active_postgres 0.8.0 → 0.9.1

data/lib/active_postgres/secrets.rb

@@ -15,7 +15,7 @@ module ActivePostgres
       return nil unless secret_value
 
       resolved = resolve_secret_value(secret_value)
-      @cache[secret_key] = resolved
+      @cache[secret_key] = resolved unless resolved.nil?
       resolved
     end
 
@@ -25,6 +25,21 @@ module ActivePostgres
       end
     end
 
+    def resolve_value(value)
+      case value
+      when Hash
+        value.each_with_object({}) do |(k, v), result|
+          result[k] = resolve_value(v)
+        end
+      when Array
+        value.map { |v| resolve_value(v) }
+      when String
+        resolve_secret_value(value)
+      else
+        value
+      end
+    end
+
     def cache_to_files(directory = '.secrets')
       require 'fileutils'
 
@@ -45,9 +60,10 @@ module ActivePostgres
 
     def resolve_secret_value(value)
       case value
-      when /^rails_credentials:(.+)$/
+      when /^(rails_credentials|credentials):(.+)$/
         # Rails credentials: rails_credentials:postgres.superuser_password
-        key_path = ::Regexp.last_match(1)
+        # Alias: credentials:postgres.superuser_password
+        key_path = ::Regexp.last_match(2).to_s.strip
         fetch_from_rails_credentials(key_path)
       when /^\$\((.+)\)$/
         # Command execution: $(op read "op://...")
@@ -65,10 +81,12 @@ module ActivePostgres
     end
 
     def fetch_from_rails_credentials(key_path)
-      return nil unless Credentials.available?
+      return nil unless defined?(::Rails) && ::Rails.respond_to?(:application) && ::Rails.application
 
       keys = key_path.split('.').map(&:to_sym)
-      Rails.application.credentials.dig(*keys)
+      ::Rails.application.credentials.dig(*keys)
+    rescue StandardError
+      nil
     end
 
     def execute_command(command)

data/lib/active_postgres/ssh_executor.rb

@@ -22,6 +22,10 @@ module ActivePostgres
       on("#{config.user}@#{host}", &)
     end
 
+    def execute_on_host_as(host, user, &)
+      on("#{user}@#{host}", &)
+    end
+
     def execute_on_primary(&)
       execute_on_host(config.primary_host, &)
     end
@@ -94,7 +98,7 @@ module ActivePostgres
 
         info 'Configuring PostgreSQL apt repository...'
         pgdg_repo = "'echo \"deb [signed-by=/usr/share/keyrings/postgresql-archive-keyring.gpg] " \
-                    'http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > ' \
+                    'https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > ' \
                     "/etc/apt/sources.list.d/pgdg.list'"
         execute :sudo, 'sh', '-c', pgdg_repo
 
@@ -200,24 +204,42 @@ module ActivePostgres
       result
     end
 
-    def run_sql(host, sql)
+    def run_sql(host, sql, postgres_user: config.postgres_user, port: nil, database: nil, tuples_only: true,
+                capture: true)
       result = nil
-      postgres_user = config.postgres_user
+      executor = self
       execute_on_host(host) do
-        # Use a temporary file to avoid shell escaping issues with special characters
-        temp_file = "/tmp/query_#{SecureRandom.hex(8)}.sql"
-        upload! StringIO.new(sql), temp_file
-        execute :chmod, '644', temp_file
-
-        begin
-          result = capture(:sudo, '-u', postgres_user, 'psql', '-t', '-f', temp_file)
-        ensure
-          execute :rm, '-f', temp_file
-        end
+        backend = self
+        result = executor.run_sql_on_backend(backend, sql,
+                                    postgres_user: postgres_user,
+                                    port: port,
+                                    database: database,
+                                    tuples_only: tuples_only,
+                                    capture: capture)
       end
       result
     end
 
+    def run_sql_on_backend(backend, sql, postgres_user: config.postgres_user, port: nil, database: nil,
+                           tuples_only: true, capture: true)
+      # Use a temporary file to avoid shell escaping issues with special characters
+      temp_file = "/tmp/active_postgres_#{SecureRandom.hex(8)}.sql"
+      backend.upload! StringIO.new(sql), temp_file
+      backend.execute :chmod, '600', temp_file
+      backend.execute :sudo, 'chown', "#{postgres_user}:#{postgres_user}", temp_file
+
+      cmd = [:sudo, '-u', postgres_user, 'psql']
+      cmd << '-t' if tuples_only
+      cmd += ['-p', port.to_s] if port
+      cmd += ['-d', database.to_s] if database
+      cmd += ['-f', temp_file]
+
+      result = capture ? backend.capture(*cmd) : backend.execute(*cmd)
+      result
+    ensure
+      backend.execute :sudo, 'rm', '-f', temp_file
+    end
+
     def ensure_cluster_exists(host, version)
       execute_on_host(host) do
         data_dir = "/var/lib/postgresql/#{version}/main"
@@ -272,18 +294,21 @@ module ActivePostgres
         SSHKit.config.format = :pretty
       end
 
-      return unless File.exist?(config.ssh_key)
-
       SSHKit::Backend::Netssh.configure do |ssh|
-        ssh.ssh_options = {
-          keys: [config.ssh_key],
-          keys_only: true,
+        options = {
           forward_agent: false,
           auth_methods: ['publickey'],
-          verify_host_key: :accept_new,
+          verify_host_key: config.ssh_host_key_verification || :always,
           timeout: 10,
           number_of_password_prompts: 0
         }
+
+        if config.ssh_key && File.exist?(config.ssh_key)
+          options[:keys] = [config.ssh_key]
+          options[:keys_only] = true
+        end
+
+        ssh.ssh_options = options
       end
     end
   end

data/lib/active_postgres/version.rb

@@ -1,3 +1,3 @@
 module ActivePostgres
-  VERSION = '0.8.0'.freeze
+  VERSION = '0.9.1'.freeze
 end

data/lib/active_postgres.rb

@@ -23,6 +23,7 @@ require_relative 'active_postgres/installer'
 require_relative 'active_postgres/ssh_executor'
 require_relative 'active_postgres/direct_executor'
 require_relative 'active_postgres/health_checker'
+require_relative 'active_postgres/overview'
 require_relative 'active_postgres/failover'
 require_relative 'active_postgres/performance_tuner'
 require_relative 'active_postgres/connection_pooler'

data/lib/tasks/postgres.rake

@@ -150,6 +150,15 @@ namespace :postgres do
     health_checker.show_status
   end
 
+  desc 'Show control tower overview'
+  task overview: :environment do
+    require 'active_postgres'
+
+    config = ActivePostgres::Configuration.load
+    overview = ActivePostgres::Overview.new(config)
+    overview.show
+  end
+
   desc 'Visualize cluster nodes and topology'
   task nodes: :environment do
     require 'active_postgres'
@@ -270,6 +279,50 @@ namespace :postgres do
     puts "\n#{'=' * 80}\n"
   end
 
+  desc 'Show help for PostgreSQL rake tasks'
+  task help: :environment do
+    puts "\nPostgreSQL Rake Tasks"
+    puts '=' * 70
+    puts "\nTip: set RAILS_ENV=production for production targets"
+
+    puts "\nSetup & Maintenance"
+    puts "  rake postgres:setup                  # Deploy HA cluster (CLEAN=true for fresh install)"
+    puts "  rake postgres:purge                  # Destroy cluster (DESTRUCTIVE)"
+    puts "  rake postgres:setup:core             # PostgreSQL config (postgresql.conf, pg_hba.conf)"
+    puts "  rake postgres:setup:repmgr           # HA + failover (repmgr)"
+    puts "  rake postgres:setup:pgbouncer        # PgBouncer pooling"
+    puts "  rake postgres:setup:pgbackrest       # Backups (pgBackRest)"
+    puts "  rake postgres:setup:monitoring       # postgres_exporter"
+    puts "  rake postgres:setup:ssl              # SSL certs"
+
+    puts "\nStatus & Health"
+    puts "  rake postgres:status                 # Cluster status (SSH by default)"
+    puts "  rake postgres:overview               # Control tower overview"
+    puts "  rake postgres:nodes                  # Topology view"
+    puts "  rake postgres:verify                 # Comprehensive checklist"
+    puts "  ACTIVE_POSTGRES_STATUS_MODE=ssh|direct rake postgres:status"
+
+    puts "\nBackups"
+    puts "  rake postgres:backup:full            # Full backup"
+    puts "  rake postgres:backup:incremental     # Incremental backup"
+    puts "  rake postgres:backup:list            # List backups"
+    puts "  rake postgres:backup:restore[ID]     # Restore backup set"
+    puts "  rake postgres:backup:restore_at[\"YYYY-MM-DD HH:MM:SS\",promote]  # PITR"
+
+    puts "\nMigrations"
+    puts "  rake postgres:migrate                # Run migrations on primary only"
+
+    puts "\nPgBouncer"
+    puts "  rake postgres:pgbouncer:update_userlist[users]  # Update userlist"
+    puts "  rake postgres:pgbouncer:stats        # Service status + stats"
+
+    puts "\nTests"
+    puts "  rake postgres:test:replication[rows] # Replication stress test"
+    puts "  rake postgres:test:pgbouncer[connections]  # PgBouncer load test"
+
+    puts
+  end
+
   desc 'Promote standby to primary'
   task :promote, [:host] => :environment do |_t, args|
     require 'active_postgres'
@@ -325,6 +378,20 @@ namespace :postgres do
       installer.run_restore(args[:backup_id])
     end
 
+    desc 'Restore to a point in time (PITR)'
+    task :restore_at, [:target_time, :target_action] => :environment do |_t, args|
+      require 'active_postgres'
+
+      unless args[:target_time]
+        puts 'Usage: rake postgres:backup:restore_at["2026-01-29 01:15:00",promote]'
+        exit 1
+      end
+
+      config = ActivePostgres::Configuration.load
+      installer = ActivePostgres::Installer.new(config)
+      installer.run_restore_at(args[:target_time], target_action: args[:target_action] || 'promote')
+    end
+
     desc 'List available backups'
     task list: :environment do
       require 'active_postgres'
@@ -372,6 +439,15 @@ namespace :postgres do
       installer.setup_component('monitoring')
     end
 
+    desc 'Setup only pgBackRest backups'
+    task pgbackrest: :environment do
+      require 'active_postgres'
+
+      config = ActivePostgres::Configuration.load
+      installer = ActivePostgres::Installer.new(config)
+      installer.setup_component('pgbackrest')
+    end
+
     desc 'Setup only repmgr'
     task repmgr: :environment do
       require 'active_postgres'
@@ -412,10 +488,7 @@ namespace :postgres do
             WHERE rolname = '#{user}'
           SQL
 
-          upload! StringIO.new(sql), '/tmp/get_user_hash.sql'
-          execute :chmod, '644', '/tmp/get_user_hash.sql'
-          user_hash = capture(:sudo, '-u', postgres_user, 'psql', '-t', '-f', '/tmp/get_user_hash.sql').strip
-          execute :rm, '-f', '/tmp/get_user_hash.sql'
+          user_hash = ssh_executor.run_sql_on_backend(self, sql, postgres_user: postgres_user).to_s.strip
 
           if user_hash && !user_hash.empty?
             userlist_entries << user_hash

data/lib/tasks/rotate_credentials.rake

@@ -26,10 +26,7 @@ namespace :postgres do
         escaped_password = new_password.gsub("'", "''")
 
         sql = "ALTER USER #{app_user} WITH PASSWORD '#{escaped_password}';"
-        upload! StringIO.new(sql), '/tmp/rotate_password.sql'
-        execute :chmod, '644', '/tmp/rotate_password.sql'
-        execute :sudo, '-u', 'postgres', 'psql', '-f', '/tmp/rotate_password.sql'
-        execute :rm, '-f', '/tmp/rotate_password.sql'
+        ssh_executor.run_sql_on_backend(self, sql, postgres_user: 'postgres', tuples_only: false, capture: false)
 
         puts "✓ Updated PostgreSQL password for #{app_user}"
       end
@@ -48,10 +45,7 @@ namespace :postgres do
               WHERE rolname = '#{user}'
             SQL
 
-            upload! StringIO.new(sql), '/tmp/get_user_hash.sql'
-            execute :chmod, '644', '/tmp/get_user_hash.sql'
-            user_hash = capture(:sudo, '-u', postgres_user, 'psql', '-t', '-f', '/tmp/get_user_hash.sql').strip
-            execute :rm, '-f', '/tmp/get_user_hash.sql'
+            user_hash = ssh_executor.run_sql_on_backend(self, sql, postgres_user: postgres_user).to_s.strip
 
             userlist_entries << user_hash if user_hash && !user_hash.empty?
           end
@@ -128,10 +122,7 @@ namespace :postgres do
           escaped_password = new_password.gsub("'", "''")
 
           sql = "ALTER USER #{username} WITH PASSWORD '#{escaped_password}';"
-          upload! StringIO.new(sql), '/tmp/rotate_password.sql'
-          execute :chmod, '644', '/tmp/rotate_password.sql'
-          execute :sudo, '-u', 'postgres', 'psql', '-f', '/tmp/rotate_password.sql'
-          execute :rm, '-f', '/tmp/rotate_password.sql'
+          ssh_executor.run_sql_on_backend(self, sql, postgres_user: 'postgres', tuples_only: false, capture: false)
         end
 
         puts "✓ Updated #{username}"
@@ -152,10 +143,7 @@ namespace :postgres do
               WHERE rolname = '#{user}'
             SQL
 
-            upload! StringIO.new(sql), '/tmp/get_user_hash.sql'
-            execute :chmod, '644', '/tmp/get_user_hash.sql'
-            user_hash = capture(:sudo, '-u', postgres_user, 'psql', '-t', '-f', '/tmp/get_user_hash.sql').strip
-            execute :rm, '-f', '/tmp/get_user_hash.sql'
+            user_hash = ssh_executor.run_sql_on_backend(self, sql, postgres_user: postgres_user).to_s.strip
 
             userlist_entries << user_hash if user_hash && !user_hash.empty?
           end

data/templates/pg_hba.conf.erb

@@ -39,9 +39,12 @@
   repmgr_network = pg_hba_rules.find { |r| r[:type] == 'host' && r[:address] && !r[:address].start_with?('127.0.0.1') }&.dig(:address) || '10.8.0.0/24'
   repmgr_user = config.repmgr_user
   repmgr_db = config.repmgr_database
+  replication_user = config.replication_user
 %>
 host    replication     <%= repmgr_user %>          <%= repmgr_network %>          scram-sha-256
+<% if replication_user && replication_user != repmgr_user %>
+host    replication     <%= replication_user %>          <%= repmgr_network %>          scram-sha-256
+<% end %>
 host    <%= repmgr_db %>          <%= repmgr_user %>          <%= repmgr_network %>          scram-sha-256
 <% end %>
 
-

data/templates/pgbackrest.conf.erb

@@ -16,6 +16,21 @@ repo1-s3-endpoint=s3.<%= pgbackrest_config[:s3_region] || 'us-east-1' %>.amazona
 repo1-s3-key=<%= secrets_obj.resolve('s3_access_key') %>
 repo1-s3-key-secret=<%= secrets_obj.resolve('s3_secret_key') %>
 <% end %>
+<% elsif pgbackrest_config[:repo_type] == 'gcs' %>
+repo1-type=gcs
+repo1-path=<%= pgbackrest_config[:repo_path] || '/backups' %>
+repo1-gcs-bucket=<%= pgbackrest_config[:gcs_bucket] %>
+<% if secrets_obj.resolve('gcs_key_file') %>
+repo1-gcs-key=<%= secrets_obj.resolve('gcs_key_file') %>
+<% end %>
+<% elsif pgbackrest_config[:repo_type] == 'azure' %>
+repo1-type=azure
+repo1-path=<%= pgbackrest_config[:repo_path] || '/backups' %>
+repo1-azure-container=<%= pgbackrest_config[:azure_container] %>
+<% if secrets_obj.resolve('azure_account') %>
+repo1-azure-account=<%= secrets_obj.resolve('azure_account') %>
+repo1-azure-key=<%= secrets_obj.resolve('azure_key') %>
+<% end %>
 <% else %>
 # Local storage
 repo1-path=<%= pgbackrest_config[:repo_path] || '/var/lib/pgbackrest' %>
@@ -35,9 +50,22 @@ repo1-cipher-type=aes-256-cbc
 repo1-cipher-pass=<%= secrets_obj.resolve('backup_encryption_key') %>
 <% end %>
 
+# Logging
+log-level-console=info
+log-level-file=detail
+log-path=/var/log/pgbackrest
+
+# Process settings
+process-max=<%= pgbackrest_config[:process_max] || 2 %>
+
+# Start/Stop (for consistent backups)
+start-fast=y
+stop-auto=y
+
 [main]
 pg1-path=/var/lib/postgresql/<%= config.version %>/main
 pg1-port=5432
 pg1-socket-path=/var/run/postgresql
+pg1-user=<%= config.postgres_user %>
 
 

data/templates/pgbouncer-follow-primary.service.erb

@@ -0,0 +1,8 @@
+[Unit]
+Description=Update PgBouncer target to current PostgreSQL primary
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/pgbouncer-follow-primary

data/templates/pgbouncer-follow-primary.timer.erb

@@ -0,0 +1,11 @@
+[Unit]
+Description=Run pgbouncer-follow-primary periodically
+
+[Timer]
+OnBootSec=10s
+OnUnitActiveSec=<%= interval %>s
+AccuracySec=1s
+Unit=pgbouncer-follow-primary.service
+
+[Install]
+WantedBy=timers.target

data/templates/pgbouncer.ini.erb

@@ -49,8 +49,10 @@ log_pooler_errors = <%= pgbouncer_config[:log_pooler_errors] || 1 %>
 client_tls_sslmode = require
 client_tls_key_file = /etc/pgbouncer/server.key
 client_tls_cert_file = /etc/pgbouncer/server.crt
+<% if has_ca_cert %>
 client_tls_ca_file = /etc/pgbouncer/ca.crt
 <% end %>
+<% end %>
 
 # Process management
 <% if pgbouncer_config[:pidfile] %>

data/templates/pgbouncer_follow_primary.sh.erb

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+REPMGR_CONF="<%= repmgr_conf %>"
+PGBOUNCER_INI="/etc/pgbouncer/pgbouncer.ini"
+PGBOUNCER_SERVICE="pgbouncer"
+LOG_TAG="pgbouncer-follow-primary"
+
+cluster_csv=$(/usr/bin/sudo -u <%= postgres_user %> env HOME=/var/lib/postgresql \
+  repmgr -f "$REPMGR_CONF" cluster show --csv 2>/dev/null || true)
+if [[ -z "$cluster_csv" ]]; then
+  exit 0
+fi
+
+primary_conninfo=$(printf "%s\n" "$cluster_csv" | awk -F',' 'NR>1 && tolower($3) ~ /primary/ {print $NF; exit}')
+if [[ -z "$primary_conninfo" ]]; then
+  exit 0
+fi
+
+primary_host=$(printf "%s" "$primary_conninfo" | sed -n 's/.*host=\\([^ ]*\\).*/\\1/p')
+if [[ -z "$primary_host" ]]; then
+  exit 0
+fi
+
+current_host=$(awk -F'host=' '/^\\* = host=/{print $2}' "$PGBOUNCER_INI" | awk '{print $1}')
+if [[ -z "$current_host" ]]; then
+  exit 0
+fi
+
+if [[ "$current_host" != "$primary_host" ]]; then
+  /usr/bin/sed -i -E "s/^(\\* = host=)[^ ]+/\\1${primary_host}/" "$PGBOUNCER_INI"
+  /usr/bin/systemctl reload "$PGBOUNCER_SERVICE"
+  /usr/bin/logger -t "$LOG_TAG" "Updated PgBouncer primary target to ${primary_host}"
+fi

data/templates/postgresql.conf.erb

@@ -44,9 +44,13 @@ wal_compression = <%= pg_config[:wal_compression] %>
 <% end %>
 <% if pg_config[:archive_mode] %>
 archive_mode = <%= pg_config[:archive_mode] %>
+<% elsif config.component_enabled?(:pgbackrest) %>
+archive_mode = on
 <% end %>
 <% if pg_config[:archive_command] %>
 archive_command = '<%= pg_config[:archive_command] %>'
+<% elsif config.component_enabled?(:pgbackrest) %>
+archive_command = 'pgbackrest --stanza=main archive-push %p'
 <% end %>
 <% if pg_config[:shared_memory_type] %>
 shared_memory_type = <%= pg_config[:shared_memory_type] %>

data/templates/repmgr.conf.erb

@@ -15,14 +15,14 @@ node_name='<%= node_label %>'
   # conninfo describes how OTHER nodes connect to THIS node
   repmgr_host = config.replication_host_for(host)
 %>
-conninfo='host=<%= repmgr_host %> user=<%= config.repmgr_user %> dbname=<%= config.repmgr_database %> password=<%= secrets_obj.resolve('repmgr_password') %> connect_timeout=2'
+conninfo='host=<%= repmgr_host %> user=<%= config.repmgr_user %> dbname=<%= config.repmgr_database %> connect_timeout=2'
 data_directory='/var/lib/postgresql/<%= config.version %>/main'
 
 <% if host == config.primary_host %>
-failover=automatic
+failover=<%= repmgr_config[:auto_failover] == false ? 'manual' : 'automatic' %>
 priority=<%= repmgr_config[:priority] || 100 %>
 <% else %>
-failover=automatic
+failover=<%= repmgr_config[:auto_failover] == false ? 'manual' : 'automatic' %>
 priority=<%= repmgr_config[:priority] || 100 %>
 promote_command='repmgr standby promote -f /etc/repmgr.conf'
 follow_command='repmgr standby follow -f /etc/repmgr.conf --upstream-node-id=%n'
@@ -30,6 +30,9 @@ follow_command='repmgr standby follow -f /etc/repmgr.conf --upstream-node-id=%n'
 
 reconnect_attempts=<%= repmgr_config[:reconnect_attempts] || 6 %>
 reconnect_interval=<%= repmgr_config[:reconnect_interval] || 10 %>
+<% if repmgr_config.key?(:use_rewind) %>
+use_rewind=<%= repmgr_config[:use_rewind] ? 'yes' : 'no' %>
+<% end %>
 
 log_level=INFO
 log_facility=STDERR
@@ -38,3 +41,7 @@ log_file='/var/log/postgresql/repmgr.log'
 monitoring_history=yes
 monitor_interval_secs=5
 
+<% if repmgr_config[:dns_failover] && repmgr_config[:dns_failover][:enabled] %>
+event_notification_command='/usr/local/bin/active-postgres-dns-failover'
+event_notifications='<%= repmgr_config[:dns_failover][:events] || 'repmgrd_failover_promote,standby_promote,standby_switchover,standby_follow' %>'
+<% end %>

data/templates/repmgr_dns_failover.sh.erb

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+REPMGR_CONF="/etc/repmgr.conf"
+DNS_USER="<%= dns_user %>"
+DNS_SERVERS=(<%= dns_servers.map(&:to_s).join(' ') %>)
+DNS_SSH_KEY="<%= dns_ssh_key_path %>"
+DNSMASQ_FILE="/etc/dnsmasq.d/active_postgres.conf"
+PRIMARY_RECORDS=(<%= primary_records.map(&:to_s).join(' ') %>)
+REPLICA_RECORDS=(<%= replica_records.map(&:to_s).join(' ') %>)
+SSH_STRICT_HOST_KEY="<%= ssh_strict_host_key %>"
+SSH_KNOWN_HOSTS="/var/lib/postgresql/.ssh/known_hosts"
+LOG_TAG="active_postgres_dns"
+
+cluster_csv=$(repmgr -f "$REPMGR_CONF" cluster show --csv 2>/dev/null || true)
+if [[ -z "$cluster_csv" ]]; then
+  exit 0
+fi
+
+primary_host=$(printf "%s\n" "$cluster_csv" | awk -F',' 'NR>1 && tolower($3) ~ /primary/ {print $NF; exit}' | sed -n 's/.*host=\\([^ ]*\\).*/\\1/p')
+standby_hosts=$(printf "%s\n" "$cluster_csv" | awk -F',' 'NR>1 && tolower($3) ~ /standby/ {print $NF}' | sed -n 's/.*host=\\([^ ]*\\).*/\\1/p' | sort -u)
+
+if [[ -z "$primary_host" ]]; then
+  exit 0
+fi
+
+content=$'# Managed by active_postgres\n'
+for record in "${PRIMARY_RECORDS[@]}"; do
+  if [[ -n "$record" ]]; then
+    printf -v content '%saddress=/%s/%s\n' "$content" "$record" "$primary_host"
+  fi
+done
+
+if [[ -n "$standby_hosts" ]]; then
+  for record in "${REPLICA_RECORDS[@]}"; do
+    if [[ -z "$record" ]]; then
+      continue
+    fi
+
+    for host in $standby_hosts; do
+      printf -v content '%saddress=/%s/%s\n' "$content" "$record" "$host"
+    done
+  done
+fi
+
+ssh_opts=(-i "$DNS_SSH_KEY" -o BatchMode=yes -o StrictHostKeyChecking="$SSH_STRICT_HOST_KEY" -o UserKnownHostsFile="$SSH_KNOWN_HOSTS")
+
+for server in "${DNS_SERVERS[@]}"; do
+  if [[ -z "$server" ]]; then
+    continue
+  fi
+
+  if ! /usr/bin/ssh "${ssh_opts[@]}" "${DNS_USER}@${server}" \
+    "sudo bash -c 'cat > ${DNSMASQ_FILE} << \"EOF\"\\n${content}EOF\\n' && (sudo systemctl reload dnsmasq || sudo systemctl restart dnsmasq)"; then
+    /usr/bin/logger -t "$LOG_TAG" "Failed updating dnsmasq on ${server}"
+  fi
+done
+
+/usr/bin/logger -t "$LOG_TAG" "Updated DNS records for ${PRIMARY_RECORDS[*]} and ${REPLICA_RECORDS[*]} (primary=${primary_host})"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: active_postgres
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.1
 platform: ruby
 authors:
 - BoringCache
@@ -179,6 +179,7 @@ files:
 - lib/active_postgres/installer.rb
 - lib/active_postgres/log_sanitizer.rb
 - lib/active_postgres/logger.rb
+- lib/active_postgres/overview.rb
 - lib/active_postgres/performance_tuner.rb
 - lib/active_postgres/rails/database_config.rb
 - lib/active_postgres/rails/migration_guard.rb
@@ -195,9 +196,13 @@ files:
 - lib/tasks/rotate_credentials.rake
 - templates/pg_hba.conf.erb
 - templates/pgbackrest.conf.erb
+- templates/pgbouncer-follow-primary.service.erb
+- templates/pgbouncer-follow-primary.timer.erb
 - templates/pgbouncer.ini.erb
+- templates/pgbouncer_follow_primary.sh.erb
 - templates/postgresql.conf.erb
 - templates/repmgr.conf.erb
+- templates/repmgr_dns_failover.sh.erb
 homepage: https://github.com/boringcache/active_postgres
 licenses:
 - MIT