hashicorp / boundary

Boundary enables identity-based access management for dynamic infrastructure.
https://boundaryproject.io
Other
3.86k stars 289 forks source link

Postgres multimaster support #4934

Open hillout opened 4 months ago

hillout commented 4 months ago

Is your feature request related to a problem? Please describe. I have a two node Postgres multimaster cluster based on repmgr bitnami. One node has a primary status, whereas the second node has secondary status. In case of failure secondary became a primary and vice versa.

Describe the solution you'd like Keycloak for example can use this type of configuration by using configuration like this: postgresql://db1-keycloak.domain.org:5432,db2-keycloak.domain.org:5432/keycloak?connectTimeout=1&hostRecheckSeconds=2&socketTimeout=600&targetServerType=primary&ssl=true&sslmode=require

Would be nice if boundary controller had such support as well.

Describe alternatives you've considered Alternative for me is using reverse proxy, which I'd wanna avoid.

achetronic commented 3 months ago

Hey @hillout this can be useful for you:

https://github.com/achetronic/pg-selector

Basically it creates a service that always point to the master. I have the same setup and it's working fine :)

hillout commented 3 months ago

@achetronic hi! Thanks for the tip.

For now I'm dealing with this by using VRRP and Keepalived, so both primary and secondary utilize one IP and VIP is on "primary" whilst its state persist, once secondary become "primary" VIP goes to this node.

achetronic commented 3 months ago

@achetronic hi! Thanks for the tip.

For now I'm dealing with this by using VRRP and Keepalived, so both primary and secondary utilize one IP and VIP is on "primary" whilst its state persist, once secondary become "primary" VIP goes to this node.

Welcome! In my repos you will find a lot of useful tools for a variety of use cases :)

The solution seems to be much more complex. How does it work?