Launchpad Mojo Specs

Merge ~cjwatson/launchpad-mojo-specs:lp-db into launchpad-mojo-specs:master

  1. Git
  2. lp:~cjwatson/launchpad-mojo-specs
  3. lp-db
  4. Merge into master
Proposed by Colin Watson
Status: Needs review
Proposed branch: ~cjwatson/launchpad-mojo-specs:lp-db
Merge into: launchpad-mojo-specs:master
Diff against target: 519 lines (+408/-0)
18 files modified
lp-db/README.md (+26/-0)
lp-db/bundle.yaml (+154/-0)
lp-db/configs/custom-secgroups-qastaging.yaml (+46/-0)
lp-db/configs/custom-secgroups-staging.yaml (+55/-0)
lp-db/manifest (+1/-0)
lp-db/manifest-verify (+1/-0)
lp-db/manifests/deploy (+5/-0)
lp-db/manifests/secgroups (+1/-0)
lp-db/manifests/verify (+4/-0)
lp-db/predeploy (+9/-0)
lp-db/qastaging/extra_pg.conf (+30/-0)
lp-db/qastaging/pgbouncer_databases.ini (+4/-0)
lp-db/qastaging/pgbouncer_extra_config.txt (+14/-0)
lp-db/staging/extra_pg.conf (+31/-0)
lp-db/staging/pgbouncer_databases.ini (+4/-0)
lp-db/staging/pgbouncer_extra_config.txt (+14/-0)
lp-db/utils (+1/-0)
lp-db/verify (+8/-0)
Reviewer Review Type Date Requested Status
Jürgen Gmach Approve
Simone Pelosi Approve
Review via email: mp+456432@code.launchpad.net

Commit message

lp-db: New spec

Description of the change

I agreed with William that we should keep our PostgreSQL databases in a separate environment even once we start deploying them using our own Mojo specs, which means we need a standalone spec for them. So far this only handles staging and qastaging, but it can be expanded to cover production as well in the future.

The current staging and qastaging databases are sort of deployed using this, but we really need to upgrade them to PostgreSQL 12 before `mojo run` will work properly.

To post a comment you must log in.
Revision history for this message
Simone Pelosi (pelpsi) wrote :

LGTM!

review: Approve
Reply
Revision history for this message
Jürgen Gmach (jugmac00) :
review: Needs Fixing
Reply
Revision history for this message
Jürgen Gmach (jugmac00) :
review: Approve
Reply
Revision history for this message
Simone Pelosi (pelpsi) wrote :

Please, merge this only when Postgresql is upgraded to version 12.

Reply
Revision history for this message
Colin Watson (cjwatson) wrote :

That might not be a good plan. At least as I'd planned it in November, the path to upgrading PostgreSQL to version 12 required first deploying a new production DB environment using this spec, temporarily manually installing PostgreSQL 10 in it so that it can be replicated from the current primary, switching the primary to this one, and then upgrading. (Otherwise you'd have to get PostgreSQL 12 wedged into the current cluster, which IIRC is on bionic, and that seemed worse.)

But I suppose it would be possible to just deploy the new production environment from this branch. I don't think it makes a whole lot of difference either way.

Reply

Unmerged commits

e8f2d09... by Colin Watson

lp-db: New spec

I agreed with William that we should keep our PostgreSQL databases in a
separate environment even once we start deploying them using our own
Mojo specs, which means we need a standalone spec for them. So far this
only handles staging and qastaging, but it can be expanded to cover
production as well in the future.

Succeeded
[SUCCEEDED] lint:0 (build)
11 of 1 result FirstPreviousNextLast

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/lp-db/README.md b/lp-db/README.md
2new file mode 100644
3index 0000000..54a263a
4--- /dev/null
5+++ b/lp-db/README.md
6@@ -0,0 +1,26 @@
7+# Launchpad standalone database deployment
8+
9+This spec deploys the Launchpad PostgreSQL database. While the `lp` spec
10+also supports deploying PostgreSQL directly to keep local test deployments
11+simple, for non-test deployments we prefer to deploy PostgreSQL separately
12+from the rest of Launchpad to reduce the risk of ordinary code deployments
13+causing database havoc due to Juju bugs.
14+
15+You can run this spec locally using Juju's LXD support and Mojo. First,
16+configure your environment:
17+
18+ export MOJO_ROOT="$HOME/.local/share/mojo"
19+ export MOJO_PROJECT=mojo-lp-db
20+ export MOJO_WORKSPACE=devel
21+ export MOJO_SERIES=focal
22+ export MOJO_SPEC=git+https://git.launchpad.net/launchpad-mojo-specs
23+ export MOJO_STAGE=lp-db/devel
24+
25+Then run the spec using Mojo:
26+
27+ mojo project-new -c containerless
28+ mojo workspace-new
29+ mojo run
30+
31+See the "Initial database setup" section of `lp/README.md` for how to set up
32+the contents of the database.
33diff --git a/lp-db/bundle.yaml b/lp-db/bundle.yaml
34new file mode 100644
35index 0000000..7382b8c
36--- /dev/null
37+++ b/lp-db/bundle.yaml
38@@ -0,0 +1,154 @@
39+{#- Defaults. #}
40+{%- set cron_mailto = "launchpad-error-reports@lists.canonical.com" %}
41+{#- Address of corresponding launchpad-db-update unit. #}
42+{%- set db_update_ip = "" %}
43+{%- set devel = False %}
44+{#- Network where this bundle is deployed. #}
45+{%- set local_network = "" %}
46+
47+{%- if stage_name == "production" %}
48+{%- set dbname_launchpad = "launchpad_prod" %}
49+{%- set dbname_session = "session_prod" %}
50+{%- set nagios_context = "prod-launchpad" %}
51+{%- set nagios_hostgroups = "prodstack-lp" %}
52+{%- set nagios_master = "nagios.ps5.internal" %}
53+{%- set postgresql_constraints = "cores=16 mem=256G root-disk=3000G root-disk-source=local" %}
54+{%- set postgresql_num_units = 3 %}
55+{%- elif stage_name == "staging" %}
56+{%- set db_update_ip = "10.132.54.153" %}
57+{%- set dbname_launchpad = "lpmain_staging" %}
58+{%- set dbname_session = "session_staging" %}
59+{%- set local_network = "10.132.64.0/24" %}
60+{%- set nagios_context = "staging-launchpad" %}
61+{%- set nagios_hostgroups = "stagingstack-lp" %}
62+{%- set nagios_master = "devops-nagios.ps5.internal" %}
63+{%- set postgresql_constraints = "cores=8 mem=16G root-disk=3000G root-disk-source=local" %}
64+{%- set postgresql_num_units = 2 %}
65+{%- elif stage_name == "qastaging" %}
66+{%- set db_update_ip = "10.132.54.103" %}
67+{%- set dbname_launchpad = "launchpad_qastaging" %}
68+{%- set dbname_session = "session_qastaging" %}
69+{%- set local_network = "10.132.223.0/24" %}
70+{%- set nagios_context = "qastaging-launchpad" %}
71+{%- set nagios_hostgroups = "stagingstack-lp" %}
72+{%- set nagios_master = "devops-nagios.ps5.internal" %}
73+{%- set postgresql_constraints = "cores=8 mem=16G root-disk=1500G root-disk-source=local" %}
74+{%- set postgresql_num_units = 2 %}
75+{%- else %}
76+{%- set cron_mailto = "error-reports@launchpad.test" %}
77+{%- set dbname_launchpad = "launchpad_dev" %}
78+{%- set dbname_session = "session_dev" %}
79+{%- set devel = True %}
80+{%- set nagios_context = "devel-launchpad" %}
81+{%- set nagios_hostgroups = "devel-lp" %}
82+{#- The configured nagios_master doesn't have to be real, but it does have
83+ to resolve. #}
84+{%- set nagios_master = "localhost" %}
85+{%- set postgresql_num_units = 1 %}
86+{%- endif -%}
87+
88+series: focal
89+applications:
90+ postgresql:
91+ charm: ch:postgresql
92+ channel: latest/stable
93+ revision: 345
94+ constraints: "{{ postgresql_constraints }}"
95+ num_units: {{ postgresql_num_units }}
96+ options:
97+ admin_addresses: "127.0.0.1"
98+{%- if stage_name == "staging" %}
99+{#- Backups of staging take a long time, and they interfere with the weekly
100+ restore of staging from production. They aren't very useful due to that
101+ weekly restore, so just disable them. #}
102+ backup_schedule: ""
103+{%- endif %}
104+ extra_pg_auth: |-
105+{%- if stage_name == "production" %}
106+ # Slony, running in the sso-db Juju environment.
107+ host launchpad_prod slony 162.213.33.34/32 md5
108+ host launchpad_prod slony 10.131.151.0/24 md5
109+{%- endif %}
110+ # pgbouncer connections, from localhost and from other trusted
111+ # machines.
112+ local {{ dbname_launchpad }} all trust
113+ local {{ dbname_session }} all trust
114+{%- if local_network %}
115+ host {{ dbname_launchpad }} all {{ local_network }} trust
116+ host {{ dbname_session }} all {{ local_network }} trust
117+{%- endif %}
118+{%- if stage_name in ("staging", "qastaging") %}
119+ host replication stgreplication 10.22.112.54/32 trust # pamola.internal
120+ host replication stgreplication 10.22.112.55/32 trust # pherkad.internal
121+{%- endif %}
122+{%- if db_update_ip %}
123+ # Allow direct access from launchpad-db-update unit.
124+ host all all {{ db_update_ip }}/32 md5
125+{%- endif %}
126+ extra_pg_conf: "include-file://{{ spec_dir }}/{{ stage }}/extra_pg.conf"
127+{%- if not devel %}
128+ manual_replication: true
129+{%- endif %}
130+ package_status: "hold"
131+ version: "12"
132+ launchpad-postgresql-extras:
133+ charm: ch:launchpad-postgresql-extras
134+ channel: stable
135+ revision: 2
136+ options:
137+ cron_mailto: "{{ cron_mailto }}"
138+{%- if not devel %}
139+ install_keys: |
140+ - null
141+ install_sources: |
142+ - ppa:canonical-is-sa/ubuntu/launchpad
143+{%- endif %}
144+{%- if stage_name in ("qastaging", "staging") %}
145+ pgbouncer_db_config: "include-file://{{ spec_dir }}/{{ stage }}/pgbouncer_databases.ini"
146+ pgbouncer_extra_config: "include-file://{{ spec_dir }}/{{ stage }}/pgbouncer_extra_config.txt"
147+ pgbouncer_userlist: "include-file://{{ local_dir }}/userlist.txt"
148+{%- endif %}
149+{%- if stage_name == "production" %}
150+ postfix-relay:
151+ charm: ch:postfix-relay
152+ channel: stable
153+ revision: 9
154+ options:
155+{#- postfix-relay/smtp_auth_username and postfix-relay/smtp_auth_password
156+ must be set in secrets. #}
157+ relayhost: "[launchpad.smtp.canonical.com]:25"
158+{%- endif %}
159+ nrpe:
160+ charm: ch:nrpe
161+ channel: stable
162+ revision: 106
163+ options:
164+ export_nagios_definitions: true
165+ hostgroups: "{{ nagios_hostgroups }}"
166+ nagios_host_context: "{{ nagios_context }}"
167+ nagios_hostname_type: host
168+ nagios_master: "{{ nagios_master }}"
169+ space_check: |
170+ check: auto
171+ auto_params: "-w 15% -c 10% -K 5%"
172+ swap: ""
173+ swap_activity: ""
174+{%- if not devel %}
175+ telegraf:
176+ charm: ch:telegraf
177+ channel: stable
178+ revision: 73
179+ expose: true
180+ options:
181+ install_method: snap
182+{%- endif %}
183+relations:
184+ - ["postgresql", "launchpad-postgresql-extras"]
185+{%- if stage_name == "production" %}
186+ - ["postfix-relay", "postgresql"]
187+{%- endif %}
188+ - ["nrpe:nrpe-external-master", "postgresql:nrpe-external-master"]
189+{%- if not devel %}
190+ - ["telegraf:juju-info", "postgresql:juju-info"]
191+ - ["telegraf:postgresql", "postgresql:db-admin"]
192+{%- endif %}
193diff --git a/lp-db/configs/custom-secgroups-qastaging.yaml b/lp-db/configs/custom-secgroups-qastaging.yaml
194new file mode 100644
195index 0000000..6b8a8a4
196--- /dev/null
197+++ b/lp-db/configs/custom-secgroups-qastaging.yaml
198@@ -0,0 +1,46 @@
199+applications:
200+ nrpe:
201+ type: neutron
202+ rules:
203+ - nagios-monitored
204+ postgresql:
205+ type: neutron
206+ rules:
207+ - legacy-postgresql
208+ - postgresql
209+ - pgbouncer
210+ telegraf:
211+ type: neutron
212+ rules:
213+ - metrics
214+rules:
215+ legacy-postgresql:
216+ # pherkad
217+ - {"protocol": "tcp", "family": "IPv4", "port": 5432, "cidr": "10.22.112.55/32"}
218+ # pamola
219+ - {"protocol": "tcp", "family": "IPv4", "port": 5432, "cidr": "10.22.112.54/32"}
220+ metrics:
221+ # Allow IS Prometheus to scrape telegraf.
222+ # 3FP
223+ - {"protocol": "tcp", "family": "IPv4", "port": 9103, "cidr": "91.189.94.59/32"}
224+ - {"protocol": "tcp", "family": "IPv4", "port": 9103, "cidr": "91.189.94.60/32"}
225+ - {"protocol": "tcp", "family": "IPv6", "port": 9103, "cidr": "2001:67c:1561:8008::13/128"}
226+ - {"protocol": "tcp", "family": "IPv6", "port": 9103, "cidr": "2001:67c:1561:8008::14/128"}
227+ # IL3
228+ - {"protocol": "tcp", "family": "IPv4", "port": 9103, "cidr": "185.125.190.67/32"}
229+ - {"protocol": "tcp", "family": "IPv4", "port": 9103, "cidr": "185.125.190.68/32"}
230+ - {"protocol": "tcp", "family": "IPv6", "port": 9103, "cidr": "2620:2d:4000:1::67/128"}
231+ - {"protocol": "tcp", "family": "IPv6", "port": 9103, "cidr": "2620:2d:4000:1::68/128"}
232+ nagios-monitored:
233+ # Allow monitoring from devops-nagios.ps5.internal.
234+ - {"protocol": "tcp", "family": "IPv4", "port": 22, "cidr": "10.131.26.77/32"}
235+ - {"protocol": "tcp", "family": "IPv4", "port": 873, "cidr": "10.131.26.77/32"}
236+ - {"protocol": "tcp", "family": "IPv4", "port": 5666, "cidr": "10.131.26.77/32"}
237+ - {"protocol": "icmp", "family": "IPv4", "cidr": "10.131.26.77/32"}
238+ pgbouncer:
239+ # stg-launchpad@launchpad-bastion-ps5 (firewall rules apply finer-grained ACLs)
240+ - {"protocol": "tcp", "family": "IPv4", "port": 5433, "cidr": "10.132.54.0/24"}
241+ postgresql:
242+ # stg-launchpad@launchpad-bastion-ps5 (firewall rules apply
243+ # finer-grained ACLs; this is just for launchpad-db-update)
244+ - {"protocol": "tcp", "family": "IPv4", "port": 5432, "cidr": "10.132.54.0/24"}
245diff --git a/lp-db/configs/custom-secgroups-staging.yaml b/lp-db/configs/custom-secgroups-staging.yaml
246new file mode 100644
247index 0000000..e690c9a
248--- /dev/null
249+++ b/lp-db/configs/custom-secgroups-staging.yaml
250@@ -0,0 +1,55 @@
251+applications:
252+ nrpe:
253+ type: neutron
254+ rules:
255+ - nagios-monitored
256+ postgresql:
257+ type: neutron
258+ rules:
259+ - legacy-postgresql
260+ - pgbouncer
261+ - postgresql
262+ - push-backups
263+ telegraf:
264+ type: neutron
265+ rules:
266+ - metrics
267+rules:
268+ legacy-postgresql:
269+ # pamola
270+ - {"protocol": "tcp", "family": "IPv4", "port": 5432, "cidr": "10.22.112.54/32"}
271+ # pherkad
272+ - {"protocol": "tcp", "family": "IPv4", "port": 5432, "cidr": "10.22.112.55/32"}
273+ metrics:
274+ # Allow IS Prometheus to scrape telegraf.
275+ # 3FP
276+ - {"protocol": "tcp", "family": "IPv4", "port": 9103, "cidr": "91.189.94.59/32"}
277+ - {"protocol": "tcp", "family": "IPv4", "port": 9103, "cidr": "91.189.94.60/32"}
278+ - {"protocol": "tcp", "family": "IPv6", "port": 9103, "cidr": "2001:67c:1561:8008::13/128"}
279+ - {"protocol": "tcp", "family": "IPv6", "port": 9103, "cidr": "2001:67c:1561:8008::14/128"}
280+ # IL3
281+ - {"protocol": "tcp", "family": "IPv4", "port": 9103, "cidr": "185.125.190.67/32"}
282+ - {"protocol": "tcp", "family": "IPv4", "port": 9103, "cidr": "185.125.190.68/32"}
283+ - {"protocol": "tcp", "family": "IPv6", "port": 9103, "cidr": "2620:2d:4000:1::67/128"}
284+ - {"protocol": "tcp", "family": "IPv6", "port": 9103, "cidr": "2620:2d:4000:1::68/128"}
285+ nagios-monitored:
286+ # Allow monitoring from devops-nagios.ps5.internal.
287+ - {"protocol": "tcp", "family": "IPv4", "port": 22, "cidr": "10.131.26.77/32"}
288+ - {"protocol": "tcp", "family": "IPv4", "port": 873, "cidr": "10.131.26.77/32"}
289+ - {"protocol": "tcp", "family": "IPv4", "port": 5666, "cidr": "10.131.26.77/32"}
290+ - {"protocol": "icmp", "family": "IPv4", "cidr": "10.131.26.77/32"}
291+ pgbouncer:
292+ # stg-launchpad@launchpad-bastion-ps5 (firewall rules apply finer-grained ACLs)
293+ - {"protocol": "tcp", "family": "IPv4", "port": 5433, "cidr": "10.132.54.0/24"}
294+ # Staging SSO DB
295+ - {"protocol": "tcp", "family": "IPv4", "port": 5433, "cidr": "10.22.112.57/32"}
296+ - {"protocol": "tcp", "family": "IPv4", "port": 5433, "cidr": "10.22.112.58/32"}
297+ - {"protocol": "tcp", "family": "IPv4", "port": 5433, "cidr": "10.132.34.0/24"}
298+ - {"protocol": "tcp", "family": "IPv4", "port": 5433, "cidr": "10.132.211.0/24"}
299+ postgresql:
300+ # stg-launchpad@launchpad-bastion-ps5 (firewall rules apply
301+ # finer-grained ACLs; this is just for launchpad-db-update)
302+ - {"protocol": "tcp", "family": "IPv4", "port": 5432, "cidr": "10.132.54.0/24"}
303+ push-backups:
304+ # wildcherry
305+ - {"protocol": "tcp", "family": "IPv4", "port": 22, "cidr": "91.189.90.38/32"}
306diff --git a/lp-db/manifest b/lp-db/manifest
307new file mode 120000
308index 0000000..e1c38b1
309--- /dev/null
310+++ b/lp-db/manifest
311@@ -0,0 +1 @@
312+manifests/deploy
313\ No newline at end of file
314diff --git a/lp-db/manifest-verify b/lp-db/manifest-verify
315new file mode 120000
316index 0000000..6e02de4
317--- /dev/null
318+++ b/lp-db/manifest-verify
319@@ -0,0 +1 @@
320+manifests/verify
321\ No newline at end of file
322diff --git a/lp-db/manifests/deploy b/lp-db/manifests/deploy
323new file mode 100644
324index 0000000..3ee5195
325--- /dev/null
326+++ b/lp-db/manifests/deploy
327@@ -0,0 +1,5 @@
328+script config=predeploy
329+bundle config=bundle.yaml local=deploy-secrets status-timeout=3600
330+juju-check-wait
331+include config=manifests/secgroups
332+include config=manifests/verify
333diff --git a/lp-db/manifests/secgroups b/lp-db/manifests/secgroups
334new file mode 100644
335index 0000000..8c438ee
336--- /dev/null
337+++ b/lp-db/manifests/secgroups
338@@ -0,0 +1 @@
339+script config=utils/custom-secgroups.py SKIP_STAGES=devel
340diff --git a/lp-db/manifests/verify b/lp-db/manifests/verify
341new file mode 100644
342index 0000000..f25f902
343--- /dev/null
344+++ b/lp-db/manifests/verify
345@@ -0,0 +1,4 @@
346+juju-check-wait
347+# It occasionally takes a little while for all the servers to start
348+# accepting connections.
349+verify retry=3
350diff --git a/lp-db/predeploy b/lp-db/predeploy
351new file mode 100755
352index 0000000..bf98e70
353--- /dev/null
354+++ b/lp-db/predeploy
355@@ -0,0 +1,9 @@
356+#! /bin/sh
357+set -e
358+
359+TOP="${0%/*}"
360+
361+# Ensure that deploy-secrets exists.
362+"$TOP/utils/set-local-config" --bundle lp-db
363+
364+exit 0
365diff --git a/lp-db/qastaging/extra_pg.conf b/lp-db/qastaging/extra_pg.conf
366new file mode 100644
367index 0000000..bfda731
368--- /dev/null
369+++ b/lp-db/qastaging/extra_pg.conf
370@@ -0,0 +1,30 @@
371+autovacuum = True
372+autovacuum_analyze_scale_factor = 0.01
373+autovacuum_analyze_threshold = 50
374+autovacuum_vacuum_cost_delay = -1 # RT#130656
375+autovacuum_vacuum_scale_factor = 0.05
376+datestyle = 'iso, mdy'
377+default_statistics_target = 500
378+effective_cache_size = 150GB
379+fsync = True
380+full_page_writes = True
381+hot_standby_feedback = True
382+log_autovacuum_min_duration = 0
383+log_destination = 'stderr'
384+log_lock_waits = True
385+log_min_duration_statement = 10000
386+log_temp_files = 20MB
387+log_timezone = UTC
388+maintenance_work_mem = 1GB
389+max_connections = 4250
390+max_prepared_transactions = 0
391+max_wal_size = 256MB
392+random_page_cost = 1.2
393+search_path = '"$user",public'
394+shared_buffers = 8GB
395+standard_conforming_strings = False
396+synchronous_commit = on
397+temp_buffers = 1MB
398+wal_keep_segments = 10000
399+wal_level = replica
400+work_mem = 20MB
401diff --git a/lp-db/qastaging/pgbouncer_databases.ini b/lp-db/qastaging/pgbouncer_databases.ini
402new file mode 100644
403index 0000000..a7ea046
404--- /dev/null
405+++ b/lp-db/qastaging/pgbouncer_databases.ini
406@@ -0,0 +1,4 @@
407+[databases]
408+session_qastaging = dbname=session_qastaging host=database-ps5-1.qastaging.lp.internal port=5432
409+launchpad_qastaging = dbname=launchpad_qastaging host=database-ps5-1.qastaging.lp.internal port=5432
410+launchpad_qastaging_standby1 = dbname=launchpad_qastaging host=database-ps5-2.qastaging.lp.internal port=5432
411diff --git a/lp-db/qastaging/pgbouncer_extra_config.txt b/lp-db/qastaging/pgbouncer_extra_config.txt
412new file mode 100644
413index 0000000..46d9525
414--- /dev/null
415+++ b/lp-db/qastaging/pgbouncer_extra_config.txt
416@@ -0,0 +1,14 @@
417+client_login_timeout = 5
418+default_pool_size = 100
419+ignore_startup_parameters = application_name
420+log_connections = 1
421+log_disconnections = 1
422+log_pooler_errors = 1
423+max_client_conn = 1000
424+pool_mode = session
425+reserve_pool_size = 10
426+reserve_pool_timeout = 3
427+server_check_delay = 60
428+server_idle_timeout = 30
429+stats_users = postgres,nagios,pgbouncer
430+tcp_keepalive = 1
431diff --git a/lp-db/staging/extra_pg.conf b/lp-db/staging/extra_pg.conf
432new file mode 100644
433index 0000000..96f3a9f
434--- /dev/null
435+++ b/lp-db/staging/extra_pg.conf
436@@ -0,0 +1,31 @@
437+autovacuum = True
438+autovacuum_analyze_scale_factor = 0.01
439+autovacuum_analyze_threshold = 50
440+autovacuum_vacuum_cost_delay = -1 # RT#130656
441+autovacuum_vacuum_scale_factor = 0.05
442+datestyle = 'iso, mdy'
443+default_statistics_target = 500
444+effective_cache_size = 150GB
445+fsync = True
446+full_page_writes = True
447+hot_standby_feedback = True
448+log_autovacuum_min_duration = 0
449+log_destination = 'stderr'
450+log_lock_waits = True
451+log_min_duration_statement = 10000
452+log_temp_files = 20MB
453+log_timezone = UTC
454+maintenance_work_mem = 1GB
455+max_connections = 4250
456+max_prepared_transactions = 0
457+max_wal_size = 256MB
458+random_page_cost = 1.2
459+search_path = '"$user",public'
460+shared_buffers = 8GB
461+standard_conforming_strings = False
462+synchronous_commit = on
463+temp_buffers = 1MB
464+# 320GB! Streaming replication buffer for staging restores.
465+wal_keep_segments = 20000
466+wal_level = replica
467+work_mem = 20MB
468diff --git a/lp-db/staging/pgbouncer_databases.ini b/lp-db/staging/pgbouncer_databases.ini
469new file mode 100644
470index 0000000..956b901
471--- /dev/null
472+++ b/lp-db/staging/pgbouncer_databases.ini
473@@ -0,0 +1,4 @@
474+[databases]
475+session_staging = dbname=session_staging host=database-ps5-1.staging.lp.internal port=5432
476+launchpad_staging = dbname=lpmain_staging host=database-ps5-1.staging.lp.internal port=5432
477+launchpad_staging_standby1 = dbname=lpmain_staging host=database-ps5-2.staging.lp.internal port=5432
478diff --git a/lp-db/staging/pgbouncer_extra_config.txt b/lp-db/staging/pgbouncer_extra_config.txt
479new file mode 100644
480index 0000000..46d9525
481--- /dev/null
482+++ b/lp-db/staging/pgbouncer_extra_config.txt
483@@ -0,0 +1,14 @@
484+client_login_timeout = 5
485+default_pool_size = 100
486+ignore_startup_parameters = application_name
487+log_connections = 1
488+log_disconnections = 1
489+log_pooler_errors = 1
490+max_client_conn = 1000
491+pool_mode = session
492+reserve_pool_size = 10
493+reserve_pool_timeout = 3
494+server_check_delay = 60
495+server_idle_timeout = 30
496+stats_users = postgres,nagios,pgbouncer
497+tcp_keepalive = 1
498diff --git a/lp-db/utils b/lp-db/utils
499new file mode 120000
500index 0000000..468ba70
501--- /dev/null
502+++ b/lp-db/utils
503@@ -0,0 +1 @@
504+../utils
505\ No newline at end of file
506diff --git a/lp-db/verify b/lp-db/verify
507new file mode 100755
508index 0000000..df9e6ef
509--- /dev/null
510+++ b/lp-db/verify
511@@ -0,0 +1,8 @@
512+#! /bin/sh
513+set -e
514+
515+TOP="${0%/*}"
516+
517+export EXTRA_SKIP_CHECKS="check_swap${EXTRA_SKIP_CHECKS:+|${EXTRA_SKIP_CHECKS}}"
518+
519+exec "$TOP/utils/verify"

Subscribers

People subscribed via source and target branches