active_postgres 0.8.0 → 0.9.1

data/lib/active_postgres/configuration.rb

@@ -2,7 +2,8 @@ require 'yaml'
 
 module ActivePostgres
   class Configuration
-    attr_reader :environment, :version, :user, :ssh_key, :primary, :standbys, :components, :secrets_config, :database_config
+    attr_reader :environment, :version, :user, :ssh_key, :ssh_host_key_verification, :primary, :standbys, :components, :secrets_config,
+                :database_config
 
     def initialize(config_hash, environment = 'development')
       @environment = environment
@@ -13,6 +14,9 @@ module ActivePostgres
       @version = env_config['version'] || 18
       @user = env_config['user'] || 'ubuntu'
       @ssh_key = File.expand_path(env_config['ssh_key'] || '~/.ssh/id_rsa')
+      @ssh_host_key_verification = normalize_ssh_host_key_verification(
+        env_config['ssh_host_key_verification'] || env_config['ssh_verify_host_key']
+      )
 
       @primary = env_config['primary'] || {}
       @standbys = env_config['standby'] || []
@@ -91,6 +95,46 @@ module ActivePostgres
 
       # Validate required secrets if components are enabled
       raise Error, 'Missing replication_password secret' if component_enabled?(:repmgr) && !secrets_config['replication_password']
+      raise Error, 'Missing monitoring_password secret' if component_enabled?(:monitoring) && !secrets_config['monitoring_password']
+      if component_enabled?(:monitoring)
+        grafana_config = component_config(:monitoring)[:grafana] || {}
+        if grafana_config[:enabled] && !secrets_config['grafana_admin_password']
+          raise Error, 'Missing grafana_admin_password secret'
+        end
+        if grafana_config[:enabled] && grafana_config[:host].to_s.strip.empty?
+          raise Error, 'monitoring.grafana.host is required when grafana is enabled'
+        end
+      end
+      if component_enabled?(:pgbackrest)
+        pg_config = component_config(:pgbackrest)
+        retention_full = pg_config[:retention_full]
+        retention_archive = pg_config[:retention_archive]
+        if retention_full && retention_archive && retention_archive.to_i < retention_full.to_i
+          raise Error, 'pgbackrest.retention_archive must be >= retention_full for PITR safety'
+        end
+      end
+
+        if component_enabled?(:repmgr)
+          dns_failover = component_config(:repmgr)[:dns_failover]
+          if dns_failover && dns_failover[:enabled]
+            domains = Array(dns_failover[:domains] || dns_failover[:domain]).map(&:to_s).map(&:strip).reject(&:empty?)
+            servers = Array(dns_failover[:dns_servers])
+            provider = (dns_failover[:provider] || 'dnsmasq').to_s.strip
+
+            raise Error, 'dns_failover.domain or dns_failover.domains is required when enabled' if domains.empty?
+            raise Error, 'dns_failover.dns_servers is required when enabled' if servers.empty?
+            raise Error, "Unsupported dns_failover provider '#{provider}'" unless provider == 'dnsmasq'
+
+            servers.each do |server|
+              next unless server.is_a?(Hash)
+
+              ssh_host = server['ssh_host'] || server[:ssh_host] || server['host'] || server[:host]
+              private_ip = server['private_ip'] || server[:private_ip] || server['ip'] || server[:ip]
+              raise Error, 'dns_failover.dns_servers entries must include host/ssh_host or private_ip' if
+                (ssh_host.nil? || ssh_host.to_s.strip.empty?) && (private_ip.nil? || private_ip.to_s.strip.empty?)
+            end
+          end
+        end
 
       true
     end
@@ -108,6 +152,10 @@ module ActivePostgres
       component_config(:repmgr)[:database] || 'repmgr'
     end
 
+    def replication_user
+      component_config(:repmgr)[:replication_user] || 'replication'
+    end
+
     def pgbouncer_user
       component_config(:pgbouncer)[:user] || 'pgbouncer'
     end
@@ -195,5 +243,22 @@ module ActivePostgres
         value
       end
     end
+
+    def normalize_ssh_host_key_verification(value)
+      return :always if value.nil?
+
+      normalized = case value
+                   when Symbol
+                     value
+                   else
+                     value.to_s.strip.downcase.tr('-', '_').to_sym
+                   end
+
+      return :always if normalized == :always
+      return :accept_new if %i[accept_new acceptnew new].include?(normalized)
+
+      raise Error,
+            "Invalid ssh_host_key_verification '#{value}'. Use 'always' or 'accept_new'."
+    end
   end
 end

data/lib/active_postgres/connection_pooler.rb

@@ -321,10 +321,7 @@ module ActivePostgres
           WHERE passwd IS NOT NULL
         SQL
 
-        upload! StringIO.new(sql), '/tmp/get_all_users.sql'
-        execute :chmod, '644', '/tmp/get_all_users.sql'
-        userlist = capture(:sudo, '-u', postgres_user, 'psql', '-t', '-f', '/tmp/get_all_users.sql').strip
-        execute :rm, '-f', '/tmp/get_all_users.sql'
+        userlist = @ssh_executor.run_sql_on_backend(self, sql, postgres_user: postgres_user).to_s.strip
 
         unless userlist.include?(pgbouncer_user)
           pgbouncer_pass = SecureRandom.hex(16)
@@ -335,10 +332,7 @@ module ActivePostgres
             "GRANT CONNECT ON DATABASE postgres TO #{pgbouncer_user};"
           ].join("\n")
 
-          upload! StringIO.new(sql), '/tmp/create_pgbouncer_user.sql'
-          execute :chmod, '644', '/tmp/create_pgbouncer_user.sql'
-          execute :sudo, '-u', postgres_user, 'psql', '-f', '/tmp/create_pgbouncer_user.sql'
-          execute :rm, '-f', '/tmp/create_pgbouncer_user.sql'
+          @ssh_executor.run_sql_on_backend(self, sql, postgres_user: postgres_user, tuples_only: false, capture: false)
 
           sql = <<~SQL.strip
             SELECT passwd
@@ -346,10 +340,7 @@ module ActivePostgres
             WHERE usename = '#{pgbouncer_user}'
           SQL
 
-          upload! StringIO.new(sql), '/tmp/get_pgbouncer_pass.sql'
-          execute :chmod, '644', '/tmp/get_pgbouncer_pass.sql'
-          encrypted = capture(:sudo, '-u', postgres_user, 'psql', '-t', '-f', '/tmp/get_pgbouncer_pass.sql').strip
-          execute :rm, '-f', '/tmp/get_pgbouncer_pass.sql'
+          encrypted = @ssh_executor.run_sql_on_backend(self, sql, postgres_user: postgres_user).to_s.strip
 
           userlist += "\n\"#{pgbouncer_user}\" \"#{encrypted}\""
         end

data/lib/active_postgres/credentials.rb

@@ -2,8 +2,8 @@ module ActivePostgres
   class Credentials
     def self.get(key_path)
       # Try to get from Rails credentials if Rails is available
-      if defined?(Rails) && Rails.respond_to?(:application) && Rails.application
-        value = Rails.application.credentials.dig(*key_path.split('.').map(&:to_sym))
+      if defined?(::Rails) && ::Rails.respond_to?(:application) && ::Rails.application
+        value = ::Rails.application.credentials.dig(*key_path.split('.').map(&:to_sym))
         return value if value
       end
 
@@ -11,7 +11,7 @@ module ActivePostgres
     end
 
     def self.available?
-      defined?(Rails) && Rails.respond_to?(:application) && Rails.application&.credentials
+      defined?(::Rails) && ::Rails.respond_to?(:application) && ::Rails.application&.credentials
     end
   end
 end

data/lib/active_postgres/direct_executor.rb

@@ -83,8 +83,7 @@ module ActivePostgres
       path = value.sub('rails_credentials:', '')
       keys = path.split('.').map(&:to_sym)
 
-      credentials = Rails.application.credentials
-      keys.reduce(credentials) { |obj, key| obj&.dig(key) }
+      Rails.application.credentials.dig(*keys)
     rescue NameError
       nil
     end

data/lib/active_postgres/generators/active_postgres/install_generator.rb

@@ -112,6 +112,8 @@ module ActivePostgres
         puts "  superuser_password: \"#{generate_secure_password}\""
         puts "  replication_password: \"#{generate_secure_password}\""
         puts "  repmgr_password: \"#{generate_secure_password}\""
+        puts "  monitoring_password: \"#{generate_secure_password}\""
+        puts "  grafana_admin_password: \"#{generate_secure_password}\""
         puts
         puts '🔐 Secure passwords have been auto-generated above.'
         puts '📌 Update primary_host and replica_host with your actual IPs after provisioning.'

data/lib/active_postgres/generators/active_postgres/templates/postgres.yml.erb

@@ -11,6 +11,8 @@ shared: &shared
   version: 18
   user: ubuntu
   ssh_key: ~/.ssh/id_rsa
+  # SSH host key verification: always (strict) or accept_new (first connection)
+  ssh_host_key_verification: always
 
   components:
     core:
@@ -31,17 +33,41 @@ shared: &shared
       # Optional: Override default repmgr user/database
       # user: repmgr
       # database: repmgr
+      # replication_user: replication
+      # dns_failover:
+      #   enabled: true
+      #   provider: dnsmasq
+      #   domain: mesh.internal
+      #   dns_servers:
+      #     - host: 18.170.173.14
+      #       private_ip: 10.8.0.10
+      #     - host: 98.85.183.175
+      #       private_ip: 10.8.0.110
+      #   primary_record: db-primary.mesh.internal
+      #   replica_record: db-replica.mesh.internal
 
     pgbouncer:
       enabled: false
       # Optional: Override default pgbouncer user
       # user: pgbouncer
+      # follow_primary: true
+      # follow_primary_interval: 5
     
     pgbackrest:
       enabled: false
     
     monitoring:
       enabled: false
+      # user: postgres_exporter
+      # node_exporter: true
+      # node_exporter_port: 9100
+      # node_exporter_listen_address: 10.8.0.10
+      # grafana:
+      #   enabled: true
+      #   host: grafana.example.com
+      #   listen_address: 10.8.0.10
+      #   port: 3000
+      #   prometheus_url: http://prometheus.example.com:9090
     
     ssl:
       enabled: false
@@ -80,6 +106,7 @@ production:
     superuser_password: rails_credentials:postgres.superuser_password
     replication_password: rails_credentials:postgres.replication_password
     repmgr_password: rails_credentials:postgres.repmgr_password
+    monitoring_password: rails_credentials:postgres.monitoring_password
+    # grafana_admin_password: rails_credentials:postgres.grafana_admin_password
     pgbouncer_password: rails_credentials:postgres.password
     app_password: rails_credentials:postgres.password
-

data/lib/active_postgres/health_checker.rb

@@ -13,7 +13,21 @@ module ActivePostgres
     end
 
     private def create_executor
-      DirectExecutor.new(config, quiet: true)
+      if use_ssh_executor?
+        SSHExecutor.new(config, quiet: true)
+      else
+        DirectExecutor.new(config, quiet: true)
+      end
+    end
+
+    def use_ssh_executor?
+      mode = ENV['ACTIVE_POSTGRES_STATUS_MODE'].to_s.strip.downcase
+      return true if mode == 'ssh'
+      return false if mode == 'direct'
+
+      return false if %w[localhost 127.0.0.1 ::1].include?(config.primary_host.to_s)
+
+      true
     end
 
     def show_status
@@ -312,13 +326,21 @@ module ActivePostgres
     end
 
     def check_pgbouncer_direct(host)
-      require 'socket'
-      connection_host = config.connection_host_for(host)
-      pgbouncer_port = config.component_config(:pgbouncer)[:listen_port] || 6432
+      if ssh_executor.respond_to?(:execute_on_host)
+        status = nil
+        ssh_executor.execute_on_host(host) do
+          status = capture(:systemctl, 'is-active', 'pgbouncer', raise_on_non_zero_exit: false).to_s.strip
+        end
+        status == 'active'
+      else
+        require 'socket'
+        connection_host = config.connection_host_for(host)
+        pgbouncer_port = config.component_config(:pgbouncer)[:listen_port] || 6432
 
-      socket = TCPSocket.new(connection_host, pgbouncer_port)
-      socket.close
-      true
+        socket = TCPSocket.new(connection_host, pgbouncer_port)
+        socket.close
+        true
+      end
     rescue StandardError
       false
     end

data/lib/active_postgres/installer.rb

@@ -91,6 +91,15 @@ module ActivePostgres
       puts '✓ Restore complete'
     end
 
+    def run_restore_at(target_time, target_action: 'promote')
+      puts "==> Restoring to #{target_time} (PITR)..."
+
+      component = Components::PgBackRest.new(config, ssh_executor, secrets)
+      component.run_restore_at(target_time, target_action: target_action)
+
+      puts '✓ Restore complete'
+    end
+
     def list_backups
       component = Components::PgBackRest.new(config, ssh_executor, secrets)
       component.list_backups

data/lib/active_postgres/overview.rb

@@ -0,0 +1,351 @@
+require 'shellwords'
+require 'timeout'
+
+module ActivePostgres
+  class Overview
+    DEFAULT_TIMEOUT = 10
+
+    def initialize(config)
+      @config = config
+      @executor = SSHExecutor.new(config, quiet: true)
+      @health_checker = HealthChecker.new(config)
+    end
+
+    def show
+      puts
+      puts "ActivePostgres Control Tower (#{config.environment})"
+      puts '=' * 70
+      puts
+
+      health_checker.show_status
+
+      show_system_stats
+      show_repmgr_cluster if config.component_enabled?(:repmgr)
+      show_pgbouncer_targets if config.component_enabled?(:pgbouncer)
+      show_dns_status if dns_failover_enabled?
+      show_backups if config.component_enabled?(:pgbackrest)
+
+      puts
+    end
+
+    private
+
+    attr_reader :config, :executor, :health_checker
+
+    def show_repmgr_cluster
+      output = nil
+      postgres_user = config.postgres_user
+      with_timeout('repmgr cluster') do
+        executor.execute_on_host(config.primary_host) do
+          output = capture(:sudo, '-u', postgres_user, 'repmgr', '-f', '/etc/repmgr.conf',
+                           'cluster', 'show', raise_on_non_zero_exit: false).to_s
+        end
+      end
+
+      puts '==> repmgr cluster'
+      puts LogSanitizer.sanitize(output) if output && !output.strip.empty?
+      puts
+    rescue StandardError => e
+      puts "==> repmgr cluster (error: #{e.message})"
+      puts
+    end
+
+    def show_system_stats
+      hosts = config.all_hosts
+      return if hosts.empty?
+
+      paths = system_stat_paths
+
+      puts '==> System stats (DB nodes)'
+      hosts.each do |host|
+        label = config.node_label_for(host)
+        stats = fetch_system_stats(host, paths)
+        if stats.nil?
+          puts "  #{host}#{label ? " (#{label})" : ''}: unavailable"
+          next
+        end
+
+        mem_used_kb = stats[:mem_total_kb] - stats[:mem_avail_kb]
+        mem_pct = stats[:mem_total_kb].positive? ? (mem_used_kb.to_f / stats[:mem_total_kb] * 100).round : 0
+
+        puts "  #{host}#{label ? " (#{label})" : ''}: load #{stats[:loadavg]} | cpu #{stats[:cpu]}% | " \
+             "mem #{format_kb(mem_used_kb)}/#{format_kb(stats[:mem_total_kb])} (#{mem_pct}%)"
+
+        stats[:disks].each do |disk|
+          puts "    disk #{disk[:mount]}: #{format_kb(disk[:used_kb])}/#{format_kb(disk[:total_kb])} (#{disk[:use_pct]})"
+        end
+      end
+      puts
+    rescue StandardError => e
+      puts "==> System stats (error: #{e.message})"
+      puts
+    end
+
+    def show_pgbouncer_targets
+      puts '==> PgBouncer targets'
+      config.all_hosts.each do |host|
+        status = pgbouncer_status(host)
+        target = pgbouncer_target(host)
+        puts "  #{host}: #{status} -> #{target || 'unknown'}"
+      end
+      puts
+    end
+
+    def pgbouncer_status(host)
+      status = nil
+      executor.execute_on_host(host) do
+        status = capture(:systemctl, 'is-active', 'pgbouncer', raise_on_non_zero_exit: false).to_s.strip
+      end
+      status == 'active' ? '✓ running' : '✗ down'
+    rescue StandardError
+      '✗ down'
+    end
+
+    def pgbouncer_target(host)
+      ini = nil
+      executor.execute_on_host(host) do
+        ini = capture(:sudo, 'cat', '/etc/pgbouncer/pgbouncer.ini', raise_on_non_zero_exit: false).to_s
+      end
+      ini[/^\* = host=([^\s]+)/, 1]
+    rescue StandardError
+      nil
+    end
+
+    def show_dns_status
+      dns_config = dns_failover_config
+      dns_servers = normalize_dns_servers(dns_config[:dns_servers])
+      dns_user = (dns_config[:dns_user] || config.user).to_s
+
+      primary_records = normalize_dns_records(dns_config[:primary_records] || dns_config[:primary_record],
+                                              default_prefix: 'db-primary',
+                                              domains: normalize_dns_domains(dns_config))
+      replica_records = normalize_dns_records(dns_config[:replica_records] || dns_config[:replica_record],
+                                              default_prefix: 'db-replica',
+                                              domains: normalize_dns_domains(dns_config))
+      records = primary_records + replica_records
+
+      puts '==> DNS (dnsmasq)'
+      puts "  Servers: #{dns_servers.map { |s| s[:ssh_host] }.join(', ')}"
+
+      record_map = Hash.new { |h, k| h[k] = [] }
+      dns_servers.each do |server|
+        content = dnsmasq_config(server[:ssh_host], dns_user)
+        next if content.to_s.strip.empty?
+
+        content.each_line do |line|
+          next unless line.start_with?('address=/')
+
+          match = line.strip.match(%r{\Aaddress=/([^/]+)/(.+)\z})
+          next unless match
+
+          name = match[1]
+          ip = match[2]
+          next unless records.include?(name)
+
+          record_map[name] << ip
+        end
+      end
+
+      records.uniq.each do |record|
+        ips = record_map[record].uniq
+        display = ips.empty? ? 'missing' : ips.join(', ')
+        warn_suffix = if primary_records.include?(record) && ips.size > 1
+                        ' ⚠️'
+                      else
+                        ''
+                      end
+        puts "  #{record}: #{display}#{warn_suffix}"
+      end
+      puts
+    rescue StandardError => e
+      puts "==> DNS (error: #{e.message})"
+      puts
+    end
+
+    def dnsmasq_config(host, dns_user)
+      content = nil
+      with_timeout("dnsmasq #{host}") do
+        executor.execute_on_host_as(host, dns_user) do
+          content = capture(:sudo, 'sh', '-c',
+                            'cat /etc/dnsmasq.d/active_postgres.conf 2>/dev/null || ' \
+                            'cat /etc/dnsmasq.d/messhy.conf 2>/dev/null || true',
+                            raise_on_non_zero_exit: false).to_s
+        end
+      end
+      content
+    rescue StandardError
+      nil
+    end
+
+    def normalize_dns_servers(raw_servers)
+      Array(raw_servers).map do |server|
+        if server.is_a?(Hash)
+          ssh_host = server[:ssh_host] || server['ssh_host'] || server[:host] || server['host']
+          private_ip = server[:private_ip] || server['private_ip'] || server[:ip] || server['ip']
+          private_ip ||= ssh_host
+          ssh_host ||= private_ip
+          { ssh_host: ssh_host.to_s, private_ip: private_ip.to_s }
+        else
+          value = server.to_s
+          { ssh_host: value, private_ip: value }
+        end
+      end
+    end
+
+    def normalize_dns_domains(dns_config)
+      Array(dns_config[:domains] || dns_config[:domain]).map(&:to_s).map(&:strip).reject(&:empty?)
+    end
+
+    def normalize_dns_records(value, default_prefix:, domains:)
+      records = Array(value).map(&:to_s).map(&:strip).reject(&:empty?)
+      return records unless records.empty?
+
+      domains = ['mesh'] if domains.empty?
+      domains.map { |domain| "#{default_prefix}.#{domain}" }
+    end
+
+    def show_backups
+      output = nil
+      postgres_user = config.postgres_user
+      with_timeout('pgbackrest info') do
+        executor.execute_on_host(config.primary_host) do
+          output = capture(:sudo, '-u', postgres_user, 'pgbackrest', 'info',
+                           raise_on_non_zero_exit: false).to_s
+        end
+      end
+
+      puts '==> Backups (pgBackRest)'
+      puts output if output && !output.strip.empty?
+      puts
+    rescue StandardError => e
+      puts "==> Backups (error: #{e.message})"
+      puts
+    end
+
+    def fetch_system_stats(host, paths)
+      output = nil
+      with_timeout("system stats #{host}") do
+        ssh_executor = executor
+        safe_paths = paths.map { |p| Shellwords.escape(p) }.join(' ')
+        script = <<~'BASH'
+          set -e
+          loadavg=$(cut -d' ' -f1-3 /proc/loadavg)
+
+          read _ user nice system idle iowait irq softirq steal _ _ < /proc/stat
+          sleep 0.2
+          read _ user2 nice2 system2 idle2 iowait2 irq2 softirq2 steal2 _ _ < /proc/stat
+
+          total1=$((user + nice + system + idle + iowait + irq + softirq + steal))
+          total2=$((user2 + nice2 + system2 + idle2 + iowait2 + irq2 + softirq2 + steal2))
+          total=$((total2 - total1))
+          idle_delta=$((idle2 + iowait2 - idle - iowait))
+
+          cpu=0
+          if [ "$total" -gt 0 ]; then
+            cpu=$(( (100 * (total - idle_delta)) / total ))
+          fi
+
+          mem_total=$(awk '/MemTotal/ {print $2}' /proc/meminfo)
+          mem_avail=$(awk '/MemAvailable/ {print $2}' /proc/meminfo)
+
+          echo "loadavg=${loadavg}"
+          echo "cpu=${cpu}"
+          echo "mem_total_kb=${mem_total}"
+          echo "mem_avail_kb=${mem_avail}"
+        BASH
+
+        ssh_executor.execute_on_host(host) do
+          output = capture(:bash, '-lc', "#{script}\n df -kP #{safe_paths} 2>/dev/null | tail -n +2 | " \
+                                        "awk '{print \"disk=\" $6 \"|\" $2 \"|\" $3 \"|\" $4 \"|\" $5}'",
+                           raise_on_non_zero_exit: false).to_s
+        end
+      end
+
+      parse_system_stats(output)
+    rescue StandardError
+      nil
+    end
+
+    def parse_system_stats(output)
+      stats = { disks: [] }
+      output.to_s.each_line do |line|
+        line = line.strip
+        next if line.empty?
+
+        if line.start_with?('loadavg=')
+          stats[:loadavg] = line.split('=', 2)[1]
+        elsif line.start_with?('cpu=')
+          stats[:cpu] = line.split('=', 2)[1].to_i
+        elsif line.start_with?('mem_total_kb=')
+          stats[:mem_total_kb] = line.split('=', 2)[1].to_i
+        elsif line.start_with?('mem_avail_kb=')
+          stats[:mem_avail_kb] = line.split('=', 2)[1].to_i
+        elsif line.start_with?('disk=')
+          _, payload = line.split('=', 2)
+          mount, total, used, _avail, pct = payload.split('|')
+          stats[:disks] << {
+            mount: mount,
+            total_kb: total.to_i,
+            used_kb: used.to_i,
+            use_pct: pct
+          }
+        end
+      end
+
+      stats[:loadavg] ||= 'n/a'
+      stats[:cpu] ||= 0
+      stats[:mem_total_kb] ||= 0
+      stats[:mem_avail_kb] ||= 0
+      stats
+    end
+
+    def format_kb(kb)
+      kb = kb.to_f
+      gb = kb / 1024 / 1024
+      return format('%.1fG', gb) if gb >= 1
+
+      mb = kb / 1024
+      format('%.0fM', mb)
+    end
+
+    def system_stat_paths
+      paths = ['/']
+      paths << '/var/lib/postgresql'
+      repo_path = pgbackrest_repo_path
+      paths << repo_path if repo_path
+      paths.compact.uniq
+    end
+
+    def pgbackrest_repo_path
+      return nil unless config.component_enabled?(:pgbackrest)
+
+      pg_config = config.component_config(:pgbackrest)
+      return pg_config[:repo_path] if pg_config[:repo_path]
+
+      pg_config[:repo_type].to_s == 'local' ? '/var/lib/pgbackrest' : '/backups'
+    end
+
+    def dns_failover_config
+      repmgr_config = config.component_config(:repmgr)
+      dns_config = repmgr_config[:dns_failover]
+      return nil unless dns_config && dns_config[:enabled]
+
+      dns_config
+    end
+
+    def dns_failover_enabled?
+      dns_failover_config != nil
+    end
+
+    def overview_timeout
+      value = ENV.fetch('ACTIVE_POSTGRES_OVERVIEW_TIMEOUT', DEFAULT_TIMEOUT.to_s).to_i
+      value.positive? ? value : DEFAULT_TIMEOUT
+    end
+
+    def with_timeout(label)
+      Timeout.timeout(overview_timeout) { yield }
+    rescue Timeout::Error
+      raise StandardError, "#{label} timed out after #{overview_timeout}s"
+    end
+  end
+end

data/lib/active_postgres/rollback_manager.rb

@@ -113,12 +113,10 @@ module ActivePostgres
 
     def register_database_removal(host, database_name)
       postgres_user = config.postgres_user
+      executor = ssh_executor
       register("Drop database #{database_name} on #{host}", host: host) do
         sql = "DROP DATABASE IF EXISTS #{database_name};"
-        upload! StringIO.new(sql), '/tmp/drop_database.sql'
-        execute :chmod, '644', '/tmp/drop_database.sql'
-        execute :sudo, '-u', postgres_user, 'psql', '-f', '/tmp/drop_database.sql'
-        execute :rm, '-f', '/tmp/drop_database.sql'
+        executor.run_sql_on_backend(self, sql, postgres_user: postgres_user, tuples_only: false, capture: false)
       rescue StandardError
         nil
       end
@@ -126,12 +124,10 @@ module ActivePostgres
 
     def register_postgres_user_removal(host, username)
       postgres_user = config.postgres_user
+      executor = ssh_executor
       register("Drop PostgreSQL user #{username} on #{host}", host: host) do
         sql = "DROP USER IF EXISTS #{username};"
-        upload! StringIO.new(sql), '/tmp/drop_user.sql'
-        execute :chmod, '644', '/tmp/drop_user.sql'
-        execute :sudo, '-u', postgres_user, 'psql', '-f', '/tmp/drop_user.sql'
-        execute :rm, '-f', '/tmp/drop_user.sql'
+        executor.run_sql_on_backend(self, sql, postgres_user: postgres_user, tuples_only: false, capture: false)
       rescue StandardError
         nil
       end