active_postgres 0.6.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cccb8eff8b3ff2ae0f3413bef89b81a1b5b487e474222a9ff3e85fc74e57c5e9
-  data.tar.gz: 05a21ba9f1a29b6b5d451b3c059fd6a15135b8d6ecd7bad7d6232e6c30a5d63a
+  metadata.gz: 0266b3f7dabc2d844b30aa6410cfd7c59131a7fb77a2dea85f01f9a66c2a2443
+  data.tar.gz: fd720306229f1ddea1d4e01a9dc3a5df3b7a60a620c38e86779e82f9698ebcbc
 SHA512:
-  metadata.gz: '05819a2a73506fb087831e9ad69b6901b8bd6f14f0559a8e08d8c7fbbbff5c20eabc616bf0c862dd95757dab18a52666d8c0c1c00a63dc23b2094849160ce80b'
-  data.tar.gz: 2733384099851358c38788c41f77768e7a781cd99b7492aa4c10c85758a520167ad954657e0842d7b55681b2f932515933e887706ba3e2d39a50c44fdbd1e7e5
+  metadata.gz: bb3bc17966f9ebe98a55f09f678fe2bc2e57b92615c45848c347a7568f6e3bb61d15788d6bb16008e4498a9b944a3f53241f2e2579b204d28679341b041f4978
+  data.tar.gz: 3863cace22d1ba3aea901d312d26152de067c7ca898ddff5b654a75702a9e6b4c01f6ffbac820fed338fc5db8ce011ad39676143f81f785f66f7fec72cd72ae5

data/lib/active_postgres/components/base.rb

@@ -23,6 +23,16 @@ module ActivePostgres
 
       protected
 
+      def substitute_private_ip(pg_config, private_ip)
+        pg_config.transform_values do |value|
+          if value.is_a?(String)
+            value.gsub('${private_ip}', private_ip)
+          else
+            value
+          end
+        end
+      end
+
       def render_template(template_name, binding_context)
         template_path = File.join(ActivePostgres.root, 'templates', template_name)
         template = ERB.new(File.read(template_path), trim_mode: '-')

data/lib/active_postgres/components/core.rb

@@ -96,16 +96,6 @@ module ActivePostgres
         optimal_settings.merge(user_postgresql)
       end
 
-      def substitute_private_ip(pg_config, private_ip)
-        pg_config.transform_values do |value|
-          if value.is_a?(String)
-            value.gsub('${private_ip}', private_ip)
-          else
-            value
-          end
-        end
-      end
-
       def install_packages_only(host)
         puts "  Installing packages on #{host} (cluster will be created by repmgr)..."
         ssh_executor.install_postgres(host, config.version)

data/lib/active_postgres/components/pgbouncer.rb

@@ -52,37 +52,50 @@ module ActivePostgres
       def install_on_host(host)
         puts "  Installing PgBouncer on #{host}..."
 
-        # Get user config
         user_config = config.component_config(:pgbouncer)
 
-        # Calculate optimal pool settings based on PostgreSQL max_connections
         max_connections = get_postgres_max_connections(host)
         optimal_pool = ConnectionPooler.calculate_optimal_pool_sizes(max_connections)
 
-        # Merge: user config overrides calculated settings
         pgbouncer_config = optimal_pool.merge(user_config)
-        _ = pgbouncer_config # Used in ERB template
+        ssl_enabled = config.component_enabled?(:ssl)
 
         puts "  Calculated pool settings for max_connections=#{max_connections}"
 
-        # Install package
         ssh_executor.execute_on_host(host) do
           execute :sudo, 'apt-get', 'install', '-y', '-qq', 'pgbouncer'
         end
 
-        # Upload configuration
         upload_template(host, 'pgbouncer.ini.erb', '/etc/pgbouncer/pgbouncer.ini', binding, mode: '644')
 
-        # Create userlist with postgres superuser and app user
+        setup_ssl_certs(host) if ssl_enabled
+
         create_userlist(host)
 
-        # Enable and start
         ssh_executor.execute_on_host(host) do
           execute :sudo, 'systemctl', 'enable', 'pgbouncer'
           execute :sudo, 'systemctl', 'restart', 'pgbouncer'
         end
       end
 
+      def setup_ssl_certs(host)
+        puts '  Setting up SSL certificates for PgBouncer...'
+        version = config.version
+
+        ssh_executor.execute_on_host(host) do
+          execute :sudo, 'cp', "/etc/postgresql/#{version}/main/server.crt", '/etc/pgbouncer/server.crt'
+          execute :sudo, 'cp', "/etc/postgresql/#{version}/main/server.key", '/etc/pgbouncer/server.key'
+          execute :sudo, 'chmod', '640', '/etc/pgbouncer/server.key'
+          execute :sudo, 'chown', 'postgres:postgres', '/etc/pgbouncer/server.key'
+          execute :sudo, 'chown', 'postgres:postgres', '/etc/pgbouncer/server.crt'
+        end
+
+        ssl_chain = secrets.resolve('ssl_chain')
+        if ssl_chain
+          ssh_executor.upload_file(host, ssl_chain, '/etc/pgbouncer/ca.crt', mode: '644', owner: 'postgres:postgres')
+        end
+      end
+
       def get_postgres_max_connections(host)
         # Try to get max_connections from running PostgreSQL
         postgres_user = config.postgres_user

data/lib/active_postgres/components/repmgr.rb

@@ -107,6 +107,9 @@ module ActivePostgres
 
         # Performance tuning is handled by the Core component
         pg_config = component_config[:postgresql] || {}
+        # Substitute ${private_ip} with the host's actual private IP
+        private_ip = config.replication_host_for(host)
+        pg_config = substitute_private_ip(pg_config, private_ip)
         _ = pg_config # Used in ERB template
 
         upload_template(host, 'postgresql.conf.erb', "/etc/postgresql/#{version}/main/postgresql.conf", binding,
@@ -307,6 +310,9 @@ module ActivePostgres
 
         # Performance tuning is handled by the Core component
         pg_config = component_config[:postgresql] || {}
+        # Substitute ${private_ip} with the standby's actual private IP
+        private_ip = config.replication_host_for(standby_host)
+        pg_config = substitute_private_ip(pg_config, private_ip)
         _ = pg_config # Used in ERB template
 
         ssh_executor.execute_on_host(standby_host) do

data/lib/active_postgres/configuration.rb

@@ -8,7 +8,6 @@ module ActivePostgres
       @environment = environment
       env_config = config_hash[environment] || {}
 
-      # Check if deployment should be skipped (e.g., for development)
       @skip_deployment = env_config['skip_deployment'] == true
 
       @version = env_config['version'] || 18
@@ -65,6 +64,16 @@ module ActivePostgres
       private_ip_for(node) || host
     end
 
+    # Returns the host to use for direct PostgreSQL connections (private_ip preferred)
+    def connection_host_for(host)
+      node = node_config_for(host)
+      private_ip_for(node) || host
+    end
+
+    def primary_connection_host
+      connection_host_for(primary_host)
+    end
+
     def standby_config_for(host)
       @standbys.find { |s| s['host'] == host }
     end

data/lib/active_postgres/direct_executor.rb

@@ -0,0 +1,92 @@
+require 'pg'
+
+module ActivePostgres
+  class DirectExecutor
+    attr_reader :config
+
+    def initialize(config, quiet: false)
+      @config = config
+      @quiet = quiet
+    end
+
+    def quiet?
+      @quiet
+    end
+
+    def postgres_running?(host)
+      with_connection(host) do |conn|
+        conn.exec('SELECT 1')
+        true
+      end
+    rescue PG::Error
+      false
+    end
+
+    def run_sql(host, sql)
+      with_connection(host) do |conn|
+        result = conn.exec(sql)
+        result.values.flatten.join("\n")
+      end
+    rescue PG::Error => e
+      raise Error, "Failed to execute SQL on #{host}: #{e.message}"
+    end
+
+    def get_postgres_status(host)
+      run_sql(host, 'SELECT version();')
+    end
+
+    private
+
+    def with_connection(host)
+      connection_host = config.connection_host_for(host)
+      superuser_password = resolve_secret(config.secrets_config['superuser_password'])
+
+      conn = PG.connect(
+        host: connection_host,
+        port: 5432,
+        dbname: 'postgres',
+        user: config.postgres_user,
+        password: superuser_password,
+        connect_timeout: 10,
+        sslmode: config.component_enabled?(:ssl) ? 'require' : 'prefer'
+      )
+
+      begin
+        yield conn
+      ensure
+        conn.close
+      end
+    end
+
+    def resolve_secret(value)
+      return nil if value.nil?
+
+      # Handle Rails credentials
+      if value.start_with?('rails_credentials:')
+        return resolve_rails_credentials(value)
+      end
+
+      # Handle environment variables
+      if value.start_with?('$')
+        return ENV[value[1..]]
+      end
+
+      # Handle shell commands
+      if value.start_with?('$(') && value.end_with?(')')
+        return `#{value[2..-2]}`.strip
+      end
+
+      value
+    end
+
+    def resolve_rails_credentials(value)
+      path = value.sub('rails_credentials:', '')
+      keys = path.split('.').map(&:to_sym)
+
+      credentials = Rails.application.credentials
+      keys.reduce(credentials) { |obj, key| obj&.dig(key) }
+    rescue NameError
+      nil
+    end
+  end
+end

data/lib/active_postgres/health_checker.rb

@@ -1,10 +1,19 @@
 module ActivePostgres
   class HealthChecker
-    attr_reader :config, :ssh_executor
+    attr_reader :config, :executor
 
     def initialize(config)
       @config = config
-      @ssh_executor = SSHExecutor.new(config, quiet: true)
+      @executor = create_executor
+    end
+
+    # Backwards compatibility alias
+    def ssh_executor
+      @executor
+    end
+
+    private def create_executor
+      DirectExecutor.new(config, quiet: true)
     end
 
     def show_status
@@ -287,31 +296,29 @@ module ActivePostgres
     def check_pgbouncer_status(host)
       return '-' unless config.component_enabled?(:pgbouncer)
 
-      ssh_executor.execute_on_host(host) do
-        result = capture(:sudo, 'systemctl', 'is-active', 'pgbouncer').strip
-        result == 'active' ? '✓ running' : '✗ down'
-      end
+      check_pgbouncer_direct(host) ? '✓ running' : '✗ down'
     rescue StandardError
       '✗ down'
     end
 
     def check_pgbouncer_running(host)
-      ssh_executor.execute_on_host(host) do
-        result = capture(:sudo, 'systemctl', 'is-active', 'pgbouncer').strip
-        result == 'active'
-      end
+      check_pgbouncer_direct(host)
     rescue StandardError
       false
     end
 
-    def check_pgbouncer_userlist(host)
-      app_user = config.app_user
-      return true unless app_user # No app user configured, skip check
+    def check_pgbouncer_userlist(_host)
+      true
+    end
+
+    def check_pgbouncer_direct(host)
+      require 'socket'
+      connection_host = config.connection_host_for(host)
+      pgbouncer_port = config.component_config(:pgbouncer)[:listen_port] || 6432
 
-      ssh_executor.execute_on_host(host) do
-        userlist = capture(:sudo, 'cat', '/etc/pgbouncer/userlist.txt').strip
-        userlist.include?(app_user)
-      end
+      socket = TCPSocket.new(connection_host, pgbouncer_port)
+      socket.close
+      true
     rescue StandardError
       false
     end

data/lib/active_postgres/version.rb

@@ -1,3 +1,3 @@
 module ActivePostgres
-  VERSION = '0.6.0'.freeze
+  VERSION = '0.8.0'.freeze
 end

data/lib/active_postgres.rb

@@ -21,6 +21,7 @@ require_relative 'active_postgres/standby_deployment_flow'
 require_relative 'active_postgres/cli'
 require_relative 'active_postgres/installer'
 require_relative 'active_postgres/ssh_executor'
+require_relative 'active_postgres/direct_executor'
 require_relative 'active_postgres/health_checker'
 require_relative 'active_postgres/failover'
 require_relative 'active_postgres/performance_tuner'

data/templates/pgbouncer.ini.erb

@@ -44,6 +44,14 @@ log_connections = <%= pgbouncer_config[:log_connections] || 1 %>
 log_disconnections = <%= pgbouncer_config[:log_disconnections] || 1 %>
 log_pooler_errors = <%= pgbouncer_config[:log_pooler_errors] || 1 %>
 
+<% if ssl_enabled %>
+# Client TLS (incoming connections from Rails)
+client_tls_sslmode = require
+client_tls_key_file = /etc/pgbouncer/server.key
+client_tls_cert_file = /etc/pgbouncer/server.crt
+client_tls_ca_file = /etc/pgbouncer/ca.crt
+<% end %>
+
 # Process management
 <% if pgbouncer_config[:pidfile] %>
 pidfile = <%= pgbouncer_config[:pidfile] %>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: active_postgres
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.8.0
 platform: ruby
 authors:
 - BoringCache
@@ -169,6 +169,7 @@ files:
 - lib/active_postgres/connection_pooler.rb
 - lib/active_postgres/credentials.rb
 - lib/active_postgres/deployment_flow.rb
+- lib/active_postgres/direct_executor.rb
 - lib/active_postgres/error_handler.rb
 - lib/active_postgres/failover.rb
 - lib/active_postgres/generators/active_postgres/install_generator.rb
@@ -220,7 +221,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.7.2
+rubygems_version: 3.6.9
 specification_version: 4
 summary: PostgreSQL High Availability for Rails, made simple
 test_files: []