active_postgres 0.9.0 → 0.9.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 967673143f28952b4f44c54cb97282ca9ca288fe8885fc525433baac00633db0
-  data.tar.gz: a43859d367af55c17c9a6a407a39e2e492cc829806ca615dd4f82b03604303f0
+  metadata.gz: c89909c556964abfe7dbede0550c7fa1fbd60fc332e667fce5de858114ba2146
+  data.tar.gz: e715719391d53f89cb394203018a5e2951f2602018ef97a417ee369d443e410c
 SHA512:
-  metadata.gz: f6dc9378f1391e20051028100f9767a65a9de62642719b4a413605a9208fa9a25b5e0c6790c9fdd0e966080293e5f33e9a5b9e860c5622cc20b65d933d70dae6
-  data.tar.gz: 17b10e8adba8c2a502d0217f156ce68e7c2d1f4e4442fddd82b3ad8e560a940dc7a07a360b9a662dd8fbf0e8f80af7aff2f37bc6d9aaba7c0195b8590c32fbb3
+  metadata.gz: 603d5b28ef5730d595b24bf36b517148a882c5889d339675545fc98ffda547d8c1ead15ff8ee6a048fd6b117b5e257309460e7b5e25a9ee5eb4e55c730050ba4
+  data.tar.gz: 50f632e74185dc90d7da5e6ece125fc625b04665cc4859ca7fd3d136e82df6e295b5fde10d8a2239675ce67a1a527f24ef8ec00cfeff79c57d84601a11168105

data/README.md

@@ -69,6 +69,8 @@ postgres:
 ```bash
 rake postgres:setup   # Deploy cluster
 rake postgres:status  # Check health
+rake postgres:overview  # Control tower overview
+rake postgres:help    # Task summary
 ```
 
 ## Common Operations
@@ -83,8 +85,10 @@ rake postgres:promote[host]            # Promote standby to primary
 
 # Backups (requires pgBackRest)
 rake postgres:backup:full
+rake postgres:backup:incremental
 rake postgres:backup:list
 rake postgres:backup:restore[backup_id]
+rake postgres:backup:restore_at["2026-01-29 01:15:00",promote]
 
 # Credential rotation (zero downtime)
 rake postgres:credentials:rotate_random
@@ -101,6 +105,7 @@ rake postgres:update:patch             # Security patches
 active_postgres setup --environment=production
 active_postgres setup-standby HOST
 active_postgres status
+active_postgres overview
 active_postgres promote HOST
 active_postgres backup --type=full
 active_postgres cache-secrets
@@ -115,21 +120,37 @@ active_postgres cache-secrets
 | **repmgr** | HA & automatic failover | `repmgr: {enabled: true}` |
 | **PgBouncer** | Connection pooling | `pgbouncer: {enabled: true}` |
 | **pgBackRest** | Backup & restore | `pgbackrest: {enabled: true}` |
-| **Monitoring** | postgres_exporter (configures a dedicated pg_monitor user) | `monitoring: {enabled: true}` |
+| **Monitoring** | postgres_exporter + optional node_exporter/Grafana | `monitoring: {enabled: true}` |
 | **SSL** | Encrypted connections | `ssl: {enabled: true}` |
 | **Extensions** | pgvector, PostGIS, etc. | `extensions: {enabled: true, list: [pgvector]}` |
 
 ### Monitoring credentials
 
-`postgres_exporter` uses a dedicated `pg_monitor` user. Provide a password in secrets and optionally set the username:
+`postgres_exporter` uses a dedicated `pg_monitor` user. Provide a password in secrets and optionally set the username.
+Enable node_exporter for host-level metrics, and Grafana if you want a local UI:
 
 ```yaml
 components:
-  monitoring: {enabled: true, user: postgres_exporter}
+  monitoring:
+    enabled: true
+    user: postgres_exporter
+    node_exporter: true
+    node_exporter_port: 9100
+    # node_exporter_listen_address: 10.8.0.10
+    # grafana:
+    #   enabled: true
+    #   host: grafana.example.com
+    #   listen_address: 10.8.0.10
+    #   port: 3000
+    #   prometheus_url: http://prometheus.example.com:9090
 secrets:
   monitoring_password: $POSTGRES_MONITORING_PASSWORD
+  # grafana_admin_password: $GRAFANA_ADMIN_PASSWORD
 ```
 
+When Grafana is enabled, `grafana_admin_password` is required and Grafana will be installed
+on the configured host. If `prometheus_url` is provided, a Prometheus datasource is provisioned.
+
 ### pgBackRest S3-compatible endpoints
 
 For Tigris/MinIO/Wasabi/DO Spaces, set a custom endpoint and use path-style URLs:
@@ -145,6 +166,35 @@ components:
     s3_uri_style: path
 ```
 
+### Point-in-time recovery (PITR)
+
+Ensure WAL retention is long enough for your recovery window:
+
+```yaml
+components:
+  pgbackrest:
+    retention_full: 7
+    retention_archive: 14
+    # You can schedule full + incremental separately:
+    # schedule_full: "0 2 * * *"
+    # schedule_incremental: "0 * * * *"
+```
+
+Run a PITR restore:
+
+```bash
+rake postgres:backup:restore_at["2026-01-29 01:15:00",promote]
+```
+
+If you want the old primary to rejoin without a full re-clone after failover,
+enable pg_rewind support in repmgr:
+
+```yaml
+components:
+  repmgr:
+    use_rewind: true
+```
+
 ### Stable app endpoint with PgBouncer
 
 If you run PgBouncer on each PostgreSQL node and want a fixed app URL, enable `follow_primary`.
@@ -175,6 +225,8 @@ components:
       enabled: true
       provider: dnsmasq
       domain: mesh.internal
+      # Or use multiple domains during cutover:
+      # domains: [mesh.internal, mesh.v2.internal]
       dns_servers:
         - host: 18.170.173.14
           private_ip: 10.8.0.10
@@ -182,6 +234,9 @@ components:
           private_ip: 10.8.0.110
       primary_record: db-primary.mesh.internal
       replica_record: db-replica.mesh.internal
+      # Or multiple records explicitly:
+      # primary_records: [db-primary.mesh.internal, db-primary.mesh.v2.internal]
+      # replica_records: [db-replica.mesh.internal, db-replica.mesh.v2.internal]
 ```
 
 This installs an event hook so repmgr updates `/etc/dnsmasq.d/active_postgres.conf`

data/lib/active_postgres/cli.rb

@@ -49,6 +49,13 @@ module ActivePostgres
       health_checker.show_status
     end
 
+    desc 'overview', 'Show control tower overview'
+    def overview
+      config = load_config
+      overview = Overview.new(config)
+      overview.show
+    end
+
     desc 'health', 'Run health checks'
     def health
       config = load_config

data/lib/active_postgres/components/monitoring.rb

@@ -11,6 +11,8 @@ module ActivePostgres
         config.all_hosts.each do |host|
           install_on_host(host)
         end
+
+        install_grafana_if_enabled
       end
 
       def uninstall
@@ -21,8 +23,16 @@ module ActivePostgres
             execute :sudo, 'systemctl', 'stop', 'prometheus-postgres-exporter'
             execute :sudo, 'systemctl', 'disable', 'prometheus-postgres-exporter'
             execute :sudo, 'apt-get', 'remove', '-y', 'prometheus-postgres-exporter'
+
+            if node_exporter_enabled?
+              execute :sudo, 'systemctl', 'stop', 'prometheus-node-exporter'
+              execute :sudo, 'systemctl', 'disable', 'prometheus-node-exporter'
+              execute :sudo, 'apt-get', 'remove', '-y', 'prometheus-node-exporter'
+            end
           end
         end
+
+        uninstall_grafana_if_enabled
       end
 
       def restart
@@ -31,6 +41,7 @@ module ActivePostgres
         config.all_hosts.each do |host|
           ssh_executor.execute_on_host(host) do
             execute :sudo, 'systemctl', 'restart', 'prometheus-postgres-exporter'
+            execute :sudo, 'systemctl', 'restart', 'prometheus-node-exporter' if node_exporter_enabled?
           end
         end
       end
@@ -63,6 +74,8 @@ module ActivePostgres
         end
 
         puts "  Metrics available at: http://#{host}:#{exporter_port}/metrics"
+
+        install_node_exporter(host, monitoring_config) if node_exporter_enabled?
       end
 
       def ensure_monitoring_user
@@ -134,6 +147,158 @@ module ActivePostgres
         password
       end
 
+      def node_exporter_enabled?
+        monitoring_config = config.component_config(:monitoring)
+        monitoring_config.fetch(:node_exporter, false) == true
+      end
+
+      def install_node_exporter(host, monitoring_config)
+        port = monitoring_config[:node_exporter_port] || 9100
+        listen_address = monitoring_config[:node_exporter_listen_address].to_s.strip
+        puts "  Installing node_exporter on #{host}..."
+
+        ssh_executor.execute_on_host(host) do
+          execute :sudo, 'apt-get', 'install', '-y', '-qq', 'prometheus-node-exporter'
+        end
+
+        configure_node_exporter_service(host, port, listen_address)
+
+        ssh_executor.execute_on_host(host) do
+          execute :sudo, 'systemctl', 'enable', 'prometheus-node-exporter'
+          execute :sudo, 'systemctl', 'restart', 'prometheus-node-exporter'
+        end
+
+        puts "  Node metrics available at: http://#{host}:#{port}/metrics"
+      end
+
+      def configure_node_exporter_service(host, port, listen_address)
+        listen = if listen_address.empty?
+                   ":#{port}"
+                 else
+                   "#{listen_address}:#{port}"
+                 end
+
+        return if listen == ':9100'
+
+        override = <<~CONF
+          [Service]
+          ExecStart=
+          ExecStart=/usr/bin/prometheus-node-exporter --web.listen-address=#{listen}
+        CONF
+
+        ssh_executor.execute_on_host(host) do
+          execute :sudo, 'mkdir', '-p', '/etc/systemd/system/prometheus-node-exporter.service.d'
+          upload! StringIO.new(override), '/tmp/prometheus-node-exporter.override'
+          execute :sudo, 'mv', '/tmp/prometheus-node-exporter.override',
+                  '/etc/systemd/system/prometheus-node-exporter.service.d/override.conf'
+          execute :sudo, 'chown', 'root:root', '/etc/systemd/system/prometheus-node-exporter.service.d/override.conf'
+          execute :sudo, 'chmod', '644', '/etc/systemd/system/prometheus-node-exporter.service.d/override.conf'
+          execute :sudo, 'systemctl', 'daemon-reload'
+        end
+      end
+
+      def install_grafana_if_enabled
+        monitoring_config = config.component_config(:monitoring)
+        grafana_config = monitoring_config[:grafana] || {}
+        return unless grafana_config[:enabled]
+
+        host = grafana_config[:host].to_s.strip
+        raise Error, 'monitoring.grafana.host is required when grafana is enabled' if host.empty?
+
+        admin_password = normalize_grafana_password(secrets.resolve('grafana_admin_password'))
+        prometheus_url = grafana_config[:prometheus_url]
+        listen_address = grafana_config[:listen_address].to_s.strip
+        port = (grafana_config[:port] || 3000).to_i
+
+        puts "Installing Grafana on #{host}..."
+
+        ssh_executor.execute_on_host(host) do
+          execute :sudo, 'apt-get', 'install', '-y', '-qq', 'apt-transport-https', 'software-properties-common', 'wget'
+          execute :sudo, 'wget', '-q', '-O', '/usr/share/keyrings/grafana.gpg', 'https://apt.grafana.com/gpg.key'
+          execute :sudo, 'sh', '-c',
+                  'echo "deb [signed-by=/usr/share/keyrings/grafana.gpg] https://apt.grafana.com stable main" > /etc/apt/sources.list.d/grafana.list'
+          execute :sudo, 'apt-get', 'update', '-qq'
+          execute :sudo, 'apt-get', 'install', '-y', '-qq', 'grafana'
+          execute :sudo, 'systemctl', 'enable', '--now', 'grafana-server'
+          execute :sudo, 'grafana-cli', 'admin', 'reset-admin-password', admin_password
+        end
+
+        configure_grafana_service(host, listen_address, port)
+        configure_grafana_datasource(host, prometheus_url) if prometheus_url
+
+        puts "  Grafana available at: http://#{host}:#{port}"
+      end
+
+      def configure_grafana_service(host, listen_address, port)
+        env_lines = []
+        env_lines << "Environment=\"GF_SERVER_HTTP_ADDR=#{listen_address}\"" unless listen_address.empty?
+        env_lines << "Environment=\"GF_SERVER_HTTP_PORT=#{port}\"" if port && port != 3000
+        return if env_lines.empty?
+
+        override = <<~CONF
+          [Service]
+          #{env_lines.join("\n  ")}
+        CONF
+
+        ssh_executor.execute_on_host(host) do
+          execute :sudo, 'mkdir', '-p', '/etc/systemd/system/grafana-server.service.d'
+          upload! StringIO.new(override), '/tmp/active_postgres_grafana.override'
+          execute :sudo, 'mv', '/tmp/active_postgres_grafana.override',
+                  '/etc/systemd/system/grafana-server.service.d/override.conf'
+          execute :sudo, 'chown', 'root:root', '/etc/systemd/system/grafana-server.service.d/override.conf'
+          execute :sudo, 'chmod', '644', '/etc/systemd/system/grafana-server.service.d/override.conf'
+          execute :sudo, 'systemctl', 'daemon-reload'
+          execute :sudo, 'systemctl', 'restart', 'grafana-server'
+        end
+      end
+
+      def uninstall_grafana_if_enabled
+        monitoring_config = config.component_config(:monitoring)
+        grafana_config = monitoring_config[:grafana] || {}
+        return unless grafana_config[:enabled]
+
+        host = grafana_config[:host].to_s.strip
+        return if host.empty?
+
+        ssh_executor.execute_on_host(host) do
+          execute :sudo, 'systemctl', 'stop', 'grafana-server'
+          execute :sudo, 'systemctl', 'disable', 'grafana-server'
+          execute :sudo, 'apt-get', 'remove', '-y', 'grafana'
+          execute :sudo, 'rm', '-f', '/etc/apt/sources.list.d/grafana.list'
+          execute :sudo, 'rm', '-f', '/usr/share/keyrings/grafana.gpg'
+          execute :sudo, 'rm', '-rf', '/etc/grafana/provisioning/datasources/active_postgres.yml'
+        end
+      end
+
+      def configure_grafana_datasource(host, prometheus_url)
+        datasource = <<~YAML
+          apiVersion: 1
+          datasources:
+            - name: Prometheus
+              type: prometheus
+              access: proxy
+              url: #{prometheus_url}
+              isDefault: true
+        YAML
+
+        ssh_executor.execute_on_host(host) do
+          execute :sudo, 'mkdir', '-p', '/etc/grafana/provisioning/datasources'
+          upload! StringIO.new(datasource), '/tmp/active_postgres_grafana_ds.yml'
+          execute :sudo, 'mv', '/tmp/active_postgres_grafana_ds.yml', '/etc/grafana/provisioning/datasources/active_postgres.yml'
+          execute :sudo, 'chown', 'root:root', '/etc/grafana/provisioning/datasources/active_postgres.yml'
+          execute :sudo, 'chmod', '644', '/etc/grafana/provisioning/datasources/active_postgres.yml'
+          execute :sudo, 'systemctl', 'restart', 'grafana-server'
+        end
+      end
+
+      def normalize_grafana_password(raw_password)
+        password = raw_password.to_s.rstrip
+
+        raise Error, 'grafana_admin_password secret is missing (required for grafana)' if password.empty?
+
+        password
+      end
+
       def escape_systemd_env(value)
         value.to_s.gsub('\\', '\\\\').gsub('"', '\\"')
       end

data/lib/active_postgres/components/pgbackrest.rb

@@ -20,6 +20,7 @@ module ActivePostgres
           ssh_executor.execute_on_host(host) do
             execute :sudo, 'apt-get', 'remove', '-y', 'pgbackrest'
             execute :sudo, 'rm', '-f', '/etc/cron.d/pgbackrest-backup'
+            execute :sudo, 'rm', '-f', '/etc/cron.d/pgbackrest-backup-incremental'
           end
         end
       end
@@ -37,9 +38,12 @@ module ActivePostgres
         puts "Running #{type} backup..."
         postgres_user = config.postgres_user
 
+        output = nil
         ssh_executor.execute_on_host(config.primary_host) do
-          execute :sudo, '-u', postgres_user, 'pgbackrest', '--stanza=main', "--type=#{type}", 'backup'
+          output = capture(:sudo, '-u', postgres_user, 'pgbackrest', '--stanza=main', "--type=#{type}", 'backup')
         end
+
+        puts output if output
       end
 
       def run_restore(backup_id)
@@ -51,20 +55,43 @@ module ActivePostgres
           execute :sudo, 'systemctl', 'stop', 'postgresql'
 
           # Restore
-          execute :sudo, '-u', postgres_user, 'pgbackrest', '--stanza=main', "--set=#{backup_id}", 'restore'
+          output = capture(:sudo, '-u', postgres_user, 'pgbackrest', '--stanza=main', "--set=#{backup_id}", 'restore')
+          puts output if output
 
           # Start PostgreSQL
           execute :sudo, 'systemctl', 'start', 'postgresql'
         end
       end
 
+      def run_restore_at(target_time, target_action: 'promote')
+        puts "Restoring to #{target_time} (PITR)..."
+        postgres_user = config.postgres_user
+
+        ssh_executor.execute_on_host(config.primary_host) do
+          execute :sudo, 'systemctl', 'stop', 'postgresql'
+
+          output = capture(:sudo, '-u', postgres_user, 'pgbackrest',
+                           '--stanza=main',
+                           '--type=time',
+                           "--target=#{target_time}",
+                           "--target-action=#{target_action}",
+                           'restore')
+          puts output if output
+
+          execute :sudo, 'systemctl', 'start', 'postgresql'
+        end
+      end
+
       def list_backups
         puts 'Available backups:'
         postgres_user = config.postgres_user
 
+        output = nil
         ssh_executor.execute_on_host(config.primary_host) do
-          execute :sudo, '-u', postgres_user, 'pgbackrest', 'info'
+          output = capture(:sudo, '-u', postgres_user, 'pgbackrest', 'info')
         end
+
+        puts output if output
       end
 
       private
@@ -108,13 +135,35 @@ module ActivePostgres
         end
 
         # Set up scheduled backups on primary only
-        if create_stanza && pgbackrest_config[:schedule]
-          setup_backup_schedule(host, pgbackrest_config[:schedule])
+        if create_stanza
+          setup_backup_schedules(host, pgbackrest_config)
+        end
+      end
+
+      def setup_backup_schedules(host, pgbackrest_config)
+        schedules = backup_schedules(pgbackrest_config)
+        schedules.each do |entry|
+          setup_backup_schedule(host, entry[:schedule], entry[:type], entry[:file])
+        end
+      end
+
+      def backup_schedules(pgbackrest_config)
+        schedule_full = pgbackrest_config[:schedule_full] || pgbackrest_config[:schedule]
+        schedule_incremental = pgbackrest_config[:schedule_incremental]
+
+        schedules = []
+        if schedule_full
+          schedules << { type: 'full', schedule: schedule_full, file: '/etc/cron.d/pgbackrest-backup' }
         end
+        if schedule_incremental
+          schedules << { type: 'incremental', schedule: schedule_incremental, file: '/etc/cron.d/pgbackrest-backup-incremental' }
+        end
+
+        schedules
       end
 
-      def setup_backup_schedule(host, schedule)
-        puts "  Setting up backup schedule: #{schedule}"
+      def setup_backup_schedule(host, schedule, backup_type = 'full', cron_file = '/etc/cron.d/pgbackrest-backup')
+        puts "  Setting up #{backup_type} backup schedule: #{schedule}"
         postgres_user = config.postgres_user
 
         # Create cron job for scheduled backups
@@ -123,17 +172,18 @@ module ActivePostgres
           # pgBackRest scheduled backups (managed by active_postgres)
           SHELL=/bin/bash
           PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-          #{schedule} #{postgres_user} pgbackrest --stanza=main --type=full backup
+          #{schedule} #{postgres_user} pgbackrest --stanza=main --type=#{backup_type} backup
         CRON
 
         # Install cron job in /etc/cron.d (system cron directory)
         # Use a temp file + sudo mv to avoid shell redirection permission issues.
-        ssh_executor.upload_file(host, cron_content, '/etc/cron.d/pgbackrest-backup', mode: '644', owner: 'root:root')
+        ssh_executor.upload_file(host, cron_content, cron_file, mode: '644', owner: 'root:root')
       end
 
       def remove_backup_schedule(host)
         ssh_executor.execute_on_host(host) do
           execute :sudo, 'rm', '-f', '/etc/cron.d/pgbackrest-backup'
+          execute :sudo, 'rm', '-f', '/etc/cron.d/pgbackrest-backup-incremental'
         end
       end
     end

data/lib/active_postgres/components/pgbouncer.rb

@@ -5,7 +5,8 @@ module ActivePostgres
         puts 'Installing PgBouncer for connection pooling...'
 
         config.all_hosts.each do |host|
-          install_on_host(host)
+          is_standby = config.standby_hosts.include?(host)
+          install_on_host(host, is_standby: is_standby)
         end
       end
 
@@ -49,16 +50,26 @@ module ActivePostgres
 
       def install_on_standby(standby_host)
         puts "Installing PgBouncer on standby #{standby_host}..."
-        install_on_host(standby_host)
+        install_on_host(standby_host, is_standby: true)
       end
 
       private
 
-      def install_on_host(host)
+      def install_on_host(host, is_standby: false)
         puts "  Installing PgBouncer on #{host}..."
 
         user_config = config.component_config(:pgbouncer)
-        follow_primary = user_config[:follow_primary] == true
+
+        # Determine follow_primary behavior:
+        # - Primary: use global follow_primary setting
+        # - Standby: check per-standby pgbouncer_follow_primary, default false (use localhost for read replicas)
+        if is_standby
+          standby_config = config.standby_config_for(host) || {}
+          follow_primary = standby_config['pgbouncer_follow_primary'] == true
+        else
+          follow_primary = user_config[:follow_primary] == true
+        end
+
         if follow_primary && !config.component_enabled?(:repmgr)
           raise Error, 'PgBouncer follow_primary requires repmgr to be enabled'
         end
@@ -67,7 +78,8 @@ module ActivePostgres
         optimal_pool = ConnectionPooler.calculate_optimal_pool_sizes(max_connections)
 
         pgbouncer_config = optimal_pool.merge(user_config)
-        pgbouncer_config[:database_host] = config.primary_replication_host if follow_primary
+        # For standbys not following primary, use localhost; otherwise use primary host
+        pgbouncer_config[:database_host] = follow_primary ? config.primary_replication_host : '127.0.0.1'
         ssl_enabled = config.component_enabled?(:ssl)
         has_ca_cert = ssl_enabled && secrets.resolve('ssl_chain')
         secrets_obj = secrets

data/lib/active_postgres/components/repmgr.rb

@@ -512,12 +512,16 @@ module ActivePostgres
       def install_dns_failover_script(host, dns_config, dns_servers, dns_user, dns_ssh_key_path, ssh_strict_host_key)
         return if dns_servers.empty?
 
-        domain = dns_config[:domain] || 'mesh'
-        primary_record = dns_config[:primary_record] || "db-primary.#{domain}"
-        replica_record = dns_config[:replica_record] || "db-replica.#{domain}"
-
-        _ = primary_record
-        _ = replica_record
+        domains = normalize_dns_domains(dns_config)
+        primary_records = normalize_dns_records(dns_config[:primary_records] || dns_config[:primary_record],
+                                               default_prefix: 'db-primary',
+                                               domains: domains)
+        replica_records = normalize_dns_records(dns_config[:replica_records] || dns_config[:replica_record],
+                                               default_prefix: 'db-replica',
+                                               domains: domains)
+
+        _ = primary_records
+        _ = replica_records
         _ = dns_servers
         _ = dns_user
         _ = dns_ssh_key_path
@@ -527,6 +531,19 @@ module ActivePostgres
                         mode: '755', owner: 'root:root')
       end
 
+      def normalize_dns_domains(dns_config)
+        domains = Array(dns_config[:domains] || dns_config[:domain]).map(&:to_s).map(&:strip).reject(&:empty?)
+        domains = ['mesh'] if domains.empty?
+        domains
+      end
+
+      def normalize_dns_records(value, default_prefix:, domains:)
+        records = Array(value).map(&:to_s).map(&:strip).reject(&:empty?)
+        return records unless records.empty?
+
+        domains.map { |domain| "#{default_prefix}.#{domain}" }
+      end
+
       def normalize_dns_host_key_verification(value)
         normalized = case value
                      when Symbol

data/lib/active_postgres/configuration.rb

@@ -96,15 +96,32 @@ module ActivePostgres
       # Validate required secrets if components are enabled
       raise Error, 'Missing replication_password secret' if component_enabled?(:repmgr) && !secrets_config['replication_password']
       raise Error, 'Missing monitoring_password secret' if component_enabled?(:monitoring) && !secrets_config['monitoring_password']
+      if component_enabled?(:monitoring)
+        grafana_config = component_config(:monitoring)[:grafana] || {}
+        if grafana_config[:enabled] && !secrets_config['grafana_admin_password']
+          raise Error, 'Missing grafana_admin_password secret'
+        end
+        if grafana_config[:enabled] && grafana_config[:host].to_s.strip.empty?
+          raise Error, 'monitoring.grafana.host is required when grafana is enabled'
+        end
+      end
+      if component_enabled?(:pgbackrest)
+        pg_config = component_config(:pgbackrest)
+        retention_full = pg_config[:retention_full]
+        retention_archive = pg_config[:retention_archive]
+        if retention_full && retention_archive && retention_archive.to_i < retention_full.to_i
+          raise Error, 'pgbackrest.retention_archive must be >= retention_full for PITR safety'
+        end
+      end
 
         if component_enabled?(:repmgr)
           dns_failover = component_config(:repmgr)[:dns_failover]
           if dns_failover && dns_failover[:enabled]
-            domain = dns_failover[:domain].to_s.strip
+            domains = Array(dns_failover[:domains] || dns_failover[:domain]).map(&:to_s).map(&:strip).reject(&:empty?)
             servers = Array(dns_failover[:dns_servers])
             provider = (dns_failover[:provider] || 'dnsmasq').to_s.strip
 
-            raise Error, 'dns_failover.domain is required when enabled' if domain.empty?
+            raise Error, 'dns_failover.domain or dns_failover.domains is required when enabled' if domains.empty?
             raise Error, 'dns_failover.dns_servers is required when enabled' if servers.empty?
             raise Error, "Unsupported dns_failover provider '#{provider}'" unless provider == 'dnsmasq'
 

data/lib/active_postgres/generators/active_postgres/install_generator.rb

@@ -113,6 +113,7 @@ module ActivePostgres
         puts "  replication_password: \"#{generate_secure_password}\""
         puts "  repmgr_password: \"#{generate_secure_password}\""
         puts "  monitoring_password: \"#{generate_secure_password}\""
+        puts "  grafana_admin_password: \"#{generate_secure_password}\""
         puts
         puts '🔐 Secure passwords have been auto-generated above.'
         puts '📌 Update primary_host and replica_host with your actual IPs after provisioning.'

data/lib/active_postgres/generators/active_postgres/templates/postgres.yml.erb

@@ -59,6 +59,15 @@ shared: &shared
     monitoring:
       enabled: false
       # user: postgres_exporter
+      # node_exporter: true
+      # node_exporter_port: 9100
+      # node_exporter_listen_address: 10.8.0.10
+      # grafana:
+      #   enabled: true
+      #   host: grafana.example.com
+      #   listen_address: 10.8.0.10
+      #   port: 3000
+      #   prometheus_url: http://prometheus.example.com:9090
     
     ssl:
       enabled: false
@@ -98,5 +107,6 @@ production:
     replication_password: rails_credentials:postgres.replication_password
     repmgr_password: rails_credentials:postgres.repmgr_password
     monitoring_password: rails_credentials:postgres.monitoring_password
+    # grafana_admin_password: rails_credentials:postgres.grafana_admin_password
     pgbouncer_password: rails_credentials:postgres.password
     app_password: rails_credentials:postgres.password

data/lib/active_postgres/health_checker.rb

@@ -13,7 +13,21 @@ module ActivePostgres
     end
 
     private def create_executor
-      DirectExecutor.new(config, quiet: true)
+      if use_ssh_executor?
+        SSHExecutor.new(config, quiet: true)
+      else
+        DirectExecutor.new(config, quiet: true)
+      end
+    end
+
+    def use_ssh_executor?
+      mode = ENV['ACTIVE_POSTGRES_STATUS_MODE'].to_s.strip.downcase
+      return true if mode == 'ssh'
+      return false if mode == 'direct'
+
+      return false if %w[localhost 127.0.0.1 ::1].include?(config.primary_host.to_s)
+
+      true
     end
 
     def show_status
@@ -312,13 +326,21 @@ module ActivePostgres
     end
 
     def check_pgbouncer_direct(host)
-      require 'socket'
-      connection_host = config.connection_host_for(host)
-      pgbouncer_port = config.component_config(:pgbouncer)[:listen_port] || 6432
+      if ssh_executor.respond_to?(:execute_on_host)
+        status = nil
+        ssh_executor.execute_on_host(host) do
+          status = capture(:systemctl, 'is-active', 'pgbouncer', raise_on_non_zero_exit: false).to_s.strip
+        end
+        status == 'active'
+      else
+        require 'socket'
+        connection_host = config.connection_host_for(host)
+        pgbouncer_port = config.component_config(:pgbouncer)[:listen_port] || 6432
 
-      socket = TCPSocket.new(connection_host, pgbouncer_port)
-      socket.close
-      true
+        socket = TCPSocket.new(connection_host, pgbouncer_port)
+        socket.close
+        true
+      end
     rescue StandardError
       false
     end

data/lib/active_postgres/installer.rb

@@ -91,6 +91,15 @@ module ActivePostgres
       puts '✓ Restore complete'
     end
 
+    def run_restore_at(target_time, target_action: 'promote')
+      puts "==> Restoring to #{target_time} (PITR)..."
+
+      component = Components::PgBackRest.new(config, ssh_executor, secrets)
+      component.run_restore_at(target_time, target_action: target_action)
+
+      puts '✓ Restore complete'
+    end
+
     def list_backups
       component = Components::PgBackRest.new(config, ssh_executor, secrets)
       component.list_backups

data/lib/active_postgres/overview.rb

@@ -0,0 +1,351 @@
+require 'shellwords'
+require 'timeout'
+
+module ActivePostgres
+  class Overview
+    DEFAULT_TIMEOUT = 10
+
+    def initialize(config)
+      @config = config
+      @executor = SSHExecutor.new(config, quiet: true)
+      @health_checker = HealthChecker.new(config)
+    end
+
+    def show
+      puts
+      puts "ActivePostgres Control Tower (#{config.environment})"
+      puts '=' * 70
+      puts
+
+      health_checker.show_status
+
+      show_system_stats
+      show_repmgr_cluster if config.component_enabled?(:repmgr)
+      show_pgbouncer_targets if config.component_enabled?(:pgbouncer)
+      show_dns_status if dns_failover_enabled?
+      show_backups if config.component_enabled?(:pgbackrest)
+
+      puts
+    end
+
+    private
+
+    attr_reader :config, :executor, :health_checker
+
+    def show_repmgr_cluster
+      output = nil
+      postgres_user = config.postgres_user
+      with_timeout('repmgr cluster') do
+        executor.execute_on_host(config.primary_host) do
+          output = capture(:sudo, '-u', postgres_user, 'repmgr', '-f', '/etc/repmgr.conf',
+                           'cluster', 'show', raise_on_non_zero_exit: false).to_s
+        end
+      end
+
+      puts '==> repmgr cluster'
+      puts LogSanitizer.sanitize(output) if output && !output.strip.empty?
+      puts
+    rescue StandardError => e
+      puts "==> repmgr cluster (error: #{e.message})"
+      puts
+    end
+
+    def show_system_stats
+      hosts = config.all_hosts
+      return if hosts.empty?
+
+      paths = system_stat_paths
+
+      puts '==> System stats (DB nodes)'
+      hosts.each do |host|
+        label = config.node_label_for(host)
+        stats = fetch_system_stats(host, paths)
+        if stats.nil?
+          puts "  #{host}#{label ? " (#{label})" : ''}: unavailable"
+          next
+        end
+
+        mem_used_kb = stats[:mem_total_kb] - stats[:mem_avail_kb]
+        mem_pct = stats[:mem_total_kb].positive? ? (mem_used_kb.to_f / stats[:mem_total_kb] * 100).round : 0
+
+        puts "  #{host}#{label ? " (#{label})" : ''}: load #{stats[:loadavg]} | cpu #{stats[:cpu]}% | " \
+             "mem #{format_kb(mem_used_kb)}/#{format_kb(stats[:mem_total_kb])} (#{mem_pct}%)"
+
+        stats[:disks].each do |disk|
+          puts "    disk #{disk[:mount]}: #{format_kb(disk[:used_kb])}/#{format_kb(disk[:total_kb])} (#{disk[:use_pct]})"
+        end
+      end
+      puts
+    rescue StandardError => e
+      puts "==> System stats (error: #{e.message})"
+      puts
+    end
+
+    def show_pgbouncer_targets
+      puts '==> PgBouncer targets'
+      config.all_hosts.each do |host|
+        status = pgbouncer_status(host)
+        target = pgbouncer_target(host)
+        puts "  #{host}: #{status} -> #{target || 'unknown'}"
+      end
+      puts
+    end
+
+    def pgbouncer_status(host)
+      status = nil
+      executor.execute_on_host(host) do
+        status = capture(:systemctl, 'is-active', 'pgbouncer', raise_on_non_zero_exit: false).to_s.strip
+      end
+      status == 'active' ? '✓ running' : '✗ down'
+    rescue StandardError
+      '✗ down'
+    end
+
+    def pgbouncer_target(host)
+      ini = nil
+      executor.execute_on_host(host) do
+        ini = capture(:sudo, 'cat', '/etc/pgbouncer/pgbouncer.ini', raise_on_non_zero_exit: false).to_s
+      end
+      ini[/^\* = host=([^\s]+)/, 1]
+    rescue StandardError
+      nil
+    end
+
+    def show_dns_status
+      dns_config = dns_failover_config
+      dns_servers = normalize_dns_servers(dns_config[:dns_servers])
+      dns_user = (dns_config[:dns_user] || config.user).to_s
+
+      primary_records = normalize_dns_records(dns_config[:primary_records] || dns_config[:primary_record],
+                                              default_prefix: 'db-primary',
+                                              domains: normalize_dns_domains(dns_config))
+      replica_records = normalize_dns_records(dns_config[:replica_records] || dns_config[:replica_record],
+                                              default_prefix: 'db-replica',
+                                              domains: normalize_dns_domains(dns_config))
+      records = primary_records + replica_records
+
+      puts '==> DNS (dnsmasq)'
+      puts "  Servers: #{dns_servers.map { |s| s[:ssh_host] }.join(', ')}"
+
+      record_map = Hash.new { |h, k| h[k] = [] }
+      dns_servers.each do |server|
+        content = dnsmasq_config(server[:ssh_host], dns_user)
+        next if content.to_s.strip.empty?
+
+        content.each_line do |line|
+          next unless line.start_with?('address=/')
+
+          match = line.strip.match(%r{\Aaddress=/([^/]+)/(.+)\z})
+          next unless match
+
+          name = match[1]
+          ip = match[2]
+          next unless records.include?(name)
+
+          record_map[name] << ip
+        end
+      end
+
+      records.uniq.each do |record|
+        ips = record_map[record].uniq
+        display = ips.empty? ? 'missing' : ips.join(', ')
+        warn_suffix = if primary_records.include?(record) && ips.size > 1
+                        ' ⚠️'
+                      else
+                        ''
+                      end
+        puts "  #{record}: #{display}#{warn_suffix}"
+      end
+      puts
+    rescue StandardError => e
+      puts "==> DNS (error: #{e.message})"
+      puts
+    end
+
+    def dnsmasq_config(host, dns_user)
+      content = nil
+      with_timeout("dnsmasq #{host}") do
+        executor.execute_on_host_as(host, dns_user) do
+          content = capture(:sudo, 'sh', '-c',
+                            'cat /etc/dnsmasq.d/active_postgres.conf 2>/dev/null || ' \
+                            'cat /etc/dnsmasq.d/messhy.conf 2>/dev/null || true',
+                            raise_on_non_zero_exit: false).to_s
+        end
+      end
+      content
+    rescue StandardError
+      nil
+    end
+
+    def normalize_dns_servers(raw_servers)
+      Array(raw_servers).map do |server|
+        if server.is_a?(Hash)
+          ssh_host = server[:ssh_host] || server['ssh_host'] || server[:host] || server['host']
+          private_ip = server[:private_ip] || server['private_ip'] || server[:ip] || server['ip']
+          private_ip ||= ssh_host
+          ssh_host ||= private_ip
+          { ssh_host: ssh_host.to_s, private_ip: private_ip.to_s }
+        else
+          value = server.to_s
+          { ssh_host: value, private_ip: value }
+        end
+      end
+    end
+
+    def normalize_dns_domains(dns_config)
+      Array(dns_config[:domains] || dns_config[:domain]).map(&:to_s).map(&:strip).reject(&:empty?)
+    end
+
+    def normalize_dns_records(value, default_prefix:, domains:)
+      records = Array(value).map(&:to_s).map(&:strip).reject(&:empty?)
+      return records unless records.empty?
+
+      domains = ['mesh'] if domains.empty?
+      domains.map { |domain| "#{default_prefix}.#{domain}" }
+    end
+
+    def show_backups
+      output = nil
+      postgres_user = config.postgres_user
+      with_timeout('pgbackrest info') do
+        executor.execute_on_host(config.primary_host) do
+          output = capture(:sudo, '-u', postgres_user, 'pgbackrest', 'info',
+                           raise_on_non_zero_exit: false).to_s
+        end
+      end
+
+      puts '==> Backups (pgBackRest)'
+      puts output if output && !output.strip.empty?
+      puts
+    rescue StandardError => e
+      puts "==> Backups (error: #{e.message})"
+      puts
+    end
+
+    def fetch_system_stats(host, paths)
+      output = nil
+      with_timeout("system stats #{host}") do
+        ssh_executor = executor
+        safe_paths = paths.map { |p| Shellwords.escape(p) }.join(' ')
+        script = <<~'BASH'
+          set -e
+          loadavg=$(cut -d' ' -f1-3 /proc/loadavg)
+
+          read _ user nice system idle iowait irq softirq steal _ _ < /proc/stat
+          sleep 0.2
+          read _ user2 nice2 system2 idle2 iowait2 irq2 softirq2 steal2 _ _ < /proc/stat
+
+          total1=$((user + nice + system + idle + iowait + irq + softirq + steal))
+          total2=$((user2 + nice2 + system2 + idle2 + iowait2 + irq2 + softirq2 + steal2))
+          total=$((total2 - total1))
+          idle_delta=$((idle2 + iowait2 - idle - iowait))
+
+          cpu=0
+          if [ "$total" -gt 0 ]; then
+            cpu=$(( (100 * (total - idle_delta)) / total ))
+          fi
+
+          mem_total=$(awk '/MemTotal/ {print $2}' /proc/meminfo)
+          mem_avail=$(awk '/MemAvailable/ {print $2}' /proc/meminfo)
+
+          echo "loadavg=${loadavg}"
+          echo "cpu=${cpu}"
+          echo "mem_total_kb=${mem_total}"
+          echo "mem_avail_kb=${mem_avail}"
+        BASH
+
+        ssh_executor.execute_on_host(host) do
+          output = capture(:bash, '-lc', "#{script}\n df -kP #{safe_paths} 2>/dev/null | tail -n +2 | " \
+                                        "awk '{print \"disk=\" $6 \"|\" $2 \"|\" $3 \"|\" $4 \"|\" $5}'",
+                           raise_on_non_zero_exit: false).to_s
+        end
+      end
+
+      parse_system_stats(output)
+    rescue StandardError
+      nil
+    end
+
+    def parse_system_stats(output)
+      stats = { disks: [] }
+      output.to_s.each_line do |line|
+        line = line.strip
+        next if line.empty?
+
+        if line.start_with?('loadavg=')
+          stats[:loadavg] = line.split('=', 2)[1]
+        elsif line.start_with?('cpu=')
+          stats[:cpu] = line.split('=', 2)[1].to_i
+        elsif line.start_with?('mem_total_kb=')
+          stats[:mem_total_kb] = line.split('=', 2)[1].to_i
+        elsif line.start_with?('mem_avail_kb=')
+          stats[:mem_avail_kb] = line.split('=', 2)[1].to_i
+        elsif line.start_with?('disk=')
+          _, payload = line.split('=', 2)
+          mount, total, used, _avail, pct = payload.split('|')
+          stats[:disks] << {
+            mount: mount,
+            total_kb: total.to_i,
+            used_kb: used.to_i,
+            use_pct: pct
+          }
+        end
+      end
+
+      stats[:loadavg] ||= 'n/a'
+      stats[:cpu] ||= 0
+      stats[:mem_total_kb] ||= 0
+      stats[:mem_avail_kb] ||= 0
+      stats
+    end
+
+    def format_kb(kb)
+      kb = kb.to_f
+      gb = kb / 1024 / 1024
+      return format('%.1fG', gb) if gb >= 1
+
+      mb = kb / 1024
+      format('%.0fM', mb)
+    end
+
+    def system_stat_paths
+      paths = ['/']
+      paths << '/var/lib/postgresql'
+      repo_path = pgbackrest_repo_path
+      paths << repo_path if repo_path
+      paths.compact.uniq
+    end
+
+    def pgbackrest_repo_path
+      return nil unless config.component_enabled?(:pgbackrest)
+
+      pg_config = config.component_config(:pgbackrest)
+      return pg_config[:repo_path] if pg_config[:repo_path]
+
+      pg_config[:repo_type].to_s == 'local' ? '/var/lib/pgbackrest' : '/backups'
+    end
+
+    def dns_failover_config
+      repmgr_config = config.component_config(:repmgr)
+      dns_config = repmgr_config[:dns_failover]
+      return nil unless dns_config && dns_config[:enabled]
+
+      dns_config
+    end
+
+    def dns_failover_enabled?
+      dns_failover_config != nil
+    end
+
+    def overview_timeout
+      value = ENV.fetch('ACTIVE_POSTGRES_OVERVIEW_TIMEOUT', DEFAULT_TIMEOUT.to_s).to_i
+      value.positive? ? value : DEFAULT_TIMEOUT
+    end
+
+    def with_timeout(label)
+      Timeout.timeout(overview_timeout) { yield }
+    rescue Timeout::Error
+      raise StandardError, "#{label} timed out after #{overview_timeout}s"
+    end
+  end
+end

data/lib/active_postgres/ssh_executor.rb

@@ -294,18 +294,21 @@ module ActivePostgres
         SSHKit.config.format = :pretty
       end
 
-      return unless File.exist?(config.ssh_key)
-
       SSHKit::Backend::Netssh.configure do |ssh|
-        ssh.ssh_options = {
-          keys: [config.ssh_key],
-          keys_only: true,
+        options = {
           forward_agent: false,
           auth_methods: ['publickey'],
           verify_host_key: config.ssh_host_key_verification || :always,
           timeout: 10,
           number_of_password_prompts: 0
         }
+
+        if config.ssh_key && File.exist?(config.ssh_key)
+          options[:keys] = [config.ssh_key]
+          options[:keys_only] = true
+        end
+
+        ssh.ssh_options = options
       end
     end
   end

data/lib/active_postgres/version.rb

@@ -1,3 +1,3 @@
 module ActivePostgres
-  VERSION = '0.9.0'.freeze
+  VERSION = '0.9.1'.freeze
 end

data/lib/active_postgres.rb

@@ -23,6 +23,7 @@ require_relative 'active_postgres/installer'
 require_relative 'active_postgres/ssh_executor'
 require_relative 'active_postgres/direct_executor'
 require_relative 'active_postgres/health_checker'
+require_relative 'active_postgres/overview'
 require_relative 'active_postgres/failover'
 require_relative 'active_postgres/performance_tuner'
 require_relative 'active_postgres/connection_pooler'

data/lib/tasks/postgres.rake

@@ -150,6 +150,15 @@ namespace :postgres do
     health_checker.show_status
   end
 
+  desc 'Show control tower overview'
+  task overview: :environment do
+    require 'active_postgres'
+
+    config = ActivePostgres::Configuration.load
+    overview = ActivePostgres::Overview.new(config)
+    overview.show
+  end
+
   desc 'Visualize cluster nodes and topology'
   task nodes: :environment do
     require 'active_postgres'
@@ -270,6 +279,50 @@ namespace :postgres do
     puts "\n#{'=' * 80}\n"
   end
 
+  desc 'Show help for PostgreSQL rake tasks'
+  task help: :environment do
+    puts "\nPostgreSQL Rake Tasks"
+    puts '=' * 70
+    puts "\nTip: set RAILS_ENV=production for production targets"
+
+    puts "\nSetup & Maintenance"
+    puts "  rake postgres:setup                  # Deploy HA cluster (CLEAN=true for fresh install)"
+    puts "  rake postgres:purge                  # Destroy cluster (DESTRUCTIVE)"
+    puts "  rake postgres:setup:core             # PostgreSQL config (postgresql.conf, pg_hba.conf)"
+    puts "  rake postgres:setup:repmgr           # HA + failover (repmgr)"
+    puts "  rake postgres:setup:pgbouncer        # PgBouncer pooling"
+    puts "  rake postgres:setup:pgbackrest       # Backups (pgBackRest)"
+    puts "  rake postgres:setup:monitoring       # postgres_exporter"
+    puts "  rake postgres:setup:ssl              # SSL certs"
+
+    puts "\nStatus & Health"
+    puts "  rake postgres:status                 # Cluster status (SSH by default)"
+    puts "  rake postgres:overview               # Control tower overview"
+    puts "  rake postgres:nodes                  # Topology view"
+    puts "  rake postgres:verify                 # Comprehensive checklist"
+    puts "  ACTIVE_POSTGRES_STATUS_MODE=ssh|direct rake postgres:status"
+
+    puts "\nBackups"
+    puts "  rake postgres:backup:full            # Full backup"
+    puts "  rake postgres:backup:incremental     # Incremental backup"
+    puts "  rake postgres:backup:list            # List backups"
+    puts "  rake postgres:backup:restore[ID]     # Restore backup set"
+    puts "  rake postgres:backup:restore_at[\"YYYY-MM-DD HH:MM:SS\",promote]  # PITR"
+
+    puts "\nMigrations"
+    puts "  rake postgres:migrate                # Run migrations on primary only"
+
+    puts "\nPgBouncer"
+    puts "  rake postgres:pgbouncer:update_userlist[users]  # Update userlist"
+    puts "  rake postgres:pgbouncer:stats        # Service status + stats"
+
+    puts "\nTests"
+    puts "  rake postgres:test:replication[rows] # Replication stress test"
+    puts "  rake postgres:test:pgbouncer[connections]  # PgBouncer load test"
+
+    puts
+  end
+
   desc 'Promote standby to primary'
   task :promote, [:host] => :environment do |_t, args|
     require 'active_postgres'
@@ -325,6 +378,20 @@ namespace :postgres do
       installer.run_restore(args[:backup_id])
     end
 
+    desc 'Restore to a point in time (PITR)'
+    task :restore_at, [:target_time, :target_action] => :environment do |_t, args|
+      require 'active_postgres'
+
+      unless args[:target_time]
+        puts 'Usage: rake postgres:backup:restore_at["2026-01-29 01:15:00",promote]'
+        exit 1
+      end
+
+      config = ActivePostgres::Configuration.load
+      installer = ActivePostgres::Installer.new(config)
+      installer.run_restore_at(args[:target_time], target_action: args[:target_action] || 'promote')
+    end
+
     desc 'List available backups'
     task list: :environment do
       require 'active_postgres'

data/templates/repmgr.conf.erb

@@ -30,6 +30,9 @@ follow_command='repmgr standby follow -f /etc/repmgr.conf --upstream-node-id=%n'
 
 reconnect_attempts=<%= repmgr_config[:reconnect_attempts] || 6 %>
 reconnect_interval=<%= repmgr_config[:reconnect_interval] || 10 %>
+<% if repmgr_config.key?(:use_rewind) %>
+use_rewind=<%= repmgr_config[:use_rewind] ? 'yes' : 'no' %>
+<% end %>
 
 log_level=INFO
 log_facility=STDERR

data/templates/repmgr_dns_failover.sh.erb

@@ -6,8 +6,8 @@ DNS_USER="<%= dns_user %>"
 DNS_SERVERS=(<%= dns_servers.map(&:to_s).join(' ') %>)
 DNS_SSH_KEY="<%= dns_ssh_key_path %>"
 DNSMASQ_FILE="/etc/dnsmasq.d/active_postgres.conf"
-PRIMARY_RECORD="<%= primary_record %>"
-REPLICA_RECORD="<%= replica_record %>"
+PRIMARY_RECORDS=(<%= primary_records.map(&:to_s).join(' ') %>)
+REPLICA_RECORDS=(<%= replica_records.map(&:to_s).join(' ') %>)
 SSH_STRICT_HOST_KEY="<%= ssh_strict_host_key %>"
 SSH_KNOWN_HOSTS="/var/lib/postgresql/.ssh/known_hosts"
 LOG_TAG="active_postgres_dns"
@@ -25,11 +25,21 @@ if [[ -z "$primary_host" ]]; then
 fi
 
 content=$'# Managed by active_postgres\n'
-printf -v content '%saddress=/%s/%s\n' "$content" "$PRIMARY_RECORD" "$primary_host"
+for record in "${PRIMARY_RECORDS[@]}"; do
+  if [[ -n "$record" ]]; then
+    printf -v content '%saddress=/%s/%s\n' "$content" "$record" "$primary_host"
+  fi
+done
 
 if [[ -n "$standby_hosts" ]]; then
-  for host in $standby_hosts; do
-    printf -v content '%saddress=/%s/%s\n' "$content" "$REPLICA_RECORD" "$host"
+  for record in "${REPLICA_RECORDS[@]}"; do
+    if [[ -z "$record" ]]; then
+      continue
+    fi
+
+    for host in $standby_hosts; do
+      printf -v content '%saddress=/%s/%s\n' "$content" "$record" "$host"
+    done
   done
 fi
 
@@ -46,4 +56,4 @@ for server in "${DNS_SERVERS[@]}"; do
   fi
 done
 
-/usr/bin/logger -t "$LOG_TAG" "Updated DNS records for ${PRIMARY_RECORD} and ${REPLICA_RECORD} (primary=${primary_host})"
+/usr/bin/logger -t "$LOG_TAG" "Updated DNS records for ${PRIMARY_RECORDS[*]} and ${REPLICA_RECORDS[*]} (primary=${primary_host})"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: active_postgres
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 0.9.1
 platform: ruby
 authors:
 - BoringCache
@@ -179,6 +179,7 @@ files:
 - lib/active_postgres/installer.rb
 - lib/active_postgres/log_sanitizer.rb
 - lib/active_postgres/logger.rb
+- lib/active_postgres/overview.rb
 - lib/active_postgres/performance_tuner.rb
 - lib/active_postgres/rails/database_config.rb
 - lib/active_postgres/rails/migration_guard.rb