.. SPDX-FileCopyrightText: 2021 Dalibo .. .. SPDX-License-Identifier: GPL-3.0-or-later Changelog --------- .. towncrier release notes start v3.0.0 - 2026-02-05 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Show a warning message if instance is not restarted when changing the port. - Add support for PostgreSQL version 18. - Add support for RHEL/RockyLinux 10. Bug fixes +++++++++ - Don't always report "changed" change_state for an already running instance upon apply command. Applies for Ansible. - Fix broken conversion from a standalone into a Patroni cluster member when using the declarative API (ie. ``instance apply`` command or Ansible). Also the value for ``change_state`` is set to ``changed`` in this case. - Parse and perform partial validation when applying new configuration (e.g., using ``pglift pgconf set``). - Prevent port reset when using ``pgconf set`` command for an instance managed by Patroni. - When updating an instance managed by Patroni (in local mode), wait for PostgreSQL reload to complete (new config effectively written and loaded) before possibly asking for restart. - Don't restart prometheus on port change if instance is stopped - Correctly set value to ``changed`` for ``change_state`` in command output when patroni, prometheus or temboard config is changed. - Stop is avoided when restarting if the instance is not already running. Deprecations and Removals +++++++++++++++++++++++++ - Handling non-local instances with the ``postgres_exporter`` commands is deprecated. - Remove deprecated Patroni ``loop_wait`` setting, configuration is now handled through the Patroni template. - Remove the deprecated ``validity`` field for roles. This also affects the CLI option and output, as well as the Ansible argspec. - Remove deprecated Patroni ``watchdog`` setting, configuration is now handled through the Patroni template. - Remove support for PostgreSQL 13. Documentation +++++++++++++ - Add uv to installation alternatives. Misc. +++++ - Use Pex instead of PyOxidizer to build the pglift binary. As a result, we now have a standalone binary again. v2.6.1 - 2025-12-11 ~~~~~~~~~~~~~~~~~~~ Misc. +++++ - Changes only related to package publication. v2.6.0 - 2025-11-25 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Add ``wal pause-replay`` and ``wal resume-replay`` CLI commands to control WAL replay on PostgreSQL standby instances. - Add ``wal_replay_pause_state`` field to PostgreSQL Standby instances to show whether WAL replay is paused or not. - Emit an information message when changing PostgreSQL parameters already set by a plugin (e.g., pgbackrest). Bug fixes +++++++++ - Avoid inappropriate restart on parameter change if instance has no port configured (default value used). v2.5.0 - 2025-10-09 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Add support for managing PostgreSQL configuration parameters in DCS mode for instances managed by Patroni. With the ``configuration_mode.parameters`` setting, pglift users can now choose whether parameters are stored locally or in the DCS. Bug fixes +++++++++ - In the case of a database creation failure, if the database hasn't been effectively created, we avoid trying to drop it. v2.4.0 - 2025-09-11 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Add support for dynamic HBA configuration stored in the DCS for Patroni managed instances. Users can now choose where the HBA is stored using the new ``configuration_mode.auth`` Patroni related setting. - Add ``edit`` subcommand to ``pghba`` command, allowing users to manage instance's HBA entries with the configured ``EDITOR``. Bug fixes +++++++++ - Comments are preserved in ``pg_hba.conf`` after an update. - Suppress reload prompt when editing HBA configuration, for consistency with how pglift manages PostgreSQL and HBA changes. - ``--reassign-owned`` option can now be reused as expected when dropping a role via the CLI. Previously, attempting to drop a role that owned objects with ``--reassign-owned`` resulted in a validation error due to an incorrect mutual exclusivity check with ``--drop-owned``. v2.3.0 - 2025-07-10 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - pglift now asks users if they want to reload PostgreSQL when saving a new HBA configuration. Bug fixes +++++++++ - Allow to create instance on already existing pg_data or WAL directories if they are empty. v2.2.0 - 2025-06-18 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Add a new field ``is_paused`` to indicate whether a Patroni cluster managing PostgreSQL instance is in pause mode. - Add a ``--dry-run`` option to ``database restore`` command. - Log a message when PostgreSQL is not stopped upon a stop request while Patroni is in maintenance (paused) mode. Bug fixes +++++++++ - Make command invocations with ``--help`` option work without prior site-configuration. - Create directory for systemd-tmpfiles configuration if missing. - Fix ``site-configuration check`` and ``list`` for systemd-tmpfiles when satellite doesn't require a specific directory, such as when the managed directory (e.g. ``pid_file`` or ``socket_directory``) equals the ``run_prefix``. - Fix crash when working with instances with inconsistent temboard-agent or Prometheus postgres_exporter services state and site settings. Namely, the absence of such service's configuration for an instance, even though enabled in site settings, is now gracefully handled upon instance modification and a warning log message is emitted. - Fix unexpected error when pgbackrest is activated in the settings and passing "null" as value in instance manifest. This specifically happens when using the Ansible module. - Fix table rendering on small console when stdout encoding is ASCII by no longer ellipsing table's cells but instead allow their content to fold on multiple lines. v2.1.0 - 2025-05-16 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Add ``--dry-run`` option to ``database [create|alter|drop|dump|apply]`` and ``role [create|alter|drop|apply]`` commands to simulate actions without making changes. - Ask for confirmation before executing ``pgbackrest check`` upon promotion of a standby instance. - Add ``instance demote`` command to turn a primary instance as standby. - Add plugin for systemd-tmpfiles to manage directories under the ``run_prefix`` path, which is typically used for socket and PID files. Bug fixes +++++++++ - Fix unexpected error occurring upon revert of an operation such as ``instance create``. - Fix missing socket directory creation when creating an instance in "stopped" state. - Create a backup of the Patroni configuration when the API is unavailable and pglift cannot determine if the deleted node is the last node in the cluster (e.g.: deleting a stopped node). - Make sure ``--dry-run`` doesn't actually restart instance when port is changed via ``pglift pgconf set`` command. v2.0.0 - 2025-04-04 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ Operations ^^^^^^^^^^ - Add support for PostgreSQL version 17. - Add support for Patroni REST API basic authentication. - Add customization for Patroni configuration with the same template approach (overriding) as other components. - Add possibility to edit pg_hba records for instances managed by Patroni. - Allow to configure ``locale`` at database creation. - Preserve original headers (information comments) in ``pg_hba.conf`` and ``pg_ident.conf``. - Log the result ``stdout`` of ``pg_isready`` invocations (at DEBUG level). - Make the ``{version}`` variable in PostgreSQL ``datadir``, ``waldir`` and ``dumps_directory`` settings optional. - When updating a Patroni-managed instance, now account for etcd options, SSL authentication for replication and rewind, and REST API options. Corresponding options are now available in the ``instance alter`` command. - Make the ``pgbackrest`` satellite component of instance non-required even if enabled in site settings. The direct consequence is that the ``--pgbackrest-stanza`` command-line option (of ``pgbackrest.stanza`` field in Ansible) is no longer required. When not specified, it is now possible to create and manipulate instances without pgBackRest being configured. Command-line interface ^^^^^^^^^^^^^^^^^^^^^^ - Add a ``--diff`` option to ``apply`` sub-commands, ``pghba`` commands and ``instance alter``` command. - Add a ``--dry-run`` option to ``pgconf {set,remove}`` commands and ``pghba`` commands. - Add ``-o/--output=json`` option to ``instance alter`` command. - Capture messages of all loggers in CLI's debug log file, instead of just the final error previously. - Add ``list`` action to ``site-configure`` command to output the list of files managed during site configuration. Setup and site configuration ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Add support for using ``__`` delimiter of nested levels when overriding settings with environment variables. - Add ``pglift_`` prefix for environment variables to override pglift settings. - Enforce Patroni configuration validation by default. - Add ``cli.log_level`` setting to configure the CLI log level. It doesn't take precedence over ``--log-level`` (`-L`) or ``--debug`` options. It can be set via an environment variable (ie. ``PGLIFT_CLI__LOG_LEVEL``). - Remove creation and verification of PostgreSQL socket directory at ``site-configure install``. That directory is created by default on /run which is ephemeral and pglift re-creates that directory if necessary when starting an instance. Bug fixes +++++++++ - No longer output a traceback in case of unexpected error in command-line operations (debug information will still be available in the dedicated log file). - Improve error handling during data validation when a dependent value is missing during the validation of another one. - Avoid error when failing to list database dumps if there is a file that doesn't follow the expected format. - Remove useless ``pg_hba`` and ``pg_ident`` entries from ``bootstrap`` section in Patroni configuration file. - Fix backup of Patroni configuration file when dropping the last node of a cluster when running with systemd (was broken since pglift 1.8.0). - Query Patroni REST API over HTTPS when ``patroni.restapi.certfile`` and ``patroni.restapi.keyfile`` setting are set, as already done if ``patroni.restapi.cafile`` is set. - Prevent failures upon "de-init" of PostgreSQL instance, during ``pg_ctl status`` check, when the initially requested operation fails. - Fix Patroni configuration validation error when templated ``pg_ident.conf`` is empty. - Make it possible to upgrade again an instance that has already been upgraded, especially if pgBackRest was configured on the instance. - Remove the "pass file" if left empty by a role change or drop, consistently with what already happens at instance drop. Deprecations and Removals +++++++++++++++++++++++++ - Drop deprecated ``cli.logpath`` setting. - Deprecate the ``loop_wait`` and ``watchdog``` settings for Patroni. Respectively, ``bootstrap.dcs.loop_wait`` and ``watchdog`` configuration should be done by overriding the Patroni template. - Ignore configuration files in ``$XDG_CONFIG_DIR`` and ``/etc/pglift`` when using ``$PGLIFT_CONFIG_DIR`` environment variable. - Drop deprecated ``in_roles`` field of ``Role`` object. - Drop support of deprecated ``SETTINGS`` environment variable. - Drop support of deprecated ``PGLIFT_CONFIG_PATH`` environment variable. - Setting ``prometheus.queriespath`` got removed as support for ``extend.query-path`` option in `postgres_exporter 0.13 `_ is deprecated. The previous (empty) YAML file containing custom queries for postgres_exporter is no longer installed. In the future, support for a dedicated sql_exporter will be added to provide equivalent features. - Remove ``--settings`` for ``site-configure`` command. - Environment variables without the ``pglift_`` prefix are now unsupported. Prefixed variables should be used instead (e.g.: ``postgresql`` variable should be replaced by ``pglift_postgresql``). - Drop deprecated ``--jobs`` option of ``instance upgrade`` command. - Drop deprecated ``patroni.etcd.v2`` setting. - Drop support for Python 3.9. - Remove support for PostgreSQL 12. Documentation +++++++++++++ - Add a paragraph about ``--dry-run`` option. v1.9.0 - 2024-11-26 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Add support for null (with ``null`` string) value representation when defining settings with environment variable. - Emit ``DEBUG`` log messages when accessing site or distribution configuration files (e.g. ``postgresql/postgresql.conf`` template file when configuring PostgreSQL). - Add a ``valid_until`` field to Role model. This is meant to replace ``validity`` eventually. Bug fixes +++++++++ - Really return *default* settings from ``site-settings --defaults`` and no longer read pglift environment variables. - Fix failures upon reconfigure of PostgreSQL when requested settings would affect an entry in a file included in the main ``postgresql.conf``. - Fix installation through pipx. - For PostgreSQL 14 and below, use the database owner as "grantor" (the role used in ``FOR ROLE`` clause when defining default privileges) in ``set-profile`` command targeting the "public" schema. Deprecations and Removals +++++++++++++++++++++++++ - The ``validity`` field of the role object is deprecated. It is replaced by ``valid_until``. Documentation +++++++++++++ - Document concurrent operation locking in the command-line interface in a new :ref:`reference section `. Misc. +++++ - Declare support for Python versions 3.12 and 3.13. v1.8.0 - 2024-10-29 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - pg_dump and pg_restore commands are run with ``-vv`` when the command ``database create ... --clone-from`` is executed with ``DEBUG`` log level. - Delete PostgreSQL socket directory at ``site-configure uninstall``. - Entries can be added/removed to/from ``pg_hba.conf`` when creating/updating/dropping roles. This is only available through the Ansible interface by setting the ``hba_records`` field. - Add ``allow_group_access`` setting in ``postgresql.initdb`` section. - Add support for :ref:`converting a standalone instance into a member of a Patroni cluster `, either through ``instance alter`` command (with ``--patroni-cluster``, and possibly ``--patroni-node`` options specified) or through the Ansible interface by adding ``patroni`` options in the argument spec of a ``dalibo.pglift.instance`` task. - Add support for :ref:`upgrading an instance managed by Patroni `. - Log a warning when trying to set PostgreSQL parameters controlled by Patroni, such as ``max_connections``, as this will have no effect. - Add ability to manipulate entries in ``pg_hba.conf`` from the command line interface. - Add support for creating / dropping replication slots. - Render validation errors as JSON in command-line operations when ``--output-format`` is set to ``json``. Bug fixes +++++++++ - Allow empty settings.yaml configuration file. - Check presence of pg_ctl before adding a PostgreSQL version to list of supported versions by pglift. - Fix clone of databases including "large" tables, previously hanging the ``pg_restore`` process. - Fix missing ``description`` in the JSON Schema of ``Instance`` and ``Role`` manifest models, now correctly returned by ``pglift --schema`` command. - Properly deactivate systemd unit for Patroni upon instance drop. - Fix detection of PostgreSQL port change when altering a Patroni-managed instance. - Hide ``--patroni-etcd-{username,password}``, ``--patroni-restapi-{connect-address,listen}``, ``--patroni-postgresql-replication-ssl-{cert,key,password}`` and ``--patroni-postgresql-rewind-ssl-{cert,key,password}`` options from ``instance alter`` command as they actually had no effect since underlying settings are *read-only* and cannot be modified through pglift. - Emit a user-friendly error when trying to restart/reload a Patroni instance and the REST API server is unreachable (often because the instance is not running). - Consistently insert a ``create_replica_methods`` entry in Patroni YAML configuration for instances with pgBackRest enabled. (Previously, only instances with a valid backup had such an entry.) - Reload Patroni when altering an instance even if changes are not related to PostgreSQL parameters. Deprecations and Removals +++++++++++++++++++++++++ - Mark usage of ``SETTINGS`` environment variable as deprecated. PGLIFT_CONFIG_DIR environment variable or variables based on settings name should be used instead. - Mark the ``v2`` field of patroni etcd settings as deprecated and add ``version`` field to replace it. Misc. +++++ - Handle creation/deletion of PostgreSQL socket directory during site configuration (``pglift site-configure`` commands) instead of at instance creation. On sites where pglift was installed and configure (``pglift site-configure install`` command already executed) but no instance exists yet, running ``pglift site-configure install`` again is needed. - Log ``systemctl`` operations (e.g. ``enable``, ``disable``, ``start``, etc.) at ``INFO`` level. v1.7.0 - 2024-09-10 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Add concept of profile to give some specific privileges on role for a given database and schema. Currently pglift only supports the read-only and read-write profiles. - Add patroni setting (patroni.enforce_config_validation) to enforce configuration validation. - Check that system directories (e.g. PostgreSQL log directory) are writable when needed. - Add a ``-x, --exclude-database`` option to ``database list`` to filter out listed databases. - Show extensions and schemas in `database get` table format output. - Add the ability to add/remove extensions or schemas to/from a database through the CLI (``database alter`` command). - Creation of a primary instance from a ``pgBackRest`` backup is now possible. What is required is a valid backup and a stanza configuration for the instance to be created. It can be useful to restore an instance after a disaster, for example if the ``PGDATA`` directory is not available anymore. - Add a ``memberships`` field to Role model. This is meant to replace ``in_roles`` eventually. - It is now possible to pass extra options to the pg_upgrade underlying command when executing the ``pglift instance upgrade`` command. Bug fixes +++++++++ - Allow include directives in ``postgresql.conf`` template (only directives referencing an absolute path are allowed). - Add check to ensure we do not try to run pg_upgrade to downgrade an instance. - Check that a value for ``--surole-password`` was provided if the local authentication policy requires a password upon instance creation. - Abort early the ``instance upgrade`` operation on a Patroni instance as this is not supported. - Avoid querying Patroni REST API for cluster members when the instance is stopped, thus resolving some command failures (e.g. ``pglift pgconf set``) on stopped instances. - Only reload Patroni upon configuration changes, e.g. through ``pglift pgconf set`` command, when the instance is running, thus avoiding such commands to fail previously. - Fix read of PostgreSQL collected log files in case the target log destination (e.g. ``stderr``) is not first in ``log_destination`` configuration option (thus properly handling situations such as ``log_destination=syslog,stderr``). - Avoid prompting for super-user password when it got provided through the command-line at creation of an instance with "password" local authentication method. - Fix failing listing of instances when datadir is set with {name} and {version} on the same path segment (or other exotic forms). - Prevent errors when trying to delete a partially upgraded instance that has not been initialized. Deprecations and Removals +++++++++++++++++++++++++ - The ``in_roles`` field of the role object is deprecated and will be removed in the next major release. It is replaced by ``memberships``. - ``--jobs`` option for the ``instance upgrade`` command is deprecated. Extra options should be used instead. Documentation +++++++++++++ - Improve the description of model fields and command-line options accepting multiple values (e.g. ``database.schemas``). - Indicate, in the interactive command-line help (``--help`` option), which options can be specified multiple times (e.g. ``--in-role`` option of ``role create`` command). - Add a section for upgrade in operations user guides. v1.6.0 - 2024-06-21 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - The ``privileges`` commands now display privileges independently of the ``search_path``. - Forward stdout messages from ``pg_ctl`` to our logger when failing to start the instance. This helps understanding issues when starting PostgreSQL when log files are not preserved (e.g. at instance creation). Bug fixes +++++++++ - Resolve misleading ``creating role 'backup'`` and ``updating role 'backup'`` log messages (``INFO`` level) when creating an instance, only keep the first one. - Fix ``instance backups`` and ``instance restore`` commands on an old instance after upgrade, previously producing a traceback, and now exiting with a more meaningful error message. - Preserve PostgreSQL port set from site template along repeated usages of ``dalibo.pglift.instance`` Ansible module. - Validate the availability of PostgreSQL instance ``port`` if the value comes from ``postgresql.conf`` site template. Deprecations and Removals +++++++++++++++++++++++++ - Disallow the ``port`` entry in the ``settings`` field of ``dalibo.pglift.instance`` Ansible module. Support for this entry, in combination with the main ``port`` field, was quite fragile and arguably confusing. Users should now consistently use the ``port`` field to set PostgreSQL port when using the Ansible module. v1.5.0 - 2024-06-07 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Add an :ref:`auditing capability ` to the command-line interface. - Make it possible to set ``postgresql.logpath`` setting to ``null`` in order to make the PostgreSQL log directory unmanaged by pglift. Note that when this is done, no ``logrotate`` and ``rsyslog`` configuration will be installed for PostgreSQL on site. - Restore ``database restore`` and ``database dumps`` commands and make :ref:`database logical backup ` work with ``pg_back`` used in ``postgresql.dump_commands`` site settings. - Validate that path-like settings do not contain template variables when none is accepted. Especially, this avoids silently using values of, e.g., ``postgresql.logpath``, if it contains ``{name}`` and/or ``{version}``. Bug fixes +++++++++ - Account for instance's port when explicitly set to the default value (5432) despite the site ``postgresql.conf`` template may define another value. - Account for ``port`` setting possibly defined in site ``postgresql.conf`` template when creating Patroni-managed instances (and no ``port`` option is specified in the command-line or Ansible module). - Set schema owner to database owner if no owner for the schema got specified but one was for the database. Previously, schema owner was set to the current user in that case. Deprecations and Removals +++++++++++++++++++++++++ - No longer forward log messages from the "filelock" library in the command-line interface (previously only visible in debug mode). - Deprecate ``cli.logpath`` setting as its purpose was confusing users. The setting value now defaults to ``null``, meaning that a temporary file will be used to store debug information. As before, the file will only be kept if invoked command exits with an unexpected error. Site administrators are recommended to adjust their site settings to remove that ``cli.logpath`` setting. Documentation +++++++++++++ - Document how to change :ref:`managed PostgreSQL configuration parameters `. - Document logging behaviours in the command-line interface in a new :ref:`reference section `. Misc. +++++ - Avoid setting a ``port`` entry in ``postgresql.parameters`` within Patroni configuration file as this parameter is controlled by Patroni (through ``postgresql.listen``). v1.4.0 - 2024-03-29 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Add support for "versioned" PostgreSQL template files in site configuration. This allows, for example, the site administrator to install a ``postgresql/16/postgresql.conf`` template file in site configuration directory which would be used when creating an instance with PostgreSQL version *16* to initialize the ``postgresql.conf`` file. Creating an instance with another version would, on the other hand, use ``postgresql/postgresql.conf`` if found in site configuration or fall back to the default template file distributed with pglift. - Validate TCP port availability when creating standalone Prometheus postgres_exporter services. Bug fixes +++++++++ - Fix the executable path of ``pglift`` in systemd units when pglift is not installed from the binary; the problem occurs from version 1.3.0 as the command-line interface got moved to a dedicated Python package. - Properly revert the creation of a database when requested with an unknown extension instead of showing a full traceback and leaving the database over. - Avoid blocking Patroni instance deletion if the configuration file backup fails (e.g. in case of network error, while querying the REST API). - Only try to initialize instances from a pgbackrest backup if a replica. This fixes ``instance upgrade`` command when pgbackrest was configured on site and a backup was available as the command would try to initialize the new cluster from this backup, which was not in expected version. - Possibly inject ``PGLIFT_CONFIG_DIR`` environment variable in systemd unit templates invoking the `pglift` executable (this applies to ``pglift-postgresql@.service`` and ``pglift-backup@.service``). Documentation +++++++++++++ - Change the dev setup command to use ``requirements/dev.txt`` file. - Add a link to :ref:`Patroni cluster removal ` documentation page in the ``WARNING`` message emitted when backing up the Patroni configuration file when dropping the last node of the cluster. Misc. +++++ - Improve log message upon database errors in the command-line interface by only showing the traceback if the ``--debug`` is set and displaying the error message as well as the SQLSTATE value (PostgreSQL error code). - Improve the user experience when checking for the availability of TCP ports for PostgreSQL or satellite services. - Improve the help text of ``--standby-for`` option in ``instance create`` command. v1.3.1 - 2024-03-11 ~~~~~~~~~~~~~~~~~~~ Bug fixes +++++++++ - Restore the possibility to run ``pglift --version`` without site settings being loaded; in particular, this allows the command to be run as ``root`` user (despite pglift cannot be used with this user still). v1.3.0 - 2024-03-05 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Add a ``-o,--output DIRECTORY`` option to ``database dump`` command to specify an alternative output directory to write dump file(s) to. - Forward PostgreSQL messages to pglift logger (``DEBUG`` level) while performing setup operations on satellite components (configuration, reload, promote). - Load site settings from ``settings.yaml`` if found in the directory referenced by ``PGLIFT_CONFIG_DIR`` environment variable. - Possibly drop the new (upgraded) instance if the upgrade fails in ``instance upgrade`` command. Bug fixes +++++++++ - Fix an oversight about pgBackRest configuration check before running commands. - Remove misleading "failed to read (postgres_exporter|temboard-agent) configuration ..." log messages (``DEBUG`` level) during instance creation. - Fix logging of ``pg_restore`` stderr (at ``DEBUG`` level) broken since pglift 1.2.0. - Enable (or disable) `pglift-pgbackrest` systemd service during ``site-configure install`` (or ``uninstall``), thus making the service active at user login (or at boot, if the user is lingering). - Fix wrong invocation of ``systemctl status`` command; the command was mostly used as a check so the impact was not important, but an actual error was visible in ``DEBUG`` log messages. - Setting ``temboard.certificate.ca_cert`` is now optional as it is not actually required to run temboard-agent. - Fix a typo in allowed values of ``temboard.plugins`` setting. - Do not manipulate PostgreSQL objects (databases, roles) when upgrading an instance through ``instance upgrade``. This resolves an issue when trying to upgrade an instance with PoWA enabled from PostgreSQL version 14 to higher which resulted in a failure to upgrade ``pg_stat_statements`` extension due to reverse-dependency from ``pg_stat_kcache``. - Fix ``database alter`` command when the database has extensions installed. The command previously failed with an "invalid" validation error. Deprecations and Removals +++++++++++++++++++++++++ - Deprecate (undocumented) ``PGLIFT_CONFIG_PATH`` environment variable, renamed as ``PGLIFT_CONFIG_DIR``. Documentation +++++++++++++ - Document ``PGLIFT_CONFIG_DIR`` environment variable. Misc. +++++ - Log an ``INFO`` message when running ``pgbackrest check``. - Log the output of ``systemctl is-enabled`` command (at ``DEBUG`` level). - Print both the CLI and the library versions in ``pglift --version`` command when packages version is not the same. - Extract the command-line interface code into a dedicated Python package. See the :ref:`installation documentation ` for details. - No longer raise a validation error, but simply warn, upon empty ``postgresql.versions`` setting. With this change, a PostgreSQL installation is no longer required on site in order to operate pglift (although most operations will not be available). Beside making local testing easier, this change also enables the configuration of a Prometheus postgres_exporter service on a site where PostgreSQL is not installed, such as a side-car host to the PostgreSQL instance. - Merge the code of the Ansible collection in main pglift repository. v1.2.0 - 2023-12-22 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Add an ``instance shell`` command to start a new shell with instance's environment, as a shorthand for ``pglift instance exec`` or ``export $(pglift instance env)``. - Add a ``check`` option to ``site-configure`` command. Bug fixes +++++++++ - Catch "database errors" (``psycopg.errors.DatabaseError``) globally in the CLI, thus preventing a traceback to be displayed. - Handle possible absence of "backup set size" in the output of ``pgbackrest info`` when listing instance's backups as this field is not set for *block incremental backup*. Accordingly, key ``repo_size`` in ``instance backups`` command output will be ``null``. - Fix log messages about Prometheus postgres_exporter service configuration (previously erroneously referring to PostgreSQL instead of "postgres_exporter"). - Improve error handling when parsing (possibly modified) Prometheus postgres_exporter configuration file by returning a user error instead of an internal error (traceback). - Start Prometheus postgres_exporter with a ``--web.listen-address`` argument instead of relying on the ``PG_EXPORTER_WEB_LISTEN_ADDRESS`` environment variable that is no longer used by postgres_exporter from version 0.12. The latter variable is no longer written to postgres_exporter configuration file for newly configured instances, but will still be read for existing instances. The compatibility is handled when starting postgres_exporter directly but not when using systemd as service manager. In the latter case, the configuration file for all existing postgres_exporter services should be adjusted (if using postgres_exporter version 0.12 or higher) by changing: :: PG_EXPORTER_WEB_LISTEN_ADDRESS=:9187 POSTGRES_EXPORTER_OPTS='--log.level=info ...' into :: POSTGRES_EXPORTER_OPTS='--log.level=info --web.listen-address=:9187 ...' - Make ``site-configure install`` (resp. ``site-configure uninstall``) commands more idempotent by properly handling existing (resp. non-existing) files or directories. This implies that, upon "re-configuration", existing files (possibly modified by the user) will not be overridden. - Only invoke ``systemctl daemon-reload`` if some unit files actually got installed in ``site-configure install``. - Properly account for ``shared_preload_libraries`` option defined in ``postgresql.conf`` site template when building the configuration of an instance with PoWA enabled. Documentation +++++++++++++ - Mention in "Instance environment" how-to that satellite components also get their environment variables exported. Misc. +++++ - The binary built by PyOxidizer is no longer standalone and now needs shared libraries for extension modules in the ``lib/`` directory alongside the ``pglift`` binary. The package published by GitLab CI now contains a ``.tar.gz`` archive containing all needed files. - Use ``pg_ctl start`` (instead of ``postgres`` previously) to temporarily start PostgreSQL at instance creation. - Upgrade Pydantic dependency to version 2. - Make the project conform to the `REUSE `_ recommendations about licensing and copyright. v1.1.0 - 2023-11-13 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - When dumping a database, through ``database dump`` command, we now forward the role password (that would possibly be prompted for upon database existence check) to dump commands (such as ``pg_dump`` or ``pg_back``). - Limit ``pg_ctl status`` invocations in most operations for better performance. - Return the runtime status of Patroni API as part of ``pglift instance status`` result. Bug fixes +++++++++ - Remove ``gss`` from local authentication methods, as it's only available for TCP/IP connections. - Fix bug preventing instance creation when setting a custom surole name. - Retrieve super-user role's password from environment or ``password_command`` setting when dumping a database. - Improve previously misleading errors and tracebacks when something got wrong at instance initialization by not showing unrelated errors (fixing a bad programming pattern). - Handle possibly absence of PostgreSQL log file during Patroni bootstrap "retry" logic, resolving a crash possibly due to a race condition. - Log an ``INFO`` message when the PostgreSQL instance has been successfully created by Patroni. - Improve log message about "Patroni log file" not being found during bootstrap to make it less misleading by indicating that this is transient (by nature of the bootstrap) and eventually logging a successful message. - Log a ``DEBUG`` message when checking for Patroni "readiness" during bootstrap. Documentation +++++++++++++ - Remove "pgbackrest" and "Prometheus postgres_exporter" pages from the Python API section, as they fail to build with up-to-date dependencies. - Mention upfront in the installation documentation that Python 3.9 (or higher) is required. Misc. +++++ - Build the `pglift` binary using latest PyOxidizer version (0.24 or higher). - Use Python 3.10 to build the binary. v1.0.0 - 2023-10-17 ~~~~~~~~~~~~~~~~~~~ Features ++++++++ - The ``owner`` of a schema can now be specified. - Log the target database name when creating an extension. Bug fixes +++++++++ - Avoid reconfiguring pgBackRest upon PostgreSQL configuration changes when it's not needed but only check if respective changes would need a reconfiguration of this service (e.g. the socket path). - Only invoke ``pgbackrest stanza-create`` upon instance creation, not when modifying it. - Avoid reconfiguring Prometheus postgres_exporter upon PostgreSQL configuration changes when it's not needed but only check if respective changes would need a reconfiguration of this service (e.g. the socket path). - Avoid reconfiguring temBoard agent upon PostgreSQL configuration changes when it's not needed but only check if respective changes would need a reconfiguration of this service (e.g. the port). Deprecations and Removals +++++++++++++++++++++++++ - In the declarative API (Ansible), the ``clone_from`` field of database object, deprecated in previous release, got removed. - The ``passfile`` and ``use_pg_rewind`` settings under ``patroni`` section, deprecated in previous release, are removed; use eponymous fields under the ``patroni.postgresql`` section. - In the declarative API (Ansible), the ``patroni.postgresql_connect_host`` field of instance object, deprecated in previous release, got removed. - Set the default value of ``prometheus.queriespath`` site setting to ``null``, following its deprecation in version 0.38.0. As a consequence, the "queries" file will no longer be installed at instance creation. Documentation +++++++++++++ - Document how to configure the managed node with Ansible in the Ansible tutorial. - The documentation has been reviewed overall, fixing examples (previously invalid due to "recent" changes), adjusting incomplete instructions, clarifying things here and there. Misc. +++++ - Set the development status to "Production/Stable". v0.40.0 - 2023-10-03 ~~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Allow to clone a database by restoring only the schema (data definitions) through ``--clone-schema-only`` command-line flag or the equivalent declarative API. - Add support for database ``PUBLICATION`` and ``SUBSCRIPTION`` objects through the declarative API. - Allow to configure ``hostssl`` authentication method at instance creation. - Add support for ``ctl.{keyfile,certfile}}`` for Patroni in site settings. This is now required after a `breaking change in version 3.1.0 of Patroni `_. - Add support for basic-authentication (username/password) to etcd from instances managed by Patroni. - Client connection options for the ``replication`` and ``rewind`` users of Patroni-managed instances can be specified through ``--patroni-postgresql-{replication|rewind}-ssl-{cert,key,password}`` options when creating an instance (or similar fields in the declarative API) along with ``patroni.postgresql.connection.ssl.{mode,crl,crldir,rootcert}`` site settings. - Stream PostgreSQL log messages to our logger (at DEBUG level) during Patroni bootstrap. - Honour ``postgresql.waldir`` setting when deploying Patroni instances; also, when pgBackRest is used, and a backup is available to create a replica from, ``pgbackrest restore`` is now invoked with ``--link-map pg_wal=...``. - Add support for passwordless SSH connection for pgbackrest remote repository mode. - Add support for PostgreSQL version 16. Bug fixes +++++++++ - Disallow extra fields, previously ignored, in interface models such as ``patroni.restapi`` or ``postgresql.auth`` fields. - Remove the invalid ``cert`` value for ``--auth-local`` or ``--auth-host`` options at instance creation as it only applies to ``hostssl``. - Run local ``pgbackrest server`` with the ``PGPASSFILE`` environment variable so that connections made by pgbackrest (through the libpq) can use the passfile when it's not in the default location. - In Patroni REST API settings, fix the validator of ``verify_client`` to only require that ``certfile`` is set when the former is. Deprecations and Removals +++++++++++++++++++++++++ - In the declarative API (Ansible), the ``clone_from`` field of database object is deprecated; instead the new ``clone`` field (especially its ``dsn`` option) should be used. E.g. in JSON, replace ``"clone_from": ""`` by ``"clone": {"dsn": ""}``. - Remove the ``clone_from`` field in ``database get`` return value, as it was always ``null`` (not preserved from user input). - Commands ``database dumps`` and ``database restore``, deprecated in version 0.38.0, are removed. - In the declarative API (the ``instance`` Ansible module), the ``patroni.postgresql_connect_host`` field is deprecated. Instead ``patroni.postgresql.connect_host`` can be used for the same purpose. - Add a new ``patroni.postgresql`` setting field, holding ``passfile`` and ``use_pg_rewind`` fields, previously under the top-level ``patroni`` key. - A ``mode`` option (with value in ``['path', 'host-tls', 'host-ssh']``) now needs to be explicitly provided for ``pgbackrest.repository`` in site settings. This is a BREAKING CHANGE for which installed site-settings will need an update. - Remove support for PostgreSQL version 11. Documentation +++++++++++++ - Improve Patroni settings descriptions, especially concerning TLS certificates. - Add a "how to" perform major online upgrade of a database through Ansible. - Clarify and extend security notes about etcd and Patroni. - Add missing entry in 0.38.0 changelog about the deprecation of ``database dumps|restore`` commands. Misc. +++++ - Run functional tests under Debian bookworm in CI. - Use ``pg_dump --format=custom`` and ``pg_restore`` (instead of plain ``psql``) when cloning a database. - In tests, run etcd with HTTPS and let Patroni verify server certificates. v0.39.0 - 2023-08-25 ~~~~~~~~~~~~~~~~~~~~ Bug fixes +++++++++ - Forbid extra (unknown) keys in site settings by issuing a validation error instead of silently ignoring them previously. - Use ``WantedBy=default.target`` in systemd units instead of ``multi-user.target``, which is not generally available in user mode. This makes user services starts properly at boot. Deprecations and Removals +++++++++++++++++++++++++ - The default value for ``pgbackrest.repository.path`` got removed; this setting needs an explicit value. Documentation +++++++++++++ - Mention how to install pglift with pipx. v0.38.0 - 2023-08-03 ~~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Add a confirmation to ``pglift database run`` to warn about the databases that will be affected by the sql command. - Add ability to provide a ``.psqlrc`` template as file ``postgresql/psqlrc`` in site configuration. - Setting ``replrole: null`` (or not providing it) disables the creation of the ``replication`` role. Bug fixes +++++++++ - No longer create pgbackrest's lock-path directory during ``site-configure`` but let pgbackrest handle this itself. This makes the configure remain valid upon reboot, by not requiring this directory to be present whereas it might have been removed if set to a volatile system like ``/run``. Deprecations and Removals +++++++++++++++++++++++++ - Setting ``prometheus.queriespath`` is deprecated and will be removed in the next release. This follows from the deprecation of ``extend.query-path`` option in `postgres_exporter 0.13 `_. In the future, support for a dedicated sql_exporter will be added to provide equivalent features. - The default value for ``replrole`` is now ``null``. Users relying on this role for replication now have to provide it explicitly in the settings. Also entries for replication are not part of the default ``pg_hba.conf`` file anymore. Administrators may have to provide a template for this. - Due to their fragile implementation, especially when custom commands are defined in site settings, ``database dumps`` and ``database restore`` commands are deprecated and will be removed in a future release. Misc. +++++ - Improve code quality by using `flake8-bugbear `_. v0.37.0 - 2023-07-18 ~~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Validate ``postgresql.bindir`` setting to make sure it contains the ``{version}`` template placeholder. - Validate that ``postgresql.default_version`` setting has a value within ``postgresql.versions``. - If setting ``postgresql.default_version`` is undefined, guess the default version from the latest PostgreSQL version available as defined in ``postgresql.versions`` setting. - Check pgBackRest configuration upon instance promotion. - Skip the check of pgBackRest configuration for standby instances on sites using the ``repository.path`` mode for pgbackrest. A warning is emitted instead, but this should unblock the creation of standby instances in this mode. - Validate that ``postgresql.versions`` setting is a non-empty list, possibly after having inferred values from ``bindir`` template. - Validate that path-like settings only contain expected template variables: e.g, a validation error will be raised if a settings field contains ``{version}`` or ``{name}`` placeholders whereas none is allowed. Bug fixes +++++++++ - Also add a password file entry for the *backup* role upon standby instances creation. - Consider only the first item of ``unix_socket_directories`` PostgreSQL setting to determine the ``host`` part of libpq connection string. - No longer return ``PGHOST=localhost`` in ``instance env`` command when no ``unix_socket_directories`` configuration entry is defined in order to let PostgreSQL use the default value. - Set the default answer to *No* in prompt asking for deletion of pgBackRest backups upon instance drop. Removals ++++++++ - The "default version" is no longer guessed from ``pg_config`` executable available in ``$PATH``; only site settings are used from now on. Documentation +++++++++++++ - Fix first item of ``restore_commands`` example with `pg_back` missing the ``{conninfo}``. v0.36.1 - 2023-06-20 ~~~~~~~~~~~~~~~~~~~~ Misc. +++++ - Switch to `hatch `_ build system. v0.36.0 - 2023-06-15 ~~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Check installation before performing any operation: when the ``site-configure install`` has not been run or the installation is broken, any operational command will fail fast suggesting to perform a proper installation while installation issues are logged at ``ERROR`` level. - Improve the command-line interface with respect to the ``-i/--instance`` option. The option is no longer required to display the help of a subcommand (e.g. ``pglift database create --help``). Also, a more accurate error message is displayed when no instance is found or when several ones are found. - Validate ``postgresql.{dump,restore}_commands`` settings to that the programs used by each command exist. This only applies to commands using non-PostgreSQL binaries (e.g. ``pg_dump``) as these are typically defined relative to instance's binary directory (e.g. ``{bindir}/pg_dump``). Bug fixes +++++++++ - Report failure to start a child process (e.g. the database dump command) with a user error instead of throwing a traceback. - Command ``pglift instance exec INSTANCE COMMAND...`` now exits with status 2 when no command got specified. - Fix ``instance exec`` command to make it clear that the ``INSTANCE`` argument is not optional. Documentation +++++++++++++ - Document the need for ``--`` in ``instance exec`` command. v0.35.0 - 2023-05-17 ~~~~~~~~~~~~~~~~~~~~ Bug fixes +++++++++ - Implicitly convert ``None`` value to the default value for ``patroni.node`` and ``patroni.restapi`` fields when using Ansible modules. v0.34.0 - 2023-04-21 ~~~~~~~~~~~~~~~~~~~~ Features ++++++++ - The ``instance status`` command has been extended to return the status of all satellite components. It will exit with code 3 if any service is not running. The prometheus and temBoard agent statuses have been implemented in addition to the existing PostgreSQL status. - When creating a standby instance, if a pgbackrest backup for target stanza exists, it will be used instead of ``pg_basebackup``. - Upon deletion of an instance, do not prompt for possible deletion of its pgbackrest stanza when another instance is using it. - Upon deletion of an instance, delete its pgbackrest configuration even if stanza deletion was not confirmed. - Remove log, spool and lock paths for pgbackrest upon ``site-configure uninstall``. - Remove, after confirmation, the backup directory for pgbackrest upon ``site-configure uninstall``. - Add a default value for ``pgbackrest.repository.path`` setting with value ``$prefix/pgbackrest``. Bug fixes +++++++++ - Fix deletion of pgbackrest include directory upon ``site-configure uninstall``: the command previously emitted a warning and the directory was left empty; now it is correctly removed. Removals ++++++++ - The ``{version}`` template variable is once again required in ``postgresql.datadir`` and ``postgresql.waldir`` settings. - Option ``--pgbackrest-restore-stanza`` got removed as it is confusing now that ``--pgbackrest-stanza`` option is required. Misc. +++++ - Set project's development status to *beta*. v0.33.0 - 2023-04-14 ~~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Attributes CREATEROLE and CREATEDB can now be set when creating or altering roles. - The ``version`` of an extension can now be specified. - The temBoard logging can be configured via site settings with ``logpath``, ``logmethod`` and ``loglevel``. By default ``logmethod`` is set to ``stderr``. If ``file`` is selected, a logfile for each instance will be created in the ``logpath`` folder named ``temboard_agent_{qualname}.log``. ``loglevel`` can be set to ``DEBUG``, ``INFO``, ``WARNING``, ``ERROR`` or ``CRITICAL``. - The option ``--pgbackrest-restore-stanza`` is now taken into account when using Patroni. Using this option will try to provision new standby from pgbackrest backups using `create_replica_methods `_ Bug fixes +++++++++ - Do not fail upon socket creation error while checking for port availability; emit a ``DEBUG`` log message instead in that case. - Let the user-defined ``port`` take precedence over what's defined in postgresql.conf site template. Removals ++++++++ - Change the ``completion`` command into a ``--completion=SHELL`` option to ``pglift``. This is now implemented as an eager callback which does not load site settings or any user data and can thus be safely used by any user (e.g. ``root``). - After being marked as required extension schema field is optional again. v0.32.0 - 2023-03-29 ~~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Add the ``logpath`` setting within PostgreSQL settings section. This new field allows to determine the directory containing log for our instances. The postgresql.conf template distributed with pglift now sets ``log_directory`` based on this field, along with a ``log_filename`` value that includes the instance qualified name (i.e. ``-``) as a prefix. - Add ``cli.log_format`` and ``cli.date_format`` settings to control the format of log messages when writing to a file from the command-line interface. - Add a ``--defaults/--no-defaults`` options to ``site-settings`` command to control whether default settings values should be shown, possibly along with site configuration. - Add support for handling database schemas. - Allow ``postgresql.datadir`` and ``postgresql.waldir`` settings to not contain the ``{version}`` template variable; only the ``{name}`` is required by now. - Allow to set already encrypted password to a Role using ``--encrypted-password`` instead of ``--password``. - A new rsyslog configuration option has been added to generate rsyslog config when running ``pglift site-configure install``. - Logrotate configuration is now handled at site-configure step and no longer when creating/dropping an instance. The logorate configuration is now shared among the PostgreSQL instances and satellites components. - The required ``ca_cert`` field has been added to the temBoard settings, it's part of the ``certificate`` field and must be defined as ``temboard.certificate.ca_cert``. This makes the use of ssl more consistent. It's used in the temBoard agent configuration file. Bug fixes +++++++++ - Fix crash upon early pglift command invocation when the creation of (CLI) log directory fails. - Avoid starting a stopped instance when no role or database changes are needed. - Do not override environment from parent process in ``instance exec``. - Fix logrotate configuration file for Patroni, which was missing templating. - Patroni ``postgresql.pgpass`` configuration item is now configurable with ``patroni.passfile`` site setting and defaults to ``etc/patroni/.pgpass``. This passfile is deleted when instance is deleted. - Fix a validation error when patroni watchdog device setting was not a file but a character device. Removals ++++++++ - Remove possibility to template ``logpath`` setting for Patroni We remove the placeholder ``{name}`` from default value for patroni ``logpath`` setting. Using the ``{name}`` within the patroni logpath is no longer supported, we now always append the instance name at the end of the logpath. - Extension schema field is now required. As a consequence, it's not possible to provide a list of extensions to install upon database creation in the CLI. - Extensions now have a "state" field. To drop an extension from a database users now have to explicitly use "state: absent". - ``log_directory`` for PostgreSQL is no longer created (automatically) by pglift. We remove the portion of code parsing the postgresql.conf and creating the corresponding log_directory. User should make sure the log_directory is present when they change this setting on postgresql.conf. - In pgBackRest settings, ``ca_cert`` is now a part of certificate field. ``pgbackrest.repository.ca_cert`` should now be defined as ``pgbackrest.repository.certificate.ca_cert``. - Pglift usage as root user is now prevented. According to PostgreSQL documentation, ``initdb`` or ``pg_ctl`` commands cannot be run as root. Documentation +++++++++++++ - The documentation explaining the steps to configure the site when using systemd in system mode has been changed to avoid calling pglift commands with ``sudo``. Misc. +++++ - Move command-line specific settings (``lock_file`` and ``logpath``) to a new ``cli`` field. v0.31.0 - 2023-02-28 ~~~~~~~~~~~~~~~~~~~~ Features ++++++++ - A new logrotate service has been added to generate logrotate configuration file for each instance. - The ``passfile`` site setting, under ``postgresql.auth`` section now accepts a ``null`` value in order to completely disable support for the password file. When disabled, ``--pgpass`` option to ``role`` commands are no longer available. - Validate existence of ``bindir`` fields set in ``postgresql.versions`` setting. Bug fixes +++++++++ - Define the ``cluster_name`` in ``postgresql.conf`` template file, thus allowing to create instances without the value (which used to be hard-coded from instance name). Removals ++++++++ - The ``pgpass`` field in ``roles`` items for an ``Instance`` is no longer supported (in Ansible or the declarative API). The field can still be specified on ``Role`` objects. - To enable SSL in PostgreSQL configuration file, in addition to setting ``ssl`` to ``true``, providing ``ssl_cert_file`` and ``ssl_key_file`` is required. The previous self-signed certificate is no longer generated. - No longer output the ``pgpass`` field when listing roles. Documentation +++++++++++++ - The commands for exporting the Ansible doc fragments have been simplified for the release workflow. Now it is only a copy of the data files already generated for the tests. - Add a note about the ability for devs to run systemd jobs on sourcehut. - Document sudo pre-requisites for systemd "system" mode with a sudoers entry example. v0.30.0 - 2023-02-06 ~~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Make it possible to specify the schema in which a database extension would be installed. Until now, when an extension was added to a database, the extension's objects were installed by default on the current schema of the database (usually ``public`` schema). Now, the name of the ``schema`` in which to install the extension's objects can be specified when adding or altering extensions, by specifying it in the manifest. - Add a ``-f/--follow`` option to ``instance logs`` command to follow log output and log file change. - Log create/alter/delete operations on database extensions. - Add support for TLS encryption settings for patroni REST API. - Log messages from pgBackRest commands: ``pgbackrest`` commands are now invoked with ``--log-level-stderr=info`` and respective messages are forwarded to pglift's logger at ``DEBUG`` level (as are all ``stderr`` messages from subprocesses). - Configure pgBackRest on standby instances, even in ``repository.path`` mode, removing a previous limitation from the implementation. In addition, when calling ``instance backup `` with ```` being a standby, ``pgbackrest`` is now invoked with ``--backup-standby`` option. - Setup pgbackrest on standby instances when using a remote repository. - Add support for TLS for Etcd for HA with Patroni via site-settings. - Make ``host_port`` and ``host_config`` item of pgbackrest's repo-host settings optional. - Separate server from client pgbackrest configuration in remote repository mode. - temboard-agent V8 is now needed for pglift, older versions are no longer supported. Bug fixes +++++++++ - Do not write the ``port`` value in ``postgresql.conf`` if it has the default value. - If any change in the configuration files is detected for prometheus or temboard, we now perform a restart of the services for the changes to take effect. - Fix possibly not working ``Exec`` command in postgresql systemd unit file. Removals ++++++++ - If pgbackrest is enabled, the stanza name must now be provided upon instance creation. - Temboard-agent SSL files are no longer auto-generated, their path must be provided in site-settings. The ``certificate`` field containing ``cert`` and ``key`` is required in temboard section. - CLI option ``--extension`` of ``database alter`` command has been removed. - CLI option ``--in-role`` of ``role alter`` command has been removed. - Patroni etcd ``host`` setting has been replaced by ``hosts``. - Configuration for etcd for HA with patroni is now managed in site settings. Etcd host can no longer be provided by user when creating an instance. Documentation +++++++++++++ - Update the Ansible tutorial to refer to the collection and simplify installation steps. - Warn about the prerequisites for using ``systemctl --user``. - Document patroni etcd ``hosts`` setting usage - Document Patroni security (TLS support) - Recommend to use systemd as a service manager when operating with pgBackRest in remote repository mode. Misc. +++++ - Add ``--pg1-path`` option to ``pgbackrest archive-push`` command set in PostgreSQL ``archive_command``. v0.29.0 - 2022-12-30 ~~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Improve warning message when failing to connect to primary instance in ``instance get``. - Make `replication` role a member of ``pg_read_all_stats``. - Add WAL sender state (from `pg_stat_replication `_ view) to standby information (as available in ``instance get`` command). - Export paths to PostgreSQL data and WAL directories when getting an Instance (e.g. through ``instance get -o json`` command). - Introduce ``$PGLIFT_CONFIG_PATH`` environment variable. This new variable allows users to provide a path to site configuration files to be taken into account prior to ``$XDG_CONFIG_HOME/pglift`` or ``/etc/pglift``. - Preserve user edits of Patroni configuration file. - Add support for pgbackrest remote host repository. Bug fixes +++++++++ - Catch JSON decode exception when parsing ``SETTINGS`` environment variable. This prevents showing a traceback when the json provided for ``SETTINGS`` environment variable is invalid. - Catch :class:`~pglift.exceptions.SettingsError` when loading site settings in CLI. Prevents displaying a traceback if there's an error when parsing the site settings YAML file. - Fix path to pglift in systemd service when using pre-built binary `ExecPath` in ``pglift-postgresql@`` systemd service which was wrongly set to an inexistent path. Removals ++++++++ - Require pgbackrest>=2.41 ``pglift instance backups`` now runs ``pgbackrest info --set= --output=json`` which only works since pgbackrest 2.41. - Hide ``standby.status`` field from ``instance get`` output: this field is not very useful since it will only appear on standby instances, which are by definition in *demoted* state. - Change priority order of site config files. Order is now xdg > etc > dist. - Improve instance privileges command help message - Drop `archive-push` section in global pgbackrest configuration. - Replace ``pgbackrest.repopath`` setting by ``pgbackrest.repository``, now an object with keys ``path`` and ``retention`` (see ``pglift site-settings --schema`` for details). The ``path`` field is now required and has no default value, in contrast with ``repopath`` previously. - The ``site-settings`` command output format is now YAML by default. Documentation +++++++++++++ - Add a section in docs for site configuration templates. - Explain how base pgBackRest configuration is installed, and how to override it. - Improve and clarify documentation about systemd in `system` mode. Misc. +++++ - Use pgbackrest's `recovery-option `_ when restoring a standby from a backup. - Only restart PostgreSQL upon configuration changes, not all satellite services. v0.28.0 - 2022-12-02 ~~~~~~~~~~~~~~~~~~~~ Features ++++++++ - If pgbackrest is enabled, log install and uninstall operations at ``site-configure``. - Configure systemd timer for instance backup with a randomized delay. - Add a ``--dry-run`` option to `apply` commands. - Add support for "force" option for database drop. - Improve logging when starting/stopping Prometheus `postgres_exporter` and `temboard-agent`. - Allow to pass any command to ``instance exec`` (not just Postgres commands or absolute ones as previously). - Make it possible to operate normal instances even when `patroni` is enabled in site settings. - Add support for PostgreSQL 15. - Make check for port availability more robust. - Improve `systemd` unit template for PostgreSQL. It is now defined as a ``Type=notify`` service and does not use a ``PIDFile`` anymore, following more closely what's suggested in `PostgreSQL documentation `_. Bug fixes +++++++++ - pglift 0.27.0 is now the minimum required version for the Ansible collection. - Fixed error during enabling/disabling temboard service with systemd caused by a bad service name. - Fix error in ``instance env`` command for a standby instance with pgbackrest enabled. - Only start Patroni once at instance creation (avoid a stop and a start). This should make concurrent setups (e.g. from Ansible targeting different hosts in parallel) work without dead-locking Patroni. - Avoid starting / stopping PostgreSQL many times at instance creation. Removals ++++++++ - The Ansible collection got moved to its `own repository `_. - Avoid useless ``pgbackrest start`` invocation after stanza creation. - Separate management of shared_preload_libraries and database extensions. The ``extensions`` key in instance's model has been dropped. To install extensions in an instance, you now need to provide the ``shared_preload_libraries`` in instance settings. - No longer error out, but simply warn, upon invalid Patroni configuration as reported by ``patroni --validate-config``. - Only validate generated Patroni configuration for Patroni version higher than 2.1.5. Documentation +++++++++++++ - Extend how to about standby management with Ansible to illustrate promote operation. - Add some details about `site configuration` in installation documentation. Misc. +++++ - Add a hidden ``--debug`` command-line flag to set log level to ``DEBUG`` and eventually get tracebacks displayed. - Unconditionally call ``pgbackrest stanza-create`` upon instance. re-configuration whereas this was previously only done at instance creation. Conversely, the ``--no-online`` option is used to avoid superfluous instance startup. On the other hand the ``pgbackrest check`` command is still only emitted at instance creation. - Add ``--output=json`` option to ``postgres_exporter apply`` command. - Rework systemd installation through site-configure hook. - Use pglift CLI in systemd unit for PostgreSQL. - Use `towncrier `_ to manage news fragments. v0.27.0 - 2022-11-02 ~~~~~~~~~~~~~~~~~~~~ Features ++++++++ - Support for RockyLinux 9 - Ability to provide a name for pgbackrest stanza - Handling of ``REASSIGN OWNED`` and ``DROP OWNED`` when dropping a role - Better handling of model validation errors in the CLI - Ability to create a database as a clone of an existing one - JSON output to ``instance env`` command - JSON output to ``apply`` sub-commands - Prometheus password change upon ``instance alter`` - Prometheus password kept upon instance upgrade - Raise a specific error if role being dropped has dependent database objects - Raise a specific error when Postgres binary directory for requested version does not exist Bug fixes +++++++++ - ``SETTINGS`` environment variable takes precedence over YAML setting file - Fix systemd service name for Patroni-managed instances - Fix service name inconsistency for temboard-agent - Entries of ``postgresql.conf``, set by ``initdb``, no longer commented - Fix a type error when retrieve instance environment from Ansible module - Replication password passed through environment when invoking ``pg_basebackup`` Removals ++++++++ - Field ``pgbackrest_restore`` excluded from ``instance get`` command output - Database auto discover in default postgres_exporter configuration - CLI option ``--json``, replaced by ``--output-format=json`` - Instance model's ``configuration``, renamed as ``settings``, to be consistent with eponymous field on Database objects - Standby's ``for`` field renamed as ``primary_conninfo`` in the declarative API Documentation +++++++++++++ - Added an example playbook for a standby instance - Fix settings in Ansible tutorial (``pgpass`` fields missing for ``surole`` and ``backuprole``) Misc. +++++ - Limit database connection openings in ``instance get`` - Installation of global pgbackrest configuration through ``site-configure`` command - Setting ``postgresql.versions`` now defined as a list - Use pglift CLI in Ansible modules, instead of the Python API - PyOxidizer configuration to build a binary version of pglift