Dustin C. Hatch
4f202c55e4
The [postgres-exporter][0] exposes PostgreSQL server statistics to Prometheus. It connects to a specified PostgreSQL server (in this case, a server on the local machine via UNIX socket) and collects data from the `pg_stat_activity`, et al. views. It needs the `pg_monitor` role in order to be allowed to read the relevant metrics. Since we're setting up the exporter to connect via UNIX socket, it needs a dedicated OS user to match the PostgreSQL user in order to authenticate via the _peer_ method. [0]: https://github.com/prometheus-community/postgres_exporter/
58 lines
2.0 KiB
YAML
58 lines
2.0 KiB
YAML
data_volumes:
|
|
- dev: /dev/vdb
|
|
fstype: ext4
|
|
mountpoint: /var/lib/pgsql
|
|
|
|
postgresql_cert_domain: postgresql.{{ ansible_domain }}
|
|
postgresql_cert_acme_email: '{{ ansible_hostname }}@pyrocufflink.net'
|
|
postgresql_cert_acme_server: https://ca.pyrocufflink.blue:32599/acme/acme/directory
|
|
postgresql_allow_remote: true
|
|
postgresql_allow_sameuser_peer: false
|
|
|
|
postgresql_config:
|
|
listen_addresses: '''*'''
|
|
ssl: 'on'
|
|
ssl_cert_file: '''{{ postgresql_config_dir }}/server.cer'''
|
|
ssl_key_file: '''{{ postgresql_config_dir }}/server.key'''
|
|
ssl_ca_file: '''{{ postgresql_config_dir }}/ca.crt'''
|
|
|
|
archive_mode: '''on'''
|
|
archive_timeout: 5min
|
|
archive_command: '''wal-g-pg --config /etc/postgresql/wal-g.yml wal-push %p'''
|
|
restore_command: '''wal-g-pg --config /etc/postgresql/wal-g.yml wal-fetch %f %p'''
|
|
hot_standby: 'on'
|
|
|
|
pg_hba_extra:
|
|
- type: local
|
|
database: all
|
|
user: postgres-exporter
|
|
address: ''
|
|
method: peer
|
|
- type: hostssl
|
|
database: sameuser
|
|
user: all
|
|
address: 0.0.0.0/0
|
|
method: cert
|
|
|
|
postgresql_restore_command: >-
|
|
runuser -u postgres --
|
|
wal-g-pg --config /etc/postgresql/wal-g.yml backup-fetch {{ pgdata_dir }} LATEST
|
|
|
|
wal_g_aws_access_key_id: Ps0tjAlLFxnQkelX
|
|
wal_g_aws_secret_access_key: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
31313034633265346365356533623137323835386434313738353362386338666531656635306663
|
|
3032636433343062366537306663383739633838383633350a353030316534356239363962333164
|
|
30663565333566616563333766323163643466363639613733323262363135333362663364356533
|
|
3161646331336265640a333639393463376538343466373362353133626562623562316539356464
|
|
38613465326234346465336261306336623065613962363362383534346435633637626132613364
|
|
3062396235663433623535373065626238643663623831306464
|
|
|
|
wal_g_pg_config:
|
|
AWS_ACCESS_KEY_ID: '{{ wal_g_aws_access_key_id }}'
|
|
AWS_SECRET_ACCESS_KEY: '{{ wal_g_aws_secret_access_key }}'
|
|
WALG_S3_PREFIX: s3://pgbackup/pyrocufflink/main/15
|
|
AWS_S3_FORCE_PATH_STYLE: true
|
|
AWS_ENDPOINT: https://burp.pyrocufflink.blue:9000
|
|
PGHOST: /run/postgresql
|