requires downtime'
+      puts '   For zero-downtime updates, use a standby server'
+      puts ''
+      puts "Updating PostgreSQL #{current_version} → #{new_version} on #{host}"
+      puts ''
+      print 'Continue? (yes/no): '
+      response = $stdin.gets.chomp.downcase
+      exit 0 unless %w[yes y].include?(response)
+
+      puts "\n🔄 Starting in-place upgrade..."
+      ssh_executor.execute_on_host(host) do
+        execute :sudo, 'systemctl', 'stop', "postgresql@#{current_version}-main"
+        execute :sudo, 'apt-get', 'update'
+        execute :sudo, 'apt-get', 'install', '-y', "postgresql-#{new_version}"
+
+        execute :sudo, 'pg_upgradecluster', current_version.to_s, 'main'
+        execute :sudo, 'pg_dropcluster', '--stop', current_version.to_s, 'main'
+        execute :sudo, 'systemctl', 'start', "postgresql@#{new_version}-main"
+      end
+
+      puts "✅ Upgraded to PostgreSQL #{new_version}"
+      puts "   Update config/postgres.yml: version: #{new_version}"
+    end
+  end
+
+  namespace :repmgr do
+    desc 'Promote standby to primary (switchover)'
+    task :promote, [:host] => :environment do |_t, args|
+      require 'active_postgres'
+
+      host = args[:host]
+      unless host
+        puts 'Usage: rake postgres:repmgr:promote[host]'
+        exit 1
+      end
+
+      config = ActivePostgres::Configuration.load
+      ssh_executor = ActivePostgres::SSHExecutor.new(config)
+
+      puts "🔄 Promoting #{host} to primary..."
+      puts '⏱️  Expected downtime: 5-10 seconds'
+      puts ''
+
+      ssh_executor.execute_on_host(host) do
+        execute :sudo, '-u', 'postgres', 'repmgr', 'standby', 'promote'
+      end
+
+      sleep 3
+
+      puts '✅ Promotion complete!'
+      puts "   New primary: #{host}"
+      puts ''
+      puts '📋 Verify cluster:'
+      puts '   rake postgres:verify'
+    end
+  end
+end

data/lib/tasks/rotate_credentials.rake

@@ -0,0 +1,193 @@
+namespace :postgres do
+  namespace :credentials do
+    desc 'Rotate app user password (zero downtime)'
+    task :rotate, [:new_password] => :environment do |_t, args|
+      require 'active_postgres'
+
+      config = ActivePostgres::Configuration.load
+      ssh_executor = ActivePostgres::SSHExecutor.new(config)
+      ActivePostgres::Secrets.new(config)
+
+      new_password = args[:new_password]
+      unless new_password
+        puts 'Usage: rake postgres:credentials:rotate[new_password]'
+        puts 'Or generate random: rake postgres:credentials:rotate_random'
+        exit 1
+      end
+
+      app_user = config.app_user
+      host = config.primary_host
+
+      puts "Rotating password for user '#{app_user}' on #{host}..."
+      puts '⚠️  IMPORTANT: Update Rails credentials after this completes!'
+      puts ''
+
+      ssh_executor.execute_on_host(host) do
+        escaped_password = new_password.gsub("'", "''")
+
+        sql = "ALTER USER #{app_user} WITH PASSWORD '#{escaped_password}';"
+        upload! StringIO.new(sql), '/tmp/rotate_password.sql'
+        execute :chmod, '644', '/tmp/rotate_password.sql'
+        execute :sudo, '-u', 'postgres', 'psql', '-f', '/tmp/rotate_password.sql'
+        execute :rm, '-f', '/tmp/rotate_password.sql'
+
+        puts "✓ Updated PostgreSQL password for #{app_user}"
+      end
+
+      if config.component_enabled?(:pgbouncer)
+        puts 'Updating PgBouncer userlist...'
+
+        ssh_executor.execute_on_host(host) do
+          postgres_user = config.postgres_user
+          userlist_entries = []
+
+          [postgres_user, app_user].compact.uniq.each do |user|
+            sql = <<~SQL.strip
+              SELECT concat('"', rolname, '" "', rolpassword, '"')
+              FROM pg_authid
+              WHERE rolname = '#{user}'
+            SQL
+
+            upload! StringIO.new(sql), '/tmp/get_user_hash.sql'
+            execute :chmod, '644', '/tmp/get_user_hash.sql'
+            user_hash = capture(:sudo, '-u', postgres_user, 'psql', '-t', '-f', '/tmp/get_user_hash.sql').strip
+            execute :rm, '-f', '/tmp/get_user_hash.sql'
+
+            userlist_entries << user_hash if user_hash && !user_hash.empty?
+          end
+
+          if userlist_entries.any?
+            userlist_content = "#{userlist_entries.join("\n")}\n"
+            upload! StringIO.new(userlist_content), '/tmp/userlist.txt'
+            execute :sudo, 'mv', '/tmp/userlist.txt', '/etc/pgbouncer/userlist.txt'
+            execute :sudo, 'chmod', '640', '/etc/pgbouncer/userlist.txt'
+            execute :sudo, 'chown', 'postgres:postgres', '/etc/pgbouncer/userlist.txt'
+            execute :sudo, 'systemctl', 'reload', 'pgbouncer'
+
+            puts '✓ Updated PgBouncer userlist and reloaded (zero downtime)'
+          end
+        end
+      end
+
+      puts ''
+      puts '✅ Password rotation complete!'
+      puts ''
+      puts '📋 Next steps:'
+      puts '1. Update Rails credentials:'
+      puts '   rails credentials:edit'
+      puts ''
+      puts '   Add/update:'
+      puts '   postgres:'
+      puts "     password: \"#{new_password}\""
+      puts ''
+      puts '2. Restart Rails app to use new password'
+      puts '   cap production deploy:restart'
+      puts ''
+      puts '⚠️  Old password still works until Rails restarts'
+    end
+
+    desc 'Rotate app user password with random generated password (zero downtime)'
+    task rotate_random: :environment do
+      require 'securerandom'
+      new_password = SecureRandom.base64(32)
+
+      puts '🔐 Generated secure random password'
+      puts ''
+
+      Rake::Task['postgres:credentials:rotate'].invoke(new_password)
+    end
+
+    desc 'Rotate all passwords (app, repmgr, superuser) - zero downtime'
+    task rotate_all: :environment do
+      require 'active_postgres'
+      require 'securerandom'
+
+      config = ActivePostgres::Configuration.load
+      ssh_executor = ActivePostgres::SSHExecutor.new(config)
+
+      users = [
+        { name: config.app_user, credential_key: 'password' },
+        { name: config.repmgr_user, credential_key: 'repmgr_password' },
+        { name: 'postgres', credential_key: 'superuser_password' }
+      ]
+
+      new_passwords = {}
+      host = config.primary_host
+
+      puts '🔐 Rotating all PostgreSQL passwords...'
+      puts ''
+
+      users.each do |user_info|
+        username = user_info[:name]
+        new_password = SecureRandom.base64(32)
+        new_passwords[user_info[:credential_key]] = new_password
+
+        puts "Rotating #{username}..."
+
+        ssh_executor.execute_on_host(host) do
+          escaped_password = new_password.gsub("'", "''")
+
+          sql = "ALTER USER #{username} WITH PASSWORD '#{escaped_password}';"
+          upload! StringIO.new(sql), '/tmp/rotate_password.sql'
+          execute :chmod, '644', '/tmp/rotate_password.sql'
+          execute :sudo, '-u', 'postgres', 'psql', '-f', '/tmp/rotate_password.sql'
+          execute :rm, '-f', '/tmp/rotate_password.sql'
+        end
+
+        puts "✓ Updated #{username}"
+      end
+
+      if config.component_enabled?(:pgbouncer)
+        puts ''
+        puts 'Updating PgBouncer userlist...'
+
+        ssh_executor.execute_on_host(host) do
+          postgres_user = 'postgres'
+          userlist_entries = []
+
+          users.map { |u| u[:name] }.compact.uniq.each do |user|
+            sql = <<~SQL.strip
+              SELECT concat('"', rolname, '" "', rolpassword, '"')
+              FROM pg_authid
+              WHERE rolname = '#{user}'
+            SQL
+
+            upload! StringIO.new(sql), '/tmp/get_user_hash.sql'
+            execute :chmod, '644', '/tmp/get_user_hash.sql'
+            user_hash = capture(:sudo, '-u', postgres_user, 'psql', '-t', '-f', '/tmp/get_user_hash.sql').strip
+            execute :rm, '-f', '/tmp/get_user_hash.sql'
+
+            userlist_entries << user_hash if user_hash && !user_hash.empty?
+          end
+
+          if userlist_entries.any?
+            userlist_content = "#{userlist_entries.join("\n")}\n"
+            execute :sudo, 'tee', '/etc/pgbouncer/userlist.txt', stdin: StringIO.new(userlist_content)
+            execute :sudo, 'chmod', '640', '/etc/pgbouncer/userlist.txt'
+            execute :sudo, 'chown', 'postgres:postgres', '/etc/pgbouncer/userlist.txt'
+            execute :sudo, 'systemctl', 'reload', 'pgbouncer'
+
+            puts '✓ PgBouncer userlist updated and reloaded'
+          end
+        end
+      end
+
+      puts ''
+      puts '✅ All passwords rotated!'
+      puts ''
+      puts '📋 New passwords to add to Rails credentials:'
+      puts ''
+      puts 'rails credentials:edit'
+      puts ''
+      puts 'postgres:'
+      new_passwords.each do |key, password|
+        puts "  #{key}: \"#{password}\""
+      end
+      puts ''
+      puts '⚠️  Save these passwords securely before continuing!'
+      puts ''
+      puts 'After updating credentials:'
+      puts '  cap production deploy:restart'
+    end
+  end
+end

data/templates/pg_hba.conf.erb

@@ -0,0 +1,47 @@
+# PostgreSQL Client Authentication Configuration File
+# Generated by active_postgres
+<%
+  core_config = config.component_config(:core)
+  pg_hba_rules = core_config[:pg_hba] || []
+
+  # Detect network from primary private_ip
+  detected_network = if config.primary && config.primary['private_ip']
+    ip_parts = config.primary['private_ip'].split('.')
+    "#{ip_parts[0]}.#{ip_parts[1]}.0.0/16"
+  else
+    '10.8.0.0/16' # Default to common VPN/private network
+  end
+
+  # Default rules if none specified
+  if pg_hba_rules.empty?
+    pg_hba_rules = [
+      {type: 'local', database: 'all', user: 'all', method: 'peer'},
+      {type: 'host', database: 'all', user: 'all', address: '127.0.0.1/32', method: 'scram-sha-256'},
+      {type: 'host', database: 'all', user: 'all', address: detected_network, method: 'scram-sha-256'}
+    ]
+  end
+%>
+
+# TYPE  DATABASE        USER            ADDRESS                 METHOD
+
+<% pg_hba_rules.each do |rule| %>
+<% if rule[:type] == 'local' %>
+<%= rule[:type] %>   <%= rule[:database] %>             <%= rule[:user] %>                                     <%= rule[:method] %>
+<% else %>
+<%= rule[:type] %>    <%= rule[:database] %>             <%= rule[:user] %>             <%= rule[:address] %>            <%= rule[:method] %>
+<% end %>
+<% end %>
+
+<% if config.component_enabled?(:repmgr) && !pg_hba_rules.any? { |r| r[:database] == 'replication' } %>
+# Replication connections (auto-added for repmgr)
+<%
+  # Find the network rule (not 127.0.0.1) for replication, or fall back to 10.8.0.0/24
+  repmgr_network = pg_hba_rules.find { |r| r[:type] == 'host' && r[:address] && !r[:address].start_with?('127.0.0.1') }&.dig(:address) || '10.8.0.0/24'
+  repmgr_user = config.repmgr_user
+  repmgr_db = config.repmgr_database
+%>
+host    replication     <%= repmgr_user %>          <%= repmgr_network %>          scram-sha-256
+host    <%= repmgr_db %>          <%= repmgr_user %>          <%= repmgr_network %>          scram-sha-256
+<% end %>
+
+

data/templates/pgbackrest.conf.erb

@@ -0,0 +1,43 @@
+[global]
+<% if pgbackrest_config[:repo_type] == 's3' %>
+repo1-type=s3
+repo1-path=<%= pgbackrest_config[:repo_path] || '/backups' %>
+repo1-s3-bucket=<%= pgbackrest_config[:s3_bucket] %>
+repo1-s3-region=<%= pgbackrest_config[:s3_region] || 'us-east-1' %>
+<% if pgbackrest_config[:s3_endpoint] %>
+# Custom S3-compatible endpoint (DigitalOcean Spaces, Backblaze B2, Wasabi, MinIO, etc.)
+repo1-s3-endpoint=<%= pgbackrest_config[:s3_endpoint] %>
+repo1-s3-uri-style=<%= pgbackrest_config[:s3_uri_style] || 'path' %>
+<% else %>
+# AWS S3
+repo1-s3-endpoint=s3.<%= pgbackrest_config[:s3_region] || 'us-east-1' %>.amazonaws.com
+<% end %>
+<% if secrets_obj.resolve('s3_access_key') %>
+repo1-s3-key=<%= secrets_obj.resolve('s3_access_key') %>
+repo1-s3-key-secret=<%= secrets_obj.resolve('s3_secret_key') %>
+<% end %>
+<% else %>
+# Local storage
+repo1-path=<%= pgbackrest_config[:repo_path] || '/var/lib/pgbackrest' %>
+<% end %>
+
+# Retention
+repo1-retention-full=<%= pgbackrest_config[:retention_full] || 7 %>
+repo1-retention-archive=<%= pgbackrest_config[:retention_archive] || 14 %>
+
+# Compression
+compress-type=lz4
+compress-level=3
+
+<% if pgbackrest_config[:encryption] %>
+# Encryption (recommended for cloud storage)
+repo1-cipher-type=aes-256-cbc
+repo1-cipher-pass=<%= secrets_obj.resolve('backup_encryption_key') %>
+<% end %>
+
+[main]
+pg1-path=/var/lib/postgresql/<%= config.version %>/main
+pg1-port=5432
+pg1-socket-path=/var/run/postgresql
+
+

data/templates/pgbouncer.ini.erb

@@ -0,0 +1,55 @@
+[databases]
+* = host=<%= pgbouncer_config[:database_host] || '127.0.0.1' %> port=<%= pgbouncer_config[:database_port] || 5432 %>
+
+[pgbouncer]
+# Network settings
+listen_port = <%= pgbouncer_config[:listen_port] || 6432 %>
+listen_addr = <%= pgbouncer_config[:listen_addr] || '*' %>
+unix_socket_dir = <%= pgbouncer_config[:unix_socket_dir] || '/var/run/postgresql' %>
+
+# Authentication
+auth_type = <%= pgbouncer_config[:auth_type] || 'scram-sha-256' %>
+auth_file = <%= pgbouncer_config[:auth_file] || '/etc/pgbouncer/userlist.txt' %>
+
+# Pool settings (automatically calculated based on PostgreSQL max_connections)
+pool_mode = <%= pgbouncer_config[:pool_mode] || 'transaction' %>
+max_client_conn = <%= pgbouncer_config[:max_client_conn] || 1000 %>
+default_pool_size = <%= pgbouncer_config[:default_pool_size] || 25 %>
+<% if pgbouncer_config[:min_pool_size] %>
+min_pool_size = <%= pgbouncer_config[:min_pool_size] %>
+<% end %>
+reserve_pool_size = <%= pgbouncer_config[:reserve_pool_size] || 5 %>
+reserve_pool_timeout = <%= pgbouncer_config[:reserve_pool_timeout] || 5 %>
+<% if pgbouncer_config[:max_db_connections] %>
+max_db_connections = <%= pgbouncer_config[:max_db_connections] %>
+<% end %>
+<% if pgbouncer_config[:max_user_connections] %>
+max_user_connections = <%= pgbouncer_config[:max_user_connections] %>
+<% end %>
+
+# Connection behavior
+server_reset_query = <%= pgbouncer_config[:server_reset_query] || 'DISCARD ALL' %>
+server_lifetime = <%= pgbouncer_config[:server_lifetime] || 3600 %>
+server_idle_timeout = <%= pgbouncer_config[:server_idle_timeout] || 600 %>
+server_connect_timeout = <%= pgbouncer_config[:server_connect_timeout] || 15 %>
+client_idle_timeout = <%= pgbouncer_config[:client_idle_timeout] || 0 %>
+client_login_timeout = <%= pgbouncer_config[:client_login_timeout] || 60 %>
+query_timeout = <%= pgbouncer_config[:query_timeout] || 0 %>
+query_wait_timeout = <%= pgbouncer_config[:query_wait_timeout] || 120 %>
+
+# Logging and administration
+admin_users = <%= pgbouncer_config[:admin_users] || config.postgres_user %>
+stats_users = <%= pgbouncer_config[:stats_users] || config.postgres_user %>
+log_connections = <%= pgbouncer_config[:log_connections] || 1 %>
+log_disconnections = <%= pgbouncer_config[:log_disconnections] || 1 %>
+log_pooler_errors = <%= pgbouncer_config[:log_pooler_errors] || 1 %>
+
+# Process management
+<% if pgbouncer_config[:pidfile] %>
+pidfile = <%= pgbouncer_config[:pidfile] %>
+<% end %>
+<% if pgbouncer_config[:logfile] %>
+logfile = <%= pgbouncer_config[:logfile] %>
+<% end %>
+
+