active_postgres 0.9.1 → 0.9.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c89909c556964abfe7dbede0550c7fa1fbd60fc332e667fce5de858114ba2146
-  data.tar.gz: e715719391d53f89cb394203018a5e2951f2602018ef97a417ee369d443e410c
+  metadata.gz: e51d5f1214cedf497a9b060e5c667c43711f9ff5e36024bfd8dc926b50fe272f
+  data.tar.gz: 618fa70d39a43e1c74ba2ed449b75138670bca92cb6bf418606f772de34c6a7d
 SHA512:
-  metadata.gz: 603d5b28ef5730d595b24bf36b517148a882c5889d339675545fc98ffda547d8c1ead15ff8ee6a048fd6b117b5e257309460e7b5e25a9ee5eb4e55c730050ba4
-  data.tar.gz: 50f632e74185dc90d7da5e6ece125fc625b04665cc4859ca7fd3d136e82df6e295b5fde10d8a2239675ce67a1a527f24ef8ec00cfeff79c57d84601a11168105
+  metadata.gz: 254b6fb4342d4e510076d05ebfbeaa0e7990b463df13ad6ddb7d6eb5a70562c23cc4f502ce6c435c6372fc3dd5f695285ee3fdfed522cc188f1b1cc21c6cc90d
+  data.tar.gz: d9147a4679529344ccb0ffd3d5c2ffacc3072464b9cf4e1c6e11150a66c142ef0d0b45f9b9cd9d34eceba6f4d0e50baa7c2f227a5b2b1719502972e2b4b39ee4

data/lib/active_postgres/components/core.rb

@@ -49,6 +49,11 @@ module ActivePostgres
         create_app_user_and_database(config.primary_host)
       end
 
+      def install_packages_only(host)
+        puts "  Installing packages on #{host} (cluster will be created by repmgr)..."
+        ssh_executor.install_postgres(host, config.version)
+      end
+
       private
 
       def install_on_host(host, is_primary:)
@@ -96,11 +101,6 @@ module ActivePostgres
         optimal_settings.merge(user_postgresql)
       end
 
-      def install_packages_only(host)
-        puts "  Installing packages on #{host} (cluster will be created by repmgr)..."
-        ssh_executor.install_postgres(host, config.version)
-      end
-
       def cluster_exists?(host)
         exists = false
         version = config.version

data/lib/active_postgres/components/repmgr.rb

@@ -85,6 +85,22 @@ module ActivePostgres
             execute :sudo, 'DEBIAN_FRONTEND=noninteractive', 'apt-get', 'install', '-y', '-qq',
                     "postgresql-#{version}-repmgr"
           end
+          install_postgres_sudoers(host)
+        end
+      end
+
+      def install_postgres_sudoers(host)
+        version = config.version
+        sudoers_line = "postgres ALL=(ALL) NOPASSWD: /usr/bin/systemctl start postgresql@#{version}-main, " \
+                       "/usr/bin/systemctl stop postgresql@#{version}-main, " \
+                       "/usr/bin/systemctl restart postgresql@#{version}-main, " \
+                       "/usr/bin/systemctl reload postgresql@#{version}-main, " \
+                       "/usr/bin/systemctl status postgresql@#{version}-main"
+        ssh_executor.execute_on_host(host) do
+          upload! StringIO.new("#{sudoers_line}\n"), '/tmp/postgres-repmgr-sudoers'
+          execute :sudo, 'cp', '/tmp/postgres-repmgr-sudoers', '/etc/sudoers.d/postgres-repmgr'
+          execute :sudo, 'chmod', '440', '/etc/sudoers.d/postgres-repmgr'
+          execute :rm, '-f', '/tmp/postgres-repmgr-sudoers'
         end
       end
 
@@ -247,6 +263,7 @@ module ActivePostgres
         effective_replication_password = replication_user == repmgr_user ? repmgr_password : replication_password
 
         ensure_primary_registered
+        ensure_primary_replication_ready(repmgr_password, effective_replication_password)
 
         setup_pgpass_file(standby_host, repmgr_password, replication_password: effective_replication_password,
                                                       primary_ip: primary_replication_host)
@@ -399,9 +416,42 @@ module ActivePostgres
         end
 
         register_standby_with_primary(standby_host)
+        setup_inter_node_ssh
         enable_repmgrd_if_configured(standby_host, repmgr_config)
       end
 
+      def setup_inter_node_ssh
+        dns_config = dns_failover_config
+        key_path = dns_config && dns_config[:ssh_key_path] || '/var/lib/postgresql/.ssh/active_postgres_dns'
+        postgres_user = config.postgres_user
+        all_hosts = config.all_hosts
+        pub_keys = {}
+
+        all_hosts.each do |host|
+          ssh_executor.execute_on_host(host) do
+            pub_keys[host] = capture(:sudo, '-u', postgres_user, 'cat', "#{key_path}.pub").strip
+          end
+        end
+
+        all_hosts.each do |host|
+          ssh_executor.execute_on_host(host) do
+            other_keys = pub_keys.reject { |h, _| h == host }.values
+            other_keys.each do |key|
+              next if key.to_s.empty?
+
+              upload! StringIO.new("#{key}\n"), '/tmp/pg_peer_key.pub'
+              execute :sudo, '-u', postgres_user, 'bash', '-c',
+                      "grep -qxF -f /tmp/pg_peer_key.pub /var/lib/postgresql/.ssh/authorized_keys 2>/dev/null || cat /tmp/pg_peer_key.pub >> /var/lib/postgresql/.ssh/authorized_keys"
+              execute :rm, '-f', '/tmp/pg_peer_key.pub'
+            end
+
+            peer_ips = all_hosts.reject { |h| h == host }.map { |h| config.replication_host_for(h) }
+            scan_cmd = "ssh-keyscan #{peer_ips.join(' ')} >> /var/lib/postgresql/.ssh/known_hosts 2>/dev/null || true"
+            execute :sudo, '-u', postgres_user, 'bash', '-c', scan_cmd
+          end
+        end
+      end
+
       def setup_dns_failover
         dns_config = dns_failover_config
         return unless dns_config
@@ -424,6 +474,8 @@ module ActivePostgres
           authorize_dns_keys(dns_server, dns_user, pub_keys.values.compact)
         end
 
+        setup_inter_node_ssh
+
         config.all_hosts.each do |host|
           install_dns_failover_script(host, dns_config, dns_private_ips, dns_user, dns_ssh_key_path, ssh_strict_host_key)
         end
@@ -876,6 +928,33 @@ module ActivePostgres
         is_registered
       end
 
+      def ensure_primary_replication_ready(repmgr_password, effective_replication_password)
+        host = config.primary_host
+        repmgr_user = config.repmgr_user
+        repmgr_db = config.repmgr_database
+        replication_user = config.replication_user
+        repmgr_component = self
+        executor = ssh_executor
+
+        puts '  Ensuring repmgr user has correct password and privileges on primary...'
+
+        ssh_executor.execute_on_host(host) do
+          repmgr_sql = repmgr_component.send(:build_repmgr_setup_sql, repmgr_user, repmgr_db, repmgr_password)
+          executor.run_sql_on_backend(self, repmgr_sql, postgres_user: 'postgres', port: 5432, tuples_only: false,
+                                           capture: false)
+
+          if replication_user != repmgr_user
+            repl_sql = repmgr_component.send(:build_replication_user_sql, replication_user, effective_replication_password)
+            executor.run_sql_on_backend(self, repl_sql, postgres_user: 'postgres', port: 5432, tuples_only: false,
+                                             capture: false)
+          end
+
+          info '✓ Primary replication user is ready'
+        end
+
+        setup_pgpass_file(host, repmgr_password, replication_password: effective_replication_password)
+      end
+
       def regenerate_ssl_certs(host, version)
         ssl_config = config.component_config(:ssl)
         ssl_cert = secrets.resolve('ssl_cert')
@@ -1011,9 +1090,9 @@ module ActivePostgres
           'DO $$',
           'BEGIN',
           "  IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '#{repmgr_user}') THEN",
-          "    CREATE USER #{repmgr_user} WITH SUPERUSER PASSWORD '#{escaped_password}';",
+          "    CREATE USER #{repmgr_user} WITH SUPERUSER REPLICATION PASSWORD '#{escaped_password}';",
           '  ELSE',
-          "    ALTER USER #{repmgr_user} WITH SUPERUSER PASSWORD '#{escaped_password}';",
+          "    ALTER USER #{repmgr_user} WITH SUPERUSER REPLICATION PASSWORD '#{escaped_password}';",
           '  END IF;',
           'END $$;',
           '',

data/lib/active_postgres/secrets.rb

@@ -81,6 +81,8 @@ module ActivePostgres
     end
 
     def fetch_from_rails_credentials(key_path)
+      ensure_rails_credentials_available
+
       return nil unless defined?(::Rails) && ::Rails.respond_to?(:application) && ::Rails.application
 
       keys = key_path.split('.').map(&:to_sym)
@@ -89,6 +91,22 @@ module ActivePostgres
       nil
     end
 
+    def ensure_rails_credentials_available
+      return if @rails_boot_attempted
+      return if defined?(::Rails) && ::Rails.respond_to?(:application) && ::Rails.application
+
+      @rails_boot_attempted = true
+
+      # Try loading just the Rails application (without full initialization)
+      # This makes Rails.application available for credential access
+      if File.exist?('./config/application.rb')
+        require './config/application'
+      end
+    rescue StandardError
+      # Rails boot failed — CLI running outside a Rails project
+      nil
+    end
+
     def execute_command(command)
       # Preserve RAILS_ENV if set
       env_prefix = ENV['RAILS_ENV'] ? "RAILS_ENV=#{ENV['RAILS_ENV']} " : ''

data/lib/active_postgres/ssh_executor.rb

@@ -1,6 +1,7 @@
 require 'sshkit'
 require 'sshkit/dsl'
 require 'securerandom'
+require 'stringio'
 
 module ActivePostgres
   class SSHExecutor

data/lib/active_postgres/version.rb

@@ -1,3 +1,3 @@
 module ActivePostgres
-  VERSION = '0.9.1'.freeze
+  VERSION = '0.9.2'.freeze
 end

data/templates/repmgr.conf.erb

@@ -30,6 +30,13 @@ follow_command='repmgr standby follow -f /etc/repmgr.conf --upstream-node-id=%n'
 
 reconnect_attempts=<%= repmgr_config[:reconnect_attempts] || 6 %>
 reconnect_interval=<%= repmgr_config[:reconnect_interval] || 10 %>
+
+service_start_command='sudo systemctl start postgresql@<%= config.version %>-main'
+service_stop_command='sudo systemctl stop postgresql@<%= config.version %>-main'
+service_restart_command='sudo systemctl restart postgresql@<%= config.version %>-main'
+service_reload_command='sudo systemctl reload postgresql@<%= config.version %>-main'
+
+ssh_options='-i /var/lib/postgresql/.ssh/active_postgres_dns -o StrictHostKeyChecking=no'
 <% if repmgr_config.key?(:use_rewind) %>
 use_rewind=<%= repmgr_config[:use_rewind] ? 'yes' : 'no' %>
 <% end %>

data/templates/repmgr_dns_failover.sh.erb

@@ -12,13 +12,17 @@ SSH_STRICT_HOST_KEY="<%= ssh_strict_host_key %>"
 SSH_KNOWN_HOSTS="/var/lib/postgresql/.ssh/known_hosts"
 LOG_TAG="active_postgres_dns"
 
-cluster_csv=$(repmgr -f "$REPMGR_CONF" cluster show --csv 2>/dev/null || true)
-if [[ -z "$cluster_csv" ]]; then
+REPMGR_DB=$(grep -oP "dbname=\K[^ ']+" "$REPMGR_CONF" | head -1)
+REPMGR_USER=$(grep -oP "user=\K[^ ']+" "$REPMGR_CONF" 2>/dev/null | head -1)
+REPMGR_USER="${REPMGR_USER:-repmgr}"
+
+cluster_data=$(sudo -u postgres psql -h /var/run/postgresql -d "$REPMGR_DB" -tAF',' -c "SELECT type, conninfo FROM repmgr.nodes WHERE active = true" 2>/dev/null || true)
+if [[ -z "$cluster_data" ]]; then
   exit 0
 fi
 
-primary_host=$(printf "%s\n" "$cluster_csv" | awk -F',' 'NR>1 && tolower($3) ~ /primary/ {print $NF; exit}' | sed -n 's/.*host=\\([^ ]*\\).*/\\1/p')
-standby_hosts=$(printf "%s\n" "$cluster_csv" | awk -F',' 'NR>1 && tolower($3) ~ /standby/ {print $NF}' | sed -n 's/.*host=\\([^ ]*\\).*/\\1/p' | sort -u)
+primary_host=$(printf "%s\n" "$cluster_data" | awk -F',' '$1 == "primary" {print $2; exit}' | sed -n 's/.*host=\([^ ]*\).*/\1/p')
+standby_hosts=$(printf "%s\n" "$cluster_data" | awk -F',' '$1 == "standby" {print $2}' | sed -n 's/.*host=\([^ ]*\).*/\1/p' | sort -u)
 
 if [[ -z "$primary_host" ]]; then
   exit 0
@@ -51,7 +55,7 @@ for server in "${DNS_SERVERS[@]}"; do
   fi
 
   if ! /usr/bin/ssh "${ssh_opts[@]}" "${DNS_USER}@${server}" \
-    "sudo bash -c 'cat > ${DNSMASQ_FILE} << \"EOF\"\\n${content}EOF\\n' && (sudo systemctl reload dnsmasq || sudo systemctl restart dnsmasq)"; then
+    "sudo bash -c 'cat > ${DNSMASQ_FILE} << \"EOF\"\\n${content}EOF\\n' && sudo systemctl restart dnsmasq"; then
     /usr/bin/logger -t "$LOG_TAG" "Failed updating dnsmasq on ${server}"
   fi
 done

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: active_postgres
 version: !ruby/object:Gem::Version
-  version: 0.9.1
+  version: 0.9.2
 platform: ruby
 authors:
 - BoringCache