active_postgres 0.4.0

data/lib/active_postgres/health_checker.rb

@@ -0,0 +1,244 @@
+module ActivePostgres
+  class HealthChecker
+    attr_reader :config, :ssh_executor
+
+    def initialize(config)
+      @config = config
+      @ssh_executor = SSHExecutor.new(config, quiet: true)
+    end
+
+    def show_status
+      puts
+      puts "PostgreSQL Cluster Status (#{config.environment})"
+      puts '=' * 70
+      puts
+
+      # Collect all node data first
+      nodes = collect_node_status
+
+      # Print table
+      print_status_table(nodes)
+
+      # Print components
+      print_components
+
+      puts
+    end
+
+    def run_health_checks
+      puts '==> Running health checks...'
+      puts
+
+      all_ok = true
+
+      # Check primary
+      print "Primary (#{config.primary_host})... "
+      if check_postgres_running(config.primary_host)
+        puts '✓'
+      else
+        puts '✗'
+        all_ok = false
+      end
+
+      # Check standbys
+      config.standby_hosts.each do |host|
+        print "Standby (#{host})... "
+        if check_postgres_running(host) && check_replication_status(host)
+          puts '✓'
+        else
+          puts '✗'
+          all_ok = false
+        end
+      end
+
+      puts
+      if all_ok
+        puts '✓ All checks passed'
+      else
+        puts '✗ Some checks failed'
+      end
+
+      all_ok
+    end
+
+    def cluster_status
+      status = {
+        primary: {
+          host: config.primary_host,
+          status: check_postgres_running(config.primary_host) ? 'running' : 'down',
+          connections: get_connection_count(config.primary_host),
+          replication_lag: nil
+        },
+        standbys: []
+      }
+
+      config.standby_hosts.each do |host|
+        standby_status = {
+          host: host,
+          status: check_postgres_running(host) ? 'streaming' : 'down',
+          lag: get_replication_lag(host),
+          sync_state: 'async'
+        }
+        status[:standbys] << standby_status
+      end
+
+      status
+    end
+
+    private
+
+    def collect_node_status
+      nodes = []
+
+      # Primary
+      primary_config = config.primary
+      nodes << {
+        role: 'primary',
+        host: config.primary_host,
+        private_ip: primary_config&.dig('private_ip') || '-',
+        label: primary_config&.dig('label') || '-',
+        status: check_postgres_running(config.primary_host) ? '✓ running' : '✗ down',
+        connections: get_connection_count(config.primary_host),
+        lag: '-'
+      }
+
+      # Standbys
+      config.standby_hosts.each_with_index do |host, i|
+        standby_config = config.standbys[i]
+        running = check_postgres_running(host)
+
+        nodes << {
+          role: 'standby',
+          host: host,
+          private_ip: standby_config&.dig('private_ip') || '-',
+          label: standby_config&.dig('label') || '-',
+          status: running ? '✓ streaming' : '✗ down',
+          connections: running ? get_connection_count(host) : 0,
+          lag: running ? get_replication_lag(host) : '-'
+        }
+      end
+
+      nodes
+    end
+
+    def print_status_table(nodes)
+      cols = calculate_column_widths(nodes)
+      print_table_header(cols)
+      nodes.each { |node| print_table_row(node, cols) }
+    end
+
+    def calculate_column_widths(nodes)
+      {
+        role: [4, nodes.map { |n| n[:role].length }.max].max,
+        host: [4, nodes.map { |n| n[:host].length }.max].max,
+        private_ip: [10, nodes.map { |n| n[:private_ip].to_s.length }.max].max,
+        label: [5, nodes.map { |n| n[:label].to_s.length }.max].max,
+        status: [6, nodes.map { |n| n[:status].length }.max].max,
+        conn: 5,
+        lag: [3, nodes.map { |n| n[:lag].to_s.length }.max].max
+      }
+    end
+
+    def print_table_header(cols)
+      fmt = "%-#{cols[:role]}s  %-#{cols[:host]}s  %-#{cols[:private_ip]}s  " \
+            "%-#{cols[:label]}s  %-#{cols[:status]}s  %#{cols[:conn]}s  %#{cols[:lag]}s"
+      header = format(fmt, 'Role', 'Host', 'Private IP', 'Label', 'Status', 'Conn', 'Lag')
+      puts header
+      puts '-' * header.length
+    end
+
+    def print_table_row(node, cols)
+      fmt = "%-#{cols[:role]}s  %-#{cols[:host]}s  %-#{cols[:private_ip]}s  " \
+            "%-#{cols[:label]}s  %-#{cols[:status]}s  %#{cols[:conn]}d  %#{cols[:lag]}s"
+      puts format(fmt, node[:role], node[:host], node[:private_ip], node[:label],
+                  node[:status], node[:connections], node[:lag])
+    end
+
+    def print_components
+      enabled = []
+      enabled << 'repmgr' if config.component_enabled?(:repmgr)
+      enabled << 'pgbouncer' if config.component_enabled?(:pgbouncer)
+      enabled << 'pgbackrest' if config.component_enabled?(:pgbackrest)
+      enabled << 'monitoring' if config.component_enabled?(:monitoring)
+      enabled << 'ssl' if config.component_enabled?(:ssl)
+
+      return if enabled.empty?
+
+      puts
+      puts "Components: #{enabled.join(', ')}"
+    end
+
+    def check_host_status(host, is_primary:)
+      running = check_postgres_running(host)
+
+      if running
+        puts '  Status: Running'
+
+        connections = get_connection_count(host)
+        puts "  Connections: #{connections}"
+
+        unless is_primary
+          lag = get_replication_lag(host)
+          puts "  Replication lag: #{lag}"
+        end
+      else
+        puts '  Status: Down'
+      end
+    end
+
+    def check_postgres_running(host)
+      ssh_executor.postgres_running?(host)
+    rescue StandardError
+      false
+    end
+
+    def check_replication_status(host)
+      result = ssh_executor.run_sql(host, 'SELECT pg_is_in_recovery();')
+      result.include?('t')
+    rescue StandardError
+      false
+    end
+
+    def get_connection_count(host)
+      result = ssh_executor.run_sql(host, 'SELECT count(*) FROM pg_stat_activity;')
+      result.match(/\d+/)[0].to_i
+    rescue StandardError
+      0
+    end
+
+    def get_replication_lag(host)
+      # Get lag from primary's perspective (more accurate)
+      standby_ip = config.replication_host_for(host)
+      lag_bytes = get_lag_from_primary(standby_ip)
+
+      return format_lag(lag_bytes) if lag_bytes
+
+      # Fallback: query standby directly
+      result = ssh_executor.run_sql(host, 'SELECT pg_wal_lsn_diff(pg_last_wal_receive_lsn(), pg_last_wal_replay_lsn());')
+      lag = result.match(/-?\d+/)[0].to_i.abs
+      format_lag(lag)
+    rescue StandardError
+      'unknown'
+    end
+
+    def get_lag_from_primary(standby_ip)
+      sql = 'SELECT pg_wal_lsn_diff(pg_current_wal_lsn(), replay_lsn)::bigint as lag ' \
+            "FROM pg_stat_replication WHERE client_addr = '#{standby_ip}';"
+      result = ssh_executor.run_sql(config.primary_host, sql)
+      result.match(/-?\d+/)[0].to_i.abs
+    rescue StandardError
+      nil
+    end
+
+    def format_lag(bytes)
+      return '0 (synced)' if bytes.zero?
+      return "#{bytes} B" if bytes < 1024
+
+      kb = bytes / 1024.0
+      return "#{kb.round(1)} KB" if kb < 1024
+
+      mb = kb / 1024.0
+      "#{mb.round(1)} MB"
+    end
+  end
+end

data/lib/active_postgres/installer.rb

@@ -0,0 +1,114 @@
+module ActivePostgres
+  class Installer
+    include ComponentResolver
+
+    attr_reader :config, :dry_run, :ssh_executor, :secrets, :logger, :rollback_manager, :skip_validation, :use_optimized
+
+    def initialize(config, dry_run: false, verbose: false, skip_validation: false, use_optimized: true,
+                   skip_rollback: false)
+      @config = config
+      @dry_run = dry_run
+      @skip_validation = skip_validation
+      @use_optimized = use_optimized
+      @skip_rollback = skip_rollback || ENV['SKIP_ROLLBACK'] == 'true'
+      @ssh_executor = SSHExecutor.new(config)
+      @secrets = Secrets.new(config)
+      @logger = Logger.new(verbose: verbose || ENV['VERBOSE'] == 'true')
+      @rollback_manager = skip_rollback ? nil : RollbackManager.new(config, ssh_executor, logger: logger)
+    end
+
+    def setup
+      logger.warn 'Skipping pre-flight validation (--skip-validation flag)' if skip_validation
+
+      flow = ClusterDeploymentFlow.new(
+        config,
+        ssh_executor: ssh_executor,
+        secrets: secrets,
+        logger: logger,
+        rollback_manager: rollback_manager,
+        skip_validation: skip_validation
+      )
+      flow.execute
+    end
+
+    def setup_component(component_name)
+      logger.task("Setting up #{component_name}") do
+        component_class = component_class_for(component_name)
+        component = component_class.new(config, ssh_executor, secrets)
+
+        if dry_run
+          logger.info "[DRY RUN] Would setup #{component_name}"
+        else
+          # Register rollback for this component
+          rollback_manager.register("Uninstall #{component_name}", host: nil) do
+            component.uninstall
+          rescue StandardError => e
+            logger.warn "Failed to uninstall #{component_name}: #{e.message}"
+          end
+
+          component.install
+        end
+
+        logger.success "#{component_name} setup complete"
+      end
+    end
+
+    def uninstall_component(component_name)
+      puts "==> Uninstalling #{component_name}..."
+
+      component_class = component_class_for(component_name)
+      component = component_class.new(config, ssh_executor, secrets)
+      component.uninstall
+
+      puts "✓ #{component_name} uninstalled"
+    end
+
+    def restart_component(component_name)
+      puts "==> Restarting #{component_name}..."
+
+      component_class = component_class_for(component_name)
+      component = component_class.new(config, ssh_executor, secrets)
+      component.restart
+
+      puts "✓ #{component_name} restarted"
+    end
+
+    def run_backup(type)
+      puts "==> Running #{type} backup..."
+
+      component = Components::PgBackRest.new(config, ssh_executor, secrets)
+      component.run_backup(type)
+
+      puts '✓ Backup complete'
+    end
+
+    def run_restore(backup_id)
+      puts "==> Restoring from backup #{backup_id}..."
+
+      component = Components::PgBackRest.new(config, ssh_executor, secrets)
+      component.run_restore(backup_id)
+
+      puts '✓ Restore complete'
+    end
+
+    def list_backups
+      component = Components::PgBackRest.new(config, ssh_executor, secrets)
+      component.list_backups
+    end
+
+    def setup_standby_only(standby_host)
+      logger.warn 'Skipping pre-flight validation (--skip-validation flag)' if skip_validation
+
+      flow = StandbyDeploymentFlow.new(
+        config,
+        standby_host: standby_host,
+        ssh_executor: ssh_executor,
+        secrets: secrets,
+        logger: logger,
+        rollback_manager: rollback_manager,
+        skip_validation: skip_validation
+      )
+      flow.execute
+    end
+  end
+end

data/lib/active_postgres/log_sanitizer.rb

@@ -0,0 +1,67 @@
+module ActivePostgres
+  # Sanitizes sensitive information from logs - CRITICAL for production security
+  module LogSanitizer
+    # Patterns for sensitive data that must NEVER appear in logs
+    SENSITIVE_PATTERNS = [
+      # Passwords in connection strings (matches until whitespace)
+      # Handles special chars like: password=abc}def~ghi!@#$%^&*()
+      /password[=:]\s*(\S+)/i,
+      /PGPASSWORD[=:]\s*(\S+)/i,
+      /passwd[=:]\s*(\S+)/i,
+
+      # Connection strings with passwords
+      %r{(postgresql://[^:]+:)([^@]+)(@)}i,
+      %r{(postgres://[^:]+:)([^@]+)(@)}i,
+
+      # SSH keys
+      /-----BEGIN [A-Z ]+ KEY-----[\s\S]+?-----END [A-Z ]+ KEY-----/,
+
+      # Tokens and secrets
+      /token[=:]\s*(\S+)/i,
+      /secret[=:]\s*(\S+)/i,
+      /api[_-]?key[=:]\s*(\S+)/i,
+
+      # AWS credentials
+      /aws[_-]?access[_-]?key[_-]?id[=:]\s*(\S+)/i,
+      /aws[_-]?secret[_-]?access[_-]?key[=:]\s*(\S+)/i
+    ].freeze
+
+    REDACTED_TEXT = '[REDACTED]'.freeze
+
+    def self.sanitize(text)
+      return text if text.nil? || text.empty?
+
+      sanitized = text.to_s.encode('UTF-8', invalid: :replace, undef: :replace, replace: '?')
+
+      SENSITIVE_PATTERNS.each do |pattern|
+        sanitized.gsub!(pattern) do |match|
+          # Replace only the sensitive part, keep structure
+          if ::Regexp.last_match(1) # Captured group exists
+            match.gsub(::Regexp.last_match(1), REDACTED_TEXT)
+          else
+            REDACTED_TEXT
+          end
+        end
+      end
+
+      sanitized
+    end
+
+    def self.sanitize_hash(hash)
+      return hash unless hash.is_a?(Hash)
+
+      hash.transform_values do |value|
+        case value
+        when Hash
+          sanitize_hash(value)
+        when String
+          sanitize(value)
+        when Array
+          value.map { |v| v.is_a?(String) ? sanitize(v) : v }
+        else
+          value
+        end
+      end
+    end
+  end
+end

data/lib/active_postgres/logger.rb

@@ -0,0 +1,125 @@
+require 'logger'
+
+module ActivePostgres
+  class Logger
+    LEVELS = {
+      debug: ::Logger::DEBUG,
+      info: ::Logger::INFO,
+      warn: ::Logger::WARN,
+      error: ::Logger::ERROR,
+      fatal: ::Logger::FATAL
+    }.freeze
+
+    attr_reader :logger, :verbose
+
+    def initialize(verbose: false, log_file: nil)
+      @verbose = verbose
+      @logger = setup_logger(log_file)
+      @step_number = 0
+      @current_task = nil
+    end
+
+    def setup_logger(log_file)
+      if log_file
+        file_logger = ::Logger.new(log_file, 'daily')
+        file_logger.level = ::Logger::DEBUG
+        file_logger
+      else
+        ::Logger.new($stdout).tap do |l|
+          l.level = verbose ? ::Logger::DEBUG : ::Logger::INFO
+          l.formatter = proc do |severity, _datetime, _progname, msg|
+            case severity
+            when 'DEBUG'
+              "#{msg}\n" if verbose
+            when 'INFO'
+              "#{msg}\n"
+            when 'WARN'
+              "⚠️  #{msg}\n"
+            when 'ERROR'
+              "❌ #{msg}\n"
+            when 'FATAL'
+              "💀 #{msg}\n"
+            else
+              "#{msg}\n"
+            end
+          end
+        end
+      end
+    end
+
+    def task(description)
+      @step_number += 1
+      @current_task = description
+      logger.info "#{@step_number}. #{sanitize(description)}"
+
+      start_time = Time.now
+      result = yield
+      duration = Time.now - start_time
+
+      completed_message = "Completed in #{duration.round(2)}s"
+      logger.debug "  #{sanitize(completed_message)}"
+      result
+    rescue StandardError => e
+      failure_message = "Failed: #{e.message}"
+      logger.error "  #{sanitize(failure_message)}"
+      raise
+    ensure
+      @current_task = nil
+    end
+
+    def step(description)
+      logger.info "  → #{sanitize(description)}"
+      yield if block_given?
+    end
+
+    def debug(message)
+      logger.debug "    #{sanitize(message)}"
+    end
+
+    def info(message)
+      logger.info "  #{sanitize(message)}"
+    end
+
+    def warn(message)
+      logger.warn "  #{sanitize(message)}"
+    end
+
+    def error(message)
+      logger.error "  #{sanitize(message)}"
+    end
+
+    def fatal(message)
+      logger.fatal "  #{sanitize(message)}"
+    end
+
+    def success(message)
+      logger.info "  ✅ #{sanitize(message)}"
+    end
+
+    def progress(message)
+      logger.info "  ⏳ #{sanitize(message)}"
+    end
+
+    # Format diagnostic information nicely
+    def diagnostic(title, content)
+      logger.debug "\n  📋 #{sanitize(title)}:"
+      content.each_line do |line|
+        logger.debug "     #{sanitize(line.chomp)}"
+      end
+      logger.debug ''
+    end
+
+    # Log a section header
+    def section(title)
+      logger.info sanitize("\n#{'=' * 60}")
+      logger.info sanitize(title.center(60))
+      logger.info sanitize("#{'=' * 60}\n")
+    end
+
+    private
+
+    def sanitize(message)
+      LogSanitizer.sanitize(message.to_s)
+    end
+  end
+end