Changelog¶
v1.7.0 - 2024-09-10¶
Features¶
Add concept of profile to give some specific privileges on role for a given database and schema. Currently pglift only supports the read-only and read-write profiles.
Add patroni setting (patroni.enforce_config_validation) to enforce configuration validation.
Check that system directories (e.g. PostgreSQL log directory) are writable when needed.
Add a
-x, --exclude-database
option todatabase list
to filter out listed databases.Show extensions and schemas in database get table format output.
Add the ability to add/remove extensions or schemas to/from a database through the CLI (
database alter
command).Creation of a primary instance from a
pgBackRest
backup is now possible. What is required is a valid backup and a stanza configuration for the instance to be created. It can be useful to restore an instance after a disaster, for example if thePGDATA
directory is not available anymore.Add a
memberships
field to Role model. This is meant to replacein_roles
eventually.It is now possible to pass extra options to the pg_upgrade underlying command when executing the
pglift instance upgrade
command.
Bug fixes¶
Allow include directives in
postgresql.conf
template (only directives referencing an absolute path are allowed).Add check to ensure we do not try to run pg_upgrade to downgrade an instance.
Check that a value for
--surole-password
was provided if the local authentication policy requires a password upon instance creation.Abort early the
instance upgrade
operation on a Patroni instance as this is not supported.Avoid querying Patroni REST API for cluster members when the instance is stopped, thus resolving some command failures (e.g.
pglift pgconf set
) on stopped instances.Only reload Patroni upon configuration changes, e.g. through
pglift pgconf set
command, when the instance is running, thus avoiding such commands to fail previously.Fix read of PostgreSQL collected log files in case the target log destination (e.g.
stderr
) is not first inlog_destination
configuration option (thus properly handling situations such aslog_destination=syslog,stderr
).Avoid prompting for super-user password when it got provided through the command-line at creation of an instance with “password” local authentication method.
Fix failing listing of instances when datadir is set with {name} and {version} on the same path segment (or other exotic forms).
Prevent errors when trying to delete a partially upgraded instance that has not been initialized.
Deprecations and Removals¶
The
in_roles
field of the role object is deprecated and will be removed in the next major release. It is replaced bymemberships
.--jobs
option for theinstance upgrade
command is deprecated. Extra options should be used instead.
Documentation¶
Improve the description of model fields and command-line options accepting multiple values (e.g.
database.schemas
).Indicate, in the interactive command-line help (
--help
option), which options can be specified multiple times (e.g.--in-role
option ofrole create
command).Add a section for upgrade in operations user guides.
v1.6.0 - 2024-06-21¶
Features¶
The
privileges
commands now display privileges independently of thesearch_path
.Forward stdout messages from
pg_ctl
to our logger when failing to start the instance. This helps understanding issues when starting PostgreSQL when log files are not preserved (e.g. at instance creation).
Bug fixes¶
Resolve misleading
creating role 'backup'
andupdating role 'backup'
log messages (INFO
level) when creating an instance, only keep the first one.Fix
instance backups
andinstance restore
commands on an old instance after upgrade, previously producing a traceback, and now exiting with a more meaningful error message.Preserve PostgreSQL port set from site template along repeated usages of
dalibo.pglift.instance
Ansible module.Validate the availability of PostgreSQL instance
port
if the value comes frompostgresql.conf
site template.
Deprecations and Removals¶
Disallow the
port
entry in thesettings
field ofdalibo.pglift.instance
Ansible module. Support for this entry, in combination with the mainport
field, was quite fragile and arguably confusing. Users should now consistently use theport
field to set PostgreSQL port when using the Ansible module.
v1.5.0 - 2024-06-07¶
Features¶
Add an auditing capability to the command-line interface.
Make it possible to set
postgresql.logpath
setting tonull
in order to make the PostgreSQL log directory unmanaged by pglift. Note that when this is done, nologrotate
andrsyslog
configuration will be installed for PostgreSQL on site.Restore
database restore
anddatabase dumps
commands and make database logical backup work withpg_back
used inpostgresql.dump_commands
site settings.Validate that path-like settings do not contain template variables when none is accepted. Especially, this avoids silently using values of, e.g.,
postgresql.logpath
, if it contains{name}
and/or{version}
.
Bug fixes¶
Account for instance’s port when explicitly set to the default value (5432) despite the site
postgresql.conf
template may define another value.Account for
port
setting possibly defined in sitepostgresql.conf
template when creating Patroni-managed instances (and noport
option is specified in the command-line or Ansible module).Set schema owner to database owner if no owner for the schema got specified but one was for the database. Previously, schema owner was set to the current user in that case.
Deprecations and Removals¶
No longer forward log messages from the “filelock” library in the command-line interface (previously only visible in debug mode).
Deprecate
cli.logpath
setting as its purpose was confusing users. The setting value now defaults tonull
, meaning that a temporary file will be used to store debug information. As before, the file will only be kept if invoked command exits with an unexpected error.Site administrators are recommended to adjust their site settings to remove that
cli.logpath
setting.
Documentation¶
Document how to change managed PostgreSQL configuration parameters.
Document logging behaviours in the command-line interface in a new reference section.
Misc.¶
Avoid setting a
port
entry inpostgresql.parameters
within Patroni configuration file as this parameter is controlled by Patroni (throughpostgresql.listen
).
v1.4.0 - 2024-03-29¶
Features¶
Add support for “versioned” PostgreSQL template files in site configuration. This allows, for example, the site administrator to install a
postgresql/16/postgresql.conf
template file in site configuration directory which would be used when creating an instance with PostgreSQL version 16 to initialize thepostgresql.conf
file. Creating an instance with another version would, on the other hand, usepostgresql/postgresql.conf
if found in site configuration or fall back to the default template file distributed with pglift.Validate TCP port availability when creating standalone Prometheus postgres_exporter services.
Bug fixes¶
Fix the executable path of
pglift
in systemd units when pglift is not installed from the binary; the problem occurs from version 1.3.0 as the command-line interface got moved to a dedicated Python package.Properly revert the creation of a database when requested with an unknown extension instead of showing a full traceback and leaving the database over.
Avoid blocking Patroni instance deletion if the configuration file backup fails (e.g. in case of network error, while querying the REST API).
Only try to initialize instances from a pgbackrest backup if a replica. This fixes
instance upgrade
command when pgbackrest was configured on site and a backup was available as the command would try to initialize the new cluster from this backup, which was not in expected version.Possibly inject
PGLIFT_CONFIG_DIR
environment variable in systemd unit templates invoking the pglift executable (this applies topglift-postgresql@.service
andpglift-backup@.service
).
Documentation¶
Change the dev setup command to use
requirements/dev.txt
file.Add a link to Patroni cluster removal documentation page in the
WARNING
message emitted when backing up the Patroni configuration file when dropping the last node of the cluster.
Misc.¶
Improve log message upon database errors in the command-line interface by only showing the traceback if the
--debug
is set and displaying the error message as well as the SQLSTATE value (PostgreSQL error code).Improve the user experience when checking for the availability of TCP ports for PostgreSQL or satellite services.
Improve the help text of
--standby-for
option ininstance create
command.
v1.3.1 - 2024-03-11¶
Bug fixes¶
Restore the possibility to run
pglift --version
without site settings being loaded; in particular, this allows the command to be run asroot
user (despite pglift cannot be used with this user still).
v1.3.0 - 2024-03-05¶
Features¶
Add a
-o,--output DIRECTORY
option todatabase dump
command to specify an alternative output directory to write dump file(s) to.Forward PostgreSQL messages to pglift logger (
DEBUG
level) while performing setup operations on satellite components (configuration, reload, promote).Load site settings from
settings.yaml
if found in the directory referenced byPGLIFT_CONFIG_DIR
environment variable.Possibly drop the new (upgraded) instance if the upgrade fails in
instance upgrade
command.
Bug fixes¶
Fix an oversight about pgBackRest configuration check before running commands.
Remove misleading “failed to read (postgres_exporter|temboard-agent) configuration …” log messages (
DEBUG
level) during instance creation.Fix logging of
pg_restore
stderr (atDEBUG
level) broken since pglift 1.2.0.Enable (or disable) pglift-pgbackrest systemd service during
site-configure install
(oruninstall
), thus making the service active at user login (or at boot, if the user is lingering).Fix wrong invocation of
systemctl status
command; the command was mostly used as a check so the impact was not important, but an actual error was visible inDEBUG
log messages.Setting
temboard.certificate.ca_cert
is now optional as it is not actually required to run temboard-agent.Fix a typo in allowed values of
temboard.plugins
setting.Do not manipulate PostgreSQL objects (databases, roles) when upgrading an instance through
instance upgrade
. This resolves an issue when trying to upgrade an instance with PoWA enabled from PostgreSQL version 14 to higher which resulted in a failure to upgradepg_stat_statements
extension due to reverse-dependency frompg_stat_kcache
.Fix
database alter
command when the database has extensions installed. The command previously failed with an “invalid” validation error.
Deprecations and Removals¶
Deprecate (undocumented)
PGLIFT_CONFIG_PATH
environment variable, renamed asPGLIFT_CONFIG_DIR
.
Documentation¶
Document
PGLIFT_CONFIG_DIR
environment variable.
Misc.¶
Log an
INFO
message when runningpgbackrest check
.Log the output of
systemctl is-enabled
command (atDEBUG
level).Print both the CLI and the library versions in
pglift --version
command when packages version is not the same.Extract the command-line interface code into a dedicated Python package. See the installation documentation for details.
No longer raise a validation error, but simply warn, upon empty
postgresql.versions
setting. With this change, a PostgreSQL installation is no longer required on site in order to operate pglift (although most operations will not be available). Beside making local testing easier, this change also enables the configuration of a Prometheus postgres_exporter service on a site where PostgreSQL is not installed, such as a side-car host to the PostgreSQL instance.Merge the code of the Ansible collection in main pglift repository.
v1.2.0 - 2023-12-22¶
Features¶
Add an
instance shell
command to start a new shell with instance’s environment, as a shorthand forpglift instance exec
orexport $(pglift instance env)
.Add a
check
option tosite-configure
command.
Bug fixes¶
Catch “database errors” (
psycopg.errors.DatabaseError
) globally in the CLI, thus preventing a traceback to be displayed.Handle possible absence of “backup set size” in the output of
pgbackrest info
when listing instance’s backups as this field is not set for block incremental backup. Accordingly, keyrepo_size
ininstance backups
command output will benull
.Fix log messages about Prometheus postgres_exporter service configuration (previously erroneously referring to PostgreSQL instead of “postgres_exporter”).
Improve error handling when parsing (possibly modified) Prometheus postgres_exporter configuration file by returning a user error instead of an internal error (traceback).
Start Prometheus postgres_exporter with a
--web.listen-address
argument instead of relying on thePG_EXPORTER_WEB_LISTEN_ADDRESS
environment variable that is no longer used by postgres_exporter from version 0.12. The latter variable is no longer written to postgres_exporter configuration file for newly configured instances, but will still be read for existing instances.The compatibility is handled when starting postgres_exporter directly but not when using systemd as service manager. In the latter case, the configuration file for all existing postgres_exporter services should be adjusted (if using postgres_exporter version 0.12 or higher) by changing:
PG_EXPORTER_WEB_LISTEN_ADDRESS=:9187 POSTGRES_EXPORTER_OPTS='--log.level=info ...'
into
POSTGRES_EXPORTER_OPTS='--log.level=info --web.listen-address=:9187 ...'
Make
site-configure install
(resp.site-configure uninstall
) commands more idempotent by properly handling existing (resp. non-existing) files or directories. This implies that, upon “re-configuration”, existing files (possibly modified by the user) will not be overridden.Only invoke
systemctl daemon-reload
if some unit files actually got installed insite-configure install
.Properly account for
shared_preload_libraries
option defined inpostgresql.conf
site template when building the configuration of an instance with PoWA enabled.
Documentation¶
Mention in “Instance environment” how-to that satellite components also get their environment variables exported.
Misc.¶
The binary built by PyOxidizer is no longer standalone and now needs shared libraries for extension modules in the
lib/
directory alongside thepglift
binary. The package published by GitLab CI now contains a.tar.gz
archive containing all needed files.Use
pg_ctl start
(instead ofpostgres
previously) to temporarily start PostgreSQL at instance creation.Upgrade Pydantic dependency to version 2.
Make the project conform to the REUSE recommendations about licensing and copyright.
v1.1.0 - 2023-11-13¶
Features¶
When dumping a database, through
database dump
command, we now forward the role password (that would possibly be prompted for upon database existence check) to dump commands (such aspg_dump
orpg_back
).Limit
pg_ctl status
invocations in most operations for better performance.Return the runtime status of Patroni API as part of
pglift instance status
result.
Bug fixes¶
Remove
gss
from local authentication methods, as it’s only available for TCP/IP connections.Fix bug preventing instance creation when setting a custom surole name.
Retrieve super-user role’s password from environment or
password_command
setting when dumping a database.Improve previously misleading errors and tracebacks when something got wrong at instance initialization by not showing unrelated errors (fixing a bad programming pattern).
Handle possibly absence of PostgreSQL log file during Patroni bootstrap “retry” logic, resolving a crash possibly due to a race condition.
Log an
INFO
message when the PostgreSQL instance has been successfully created by Patroni.Improve log message about “Patroni log file” not being found during bootstrap to make it less misleading by indicating that this is transient (by nature of the bootstrap) and eventually logging a successful message.
Log a
DEBUG
message when checking for Patroni “readiness” during bootstrap.
Documentation¶
Remove “pgbackrest” and “Prometheus postgres_exporter” pages from the Python API section, as they fail to build with up-to-date dependencies.
Mention upfront in the installation documentation that Python 3.9 (or higher) is required.
Misc.¶
Build the pglift binary using latest PyOxidizer version (0.24 or higher).
Use Python 3.10 to build the binary.
v1.0.0 - 2023-10-17¶
Features¶
The
owner
of a schema can now be specified.Log the target database name when creating an extension.
Bug fixes¶
Avoid reconfiguring pgBackRest upon PostgreSQL configuration changes when it’s not needed but only check if respective changes would need a reconfiguration of this service (e.g. the socket path).
Only invoke
pgbackrest stanza-create
upon instance creation, not when modifying it.Avoid reconfiguring Prometheus postgres_exporter upon PostgreSQL configuration changes when it’s not needed but only check if respective changes would need a reconfiguration of this service (e.g. the socket path).
Avoid reconfiguring temBoard agent upon PostgreSQL configuration changes when it’s not needed but only check if respective changes would need a reconfiguration of this service (e.g. the port).
Deprecations and Removals¶
In the declarative API (Ansible), the
clone_from
field of database object, deprecated in previous release, got removed.The
passfile
anduse_pg_rewind
settings underpatroni
section, deprecated in previous release, are removed; use eponymous fields under thepatroni.postgresql
section.In the declarative API (Ansible), the
patroni.postgresql_connect_host
field of instance object, deprecated in previous release, got removed.Set the default value of
prometheus.queriespath
site setting tonull
, following its deprecation in version 0.38.0. As a consequence, the “queries” file will no longer be installed at instance creation.
Documentation¶
Document how to configure the managed node with Ansible in the Ansible tutorial.
The documentation has been reviewed overall, fixing examples (previously invalid due to “recent” changes), adjusting incomplete instructions, clarifying things here and there.
Misc.¶
Set the development status to “Production/Stable”.
v0.40.0 - 2023-10-03¶
Features¶
Allow to clone a database by restoring only the schema (data definitions) through
--clone-schema-only
command-line flag or the equivalent declarative API.Add support for database
PUBLICATION
andSUBSCRIPTION
objects through the declarative API.Allow to configure
hostssl
authentication method at instance creation.Add support for
ctl.{keyfile,certfile}}
for Patroni in site settings. This is now required after a breaking change in version 3.1.0 of Patroni.Add support for basic-authentication (username/password) to etcd from instances managed by Patroni.
Client connection options for the
replication
andrewind
users of Patroni-managed instances can be specified through--patroni-postgresql-{replication|rewind}-ssl-{cert,key,password}
options when creating an instance (or similar fields in the declarative API) along withpatroni.postgresql.connection.ssl.{mode,crl,crldir,rootcert}
site settings.Stream PostgreSQL log messages to our logger (at DEBUG level) during Patroni bootstrap.
Honour
postgresql.waldir
setting when deploying Patroni instances; also, when pgBackRest is used, and a backup is available to create a replica from,pgbackrest restore
is now invoked with--link-map pg_wal=...
.Add support for passwordless SSH connection for pgbackrest remote repository mode.
Add support for PostgreSQL version 16.
Bug fixes¶
Disallow extra fields, previously ignored, in interface models such as
patroni.restapi
orpostgresql.auth
fields.Remove the invalid
cert
value for--auth-local
or--auth-host
options at instance creation as it only applies tohostssl
.Run local
pgbackrest server
with thePGPASSFILE
environment variable so that connections made by pgbackrest (through the libpq) can use the passfile when it’s not in the default location.In Patroni REST API settings, fix the validator of
verify_client
to only require thatcertfile
is set when the former is.
Deprecations and Removals¶
In the declarative API (Ansible), the
clone_from
field of database object is deprecated; instead the newclone
field (especially itsdsn
option) should be used. E.g. in JSON, replace"clone_from": "<your connection string>"
by"clone": {"dsn": "<your connection string>"}
.Remove the
clone_from
field indatabase get
return value, as it was alwaysnull
(not preserved from user input).Commands
database dumps
anddatabase restore
, deprecated in version 0.38.0, are removed.In the declarative API (the
instance
Ansible module), thepatroni.postgresql_connect_host
field is deprecated. Insteadpatroni.postgresql.connect_host
can be used for the same purpose.Add a new
patroni.postgresql
setting field, holdingpassfile
anduse_pg_rewind
fields, previously under the top-levelpatroni
key.A
mode
option (with value in['path', 'host-tls', 'host-ssh']
) now needs to be explicitly provided forpgbackrest.repository
in site settings. This is a BREAKING CHANGE for which installed site-settings will need an update.Remove support for PostgreSQL version 11.
Documentation¶
Improve Patroni settings descriptions, especially concerning TLS certificates.
Add a “how to” perform major online upgrade of a database through Ansible.
Clarify and extend security notes about etcd and Patroni.
Add missing entry in 0.38.0 changelog about the deprecation of
database dumps|restore
commands.
Misc.¶
Run functional tests under Debian bookworm in CI.
Use
pg_dump --format=custom
andpg_restore
(instead of plainpsql
) when cloning a database.In tests, run etcd with HTTPS and let Patroni verify server certificates.
v0.39.0 - 2023-08-25¶
Bug fixes¶
Forbid extra (unknown) keys in site settings by issuing a validation error instead of silently ignoring them previously.
Use
WantedBy=default.target
in systemd units instead ofmulti-user.target
, which is not generally available in user mode. This makes user services starts properly at boot.
Deprecations and Removals¶
The default value for
pgbackrest.repository.path
got removed; this setting needs an explicit value.
Documentation¶
Mention how to install pglift with pipx.
v0.38.0 - 2023-08-03¶
Features¶
Add a confirmation to
pglift database run
to warn about the databases that will be affected by the sql command.Add ability to provide a
.psqlrc
template as filepostgresql/psqlrc
in site configuration.Setting
replrole: null
(or not providing it) disables the creation of thereplication
role.
Bug fixes¶
No longer create pgbackrest’s lock-path directory during
site-configure
but let pgbackrest handle this itself. This makes the configure remain valid upon reboot, by not requiring this directory to be present whereas it might have been removed if set to a volatile system like/run
.
Deprecations and Removals¶
Setting
prometheus.queriespath
is deprecated and will be removed in the next release.This follows from the deprecation of
extend.query-path
option in postgres_exporter 0.13. In the future, support for a dedicated sql_exporter will be added to provide equivalent features.The default value for
replrole
is nownull
. Users relying on this role for replication now have to provide it explicitly in the settings. Also entries for replication are not part of the defaultpg_hba.conf
file anymore. Administrators may have to provide a template for this.Due to their fragile implementation, especially when custom commands are defined in site settings,
database dumps
anddatabase restore
commands are deprecated and will be removed in a future release.
Misc.¶
Improve code quality by using flake8-bugbear.
v0.37.0 - 2023-07-18¶
Features¶
Validate
postgresql.bindir
setting to make sure it contains the{version}
template placeholder.Validate that
postgresql.default_version
setting has a value withinpostgresql.versions
.If setting
postgresql.default_version
is undefined, guess the default version from the latest PostgreSQL version available as defined inpostgresql.versions
setting.Check pgBackRest configuration upon instance promotion.
Skip the check of pgBackRest configuration for standby instances on sites using the
repository.path
mode for pgbackrest. A warning is emitted instead, but this should unblock the creation of standby instances in this mode.Validate that
postgresql.versions
setting is a non-empty list, possibly after having inferred values frombindir
template.Validate that path-like settings only contain expected template variables: e.g, a validation error will be raised if a settings field contains
{version}
or{name}
placeholders whereas none is allowed.
Bug fixes¶
Also add a password file entry for the backup role upon standby instances creation.
Consider only the first item of
unix_socket_directories
PostgreSQL setting to determine thehost
part of libpq connection string.No longer return
PGHOST=localhost
ininstance env
command when nounix_socket_directories
configuration entry is defined in order to let PostgreSQL use the default value.Set the default answer to No in prompt asking for deletion of pgBackRest backups upon instance drop.
Removals¶
The “default version” is no longer guessed from
pg_config
executable available in$PATH
; only site settings are used from now on.
Documentation¶
Fix first item of
restore_commands
example with pg_back missing the{conninfo}
.
v0.36.1 - 2023-06-20¶
Misc.¶
Switch to hatch build system.
v0.36.0 - 2023-06-15¶
Features¶
Check installation before performing any operation: when the
site-configure install
has not been run or the installation is broken, any operational command will fail fast suggesting to perform a proper installation while installation issues are logged atERROR
level.Improve the command-line interface with respect to the
-i/--instance
option. The option is no longer required to display the help of a subcommand (e.g.pglift database create --help
). Also, a more accurate error message is displayed when no instance is found or when several ones are found.Validate
postgresql.{dump,restore}_commands
settings to that the programs used by each command exist. This only applies to commands using non-PostgreSQL binaries (e.g.pg_dump
) as these are typically defined relative to instance’s binary directory (e.g.{bindir}/pg_dump
).
Bug fixes¶
Report failure to start a child process (e.g. the database dump command) with a user error instead of throwing a traceback.
Command
pglift instance exec INSTANCE COMMAND...
now exits with status 2 when no command got specified.Fix
instance exec
command to make it clear that theINSTANCE
argument is not optional.
Documentation¶
Document the need for
--
ininstance exec
command.
v0.35.0 - 2023-05-17¶
Bug fixes¶
Implicitly convert
None
value to the default value forpatroni.node
andpatroni.restapi
fields when using Ansible modules.
v0.34.0 - 2023-04-21¶
Features¶
The
instance status
command has been extended to return the status of all satellite components. It will exit with code 3 if any service is not running. The prometheus and temBoard agent statuses have been implemented in addition to the existing PostgreSQL status.When creating a standby instance, if a pgbackrest backup for target stanza exists, it will be used instead of
pg_basebackup
.Upon deletion of an instance, do not prompt for possible deletion of its pgbackrest stanza when another instance is using it.
Upon deletion of an instance, delete its pgbackrest configuration even if stanza deletion was not confirmed.
Remove log, spool and lock paths for pgbackrest upon
site-configure uninstall
.Remove, after confirmation, the backup directory for pgbackrest upon
site-configure uninstall
.Add a default value for
pgbackrest.repository.path
setting with value$prefix/pgbackrest
.
Bug fixes¶
Fix deletion of pgbackrest include directory upon
site-configure uninstall
: the command previously emitted a warning and the directory was left empty; now it is correctly removed.
Removals¶
The
{version}
template variable is once again required inpostgresql.datadir
andpostgresql.waldir
settings.Option
--pgbackrest-restore-stanza
got removed as it is confusing now that--pgbackrest-stanza
option is required.
Misc.¶
Set project’s development status to beta.
v0.33.0 - 2023-04-14¶
Features¶
Attributes CREATEROLE and CREATEDB can now be set when creating or altering roles.
The
version
of an extension can now be specified.The temBoard logging can be configured via site settings with
logpath
,logmethod
andloglevel
. By defaultlogmethod
is set tostderr
. Iffile
is selected, a logfile for each instance will be created in thelogpath
folder namedtemboard_agent_{qualname}.log
.loglevel
can be set toDEBUG
,INFO
,WARNING
,ERROR
orCRITICAL
.The option
--pgbackrest-restore-stanza
is now taken into account when using Patroni. Using this option will try to provision new standby from pgbackrest backups using create_replica_methods
Bug fixes¶
Do not fail upon socket creation error while checking for port availability; emit a
DEBUG
log message instead in that case.Let the user-defined
port
take precedence over what’s defined in postgresql.conf site template.
Removals¶
Change the
completion
command into a--completion=SHELL
option topglift
. This is now implemented as an eager callback which does not load site settings or any user data and can thus be safely used by any user (e.g.root
).After being marked as required extension schema field is optional again.
v0.32.0 - 2023-03-29¶
Features¶
Add the
logpath
setting within PostgreSQL settings section.This new field allows to determine the directory containing log for our instances.
The postgresql.conf template distributed with pglift now sets
log_directory
based on this field, along with alog_filename
value that includes the instance qualified name (i.e.<version>-<name>
) as a prefix.Add
cli.log_format
andcli.date_format
settings to control the format of log messages when writing to a file from the command-line interface.Add a
--defaults/--no-defaults
options tosite-settings
command to control whether default settings values should be shown, possibly along with site configuration.Add support for handling database schemas.
Allow
postgresql.datadir
andpostgresql.waldir
settings to not contain the{version}
template variable; only the{name}
is required by now.Allow to set already encrypted password to a Role using
--encrypted-password
instead of--password
.A new rsyslog configuration option has been added to generate rsyslog config when running
pglift site-configure install
.Logrotate configuration is now handled at site-configure step and no longer when creating/dropping an instance. The logorate configuration is now shared among the PostgreSQL instances and satellites components.
The required
ca_cert
field has been added to the temBoard settings, it’s part of thecertificate
field and must be defined astemboard.certificate.ca_cert
. This makes the use of ssl more consistent. It’s used in the temBoard agent configuration file.
Bug fixes¶
Fix crash upon early pglift command invocation when the creation of (CLI) log directory fails.
Avoid starting a stopped instance when no role or database changes are needed.
Do not override environment from parent process in
instance exec
.Fix logrotate configuration file for Patroni, which was missing templating.
Patroni
postgresql.pgpass
configuration item is now configurable withpatroni.passfile
site setting and defaults toetc/patroni/<instance qualname>.pgpass
. This passfile is deleted when instance is deleted.Fix a validation error when patroni watchdog device setting was not a file but a character device.
Removals¶
Remove possibility to template
logpath
setting for PatroniWe remove the placeholder
{name}
from default value for patronilogpath
setting. Using the{name}
within the patroni logpath is no longer supported, we now always append the instance name at the end of the logpath.Extension schema field is now required. As a consequence, it’s not possible to provide a list of extensions to install upon database creation in the CLI.
Extensions now have a “state” field. To drop an extension from a database users now have to explicitly use “state: absent”.
log_directory
for PostgreSQL is no longer created (automatically) by pglift.We remove the portion of code parsing the postgresql.conf and creating the corresponding log_directory. User should make sure the log_directory is present when they change this setting on postgresql.conf.
In pgBackRest settings,
ca_cert
is now a part of certificate field.pgbackrest.repository.ca_cert
should now be defined aspgbackrest.repository.certificate.ca_cert
.Pglift usage as root user is now prevented.
According to PostgreSQL documentation,
initdb
orpg_ctl
commands cannot be run as root.
Documentation¶
The documentation explaining the steps to configure the site when using systemd in system mode has been changed to avoid calling pglift commands with
sudo
.
Misc.¶
Move command-line specific settings (
lock_file
andlogpath
) to a newcli
field.
v0.31.0 - 2023-02-28¶
Features¶
A new logrotate service has been added to generate logrotate configuration file for each instance.
The
passfile
site setting, underpostgresql.auth
section now accepts anull
value in order to completely disable support for the password file. When disabled,--pgpass
option torole
commands are no longer available.Validate existence of
bindir
fields set inpostgresql.versions
setting.
Bug fixes¶
Define the
cluster_name
inpostgresql.conf
template file, thus allowing to create instances without the value (which used to be hard-coded from instance name).
Removals¶
The
pgpass
field inroles
items for anInstance
is no longer supported (in Ansible or the declarative API). The field can still be specified onRole
objects.To enable SSL in PostgreSQL configuration file, in addition to setting
ssl
totrue
, providingssl_cert_file
andssl_key_file
is required. The previous self-signed certificate is no longer generated.No longer output the
pgpass
field when listing roles.
Documentation¶
The commands for exporting the Ansible doc fragments have been simplified for the release workflow. Now it is only a copy of the data files already generated for the tests.
Add a note about the ability for devs to run systemd jobs on sourcehut.
Document sudo pre-requisites for systemd “system” mode with a sudoers entry example.
v0.30.0 - 2023-02-06¶
Features¶
Make it possible to specify the schema in which a database extension would be installed.
Until now, when an extension was added to a database, the extension’s objects were installed by default on the current schema of the database (usually
public
schema).Now, the name of the
schema
in which to install the extension’s objects can be specified when adding or altering extensions, by specifying it in the manifest.Add a
-f/--follow
option toinstance logs
command to follow log output and log file change.Log create/alter/delete operations on database extensions.
Add support for TLS encryption settings for patroni REST API.
Log messages from pgBackRest commands:
pgbackrest
commands are now invoked with--log-level-stderr=info
and respective messages are forwarded to pglift’s logger atDEBUG
level (as are allstderr
messages from subprocesses).Configure pgBackRest on standby instances, even in
repository.path
mode, removing a previous limitation from the implementation.In addition, when calling
instance backup <instance>
with<instance>
being a standby,pgbackrest
is now invoked with--backup-standby
option.Setup pgbackrest on standby instances when using a remote repository.
Add support for TLS for Etcd for HA with Patroni via site-settings.
Make
host_port
andhost_config
item of pgbackrest’s repo-host settings optional.Separate server from client pgbackrest configuration in remote repository mode.
temboard-agent V8 is now needed for pglift, older versions are no longer supported.
Bug fixes¶
Do not write the
port
value inpostgresql.conf
if it has the default value.If any change in the configuration files is detected for prometheus or temboard, we now perform a restart of the services for the changes to take effect.
Fix possibly not working
Exec
command in postgresql systemd unit file.
Removals¶
If pgbackrest is enabled, the stanza name must now be provided upon instance creation.
Temboard-agent SSL files are no longer auto-generated, their path must be provided in site-settings. The
certificate
field containingcert
andkey
is required in temboard section.CLI option
--extension
ofdatabase alter
command has been removed.CLI option
--in-role
ofrole alter
command has been removed.Patroni etcd
host
setting has been replaced byhosts
.Configuration for etcd for HA with patroni is now managed in site settings.
Etcd host can no longer be provided by user when creating an instance.
Documentation¶
Update the Ansible tutorial to refer to the collection and simplify installation steps.
Warn about the prerequisites for using
systemctl --user
.Document patroni etcd
hosts
setting usageDocument Patroni security (TLS support)
Recommend to use systemd as a service manager when operating with pgBackRest in remote repository mode.
Misc.¶
Add
--pg1-path
option topgbackrest archive-push
command set in PostgreSQLarchive_command
.
v0.29.0 - 2022-12-30¶
Features¶
Improve warning message when failing to connect to primary instance in
instance get
.Make replication role a member of
pg_read_all_stats
.Add WAL sender state (from pg_stat_replication view) to standby information (as available in
instance get
command).Export paths to PostgreSQL data and WAL directories when getting an Instance (e.g. through
instance get -o json
command).Introduce
$PGLIFT_CONFIG_PATH
environment variable.This new variable allows users to provide a path to site configuration files to be taken into account prior to
$XDG_CONFIG_HOME/pglift
or/etc/pglift
.Preserve user edits of Patroni configuration file.
Add support for pgbackrest remote host repository.
Bug fixes¶
Catch JSON decode exception when parsing
SETTINGS
environment variable.This prevents showing a traceback when the json provided for
SETTINGS
environment variable is invalid.Catch
SettingsError
when loading site settings in CLI.Prevents displaying a traceback if there’s an error when parsing the site settings YAML file.
Fix path to pglift in systemd service when using pre-built binary
ExecPath in
pglift-postgresql@
systemd service which was wrongly set to an inexistent path.
Removals¶
Require pgbackrest>=2.41
pglift instance backups
now runspgbackrest info --set=<backup set> --output=json
which only works since pgbackrest 2.41.Hide
standby.status
field frominstance get
output: this field is not very useful since it will only appear on standby instances, which are by definition in demoted state.Change priority order of site config files. Order is now xdg > etc > dist.
Improve instance privileges command help message
Drop archive-push section in global pgbackrest configuration.
Replace
pgbackrest.repopath
setting bypgbackrest.repository
, now an object with keyspath
andretention
(seepglift site-settings --schema
for details). Thepath
field is now required and has no default value, in contrast withrepopath
previously.The
site-settings
command output format is now YAML by default.
Documentation¶
Add a section in docs for site configuration templates.
Explain how base pgBackRest configuration is installed, and how to override it.
Improve and clarify documentation about systemd in system mode.
Misc.¶
Use pgbackrest’s recovery-option when restoring a standby from a backup.
Only restart PostgreSQL upon configuration changes, not all satellite services.
v0.28.0 - 2022-12-02¶
Features¶
If pgbackrest is enabled, log install and uninstall operations at
site-configure
.Configure systemd timer for instance backup with a randomized delay.
Add a
--dry-run
option to apply commands.Add support for “force” option for database drop.
Improve logging when starting/stopping Prometheus postgres_exporter and temboard-agent.
Allow to pass any command to
instance exec
(not just Postgres commands or absolute ones as previously).Make it possible to operate normal instances even when patroni is enabled in site settings.
Add support for PostgreSQL 15.
Make check for port availability more robust.
Improve systemd unit template for PostgreSQL. It is now defined as a
Type=notify
service and does not use aPIDFile
anymore, following more closely what’s suggested in PostgreSQL documentation.
Bug fixes¶
pglift 0.27.0 is now the minimum required version for the Ansible collection.
Fixed error during enabling/disabling temboard service with systemd caused by a bad service name.
Fix error in
instance env
command for a standby instance with pgbackrest enabled.Only start Patroni once at instance creation (avoid a stop and a start). This should make concurrent setups (e.g. from Ansible targeting different hosts in parallel) work without dead-locking Patroni.
Avoid starting / stopping PostgreSQL many times at instance creation.
Removals¶
The Ansible collection got moved to its own repository.
Avoid useless
pgbackrest start
invocation after stanza creation.Separate management of shared_preload_libraries and database extensions.
The
extensions
key in instance’s model has been dropped. To install extensions in an instance, you now need to provide theshared_preload_libraries
in instance settings.No longer error out, but simply warn, upon invalid Patroni configuration as reported by
patroni --validate-config
.Only validate generated Patroni configuration for Patroni version higher than 2.1.5.
Documentation¶
Extend how to about standby management with Ansible to illustrate promote operation.
Add some details about site configuration in installation documentation.
Misc.¶
Add a hidden
--debug
command-line flag to set log level toDEBUG
and eventually get tracebacks displayed.Unconditionally call
pgbackrest stanza-create
upon instance. re-configuration whereas this was previously only done at instance creation. Conversely, the--no-online
option is used to avoid superfluous instance startup. On the other hand thepgbackrest check
command is still only emitted at instance creation.Add
--output=json
option topostgres_exporter apply
command.Rework systemd installation through site-configure hook.
Use pglift CLI in systemd unit for PostgreSQL.
Use towncrier to manage news fragments.
v0.27.0 - 2022-11-02¶
Features¶
Support for RockyLinux 9
Ability to provide a name for pgbackrest stanza
Handling of
REASSIGN OWNED
andDROP OWNED
when dropping a roleBetter handling of model validation errors in the CLI
Ability to create a database as a clone of an existing one
JSON output to
instance env
commandJSON output to
apply
sub-commandsPrometheus password change upon
instance alter
Prometheus password kept upon instance upgrade
Raise a specific error if role being dropped has dependent database objects
Raise a specific error when Postgres binary directory for requested version does not exist
Bug fixes¶
SETTINGS
environment variable takes precedence over YAML setting fileFix systemd service name for Patroni-managed instances
Fix service name inconsistency for temboard-agent
Entries of
postgresql.conf
, set byinitdb
, no longer commentedFix a type error when retrieve instance environment from Ansible module
Replication password passed through environment when invoking
pg_basebackup
Removals¶
Field
pgbackrest_restore
excluded frominstance get
command outputDatabase auto discover in default postgres_exporter configuration
CLI option
--json
, replaced by--output-format=json
Instance model’s
configuration
, renamed assettings
, to be consistent with eponymous field on Database objectsStandby’s
for
field renamed asprimary_conninfo
in the declarative API
Documentation¶
Added an example playbook for a standby instance
Fix settings in Ansible tutorial (
pgpass
fields missing forsurole
andbackuprole
)
Misc.¶
Limit database connection openings in
instance get
Installation of global pgbackrest configuration through
site-configure
commandSetting
postgresql.versions
now defined as a listUse pglift CLI in Ansible modules, instead of the Python API
PyOxidizer configuration to build a binary version of pglift