PostgreSQL High-Availability Cluster :elephant: :sparkling_heart:

Production-ready PostgreSQL High-Availability Cluster (based on "Patroni" and DCS "etcd" or "consul"). Automating with Ansible.

The postgresql_cluster project is designed to deploy and manage high-availability PostgreSQL clusters in production environments. This solution is tailored for use on dedicated physical servers, virtual machines, and within both on-premises and cloud-based infrastructures.

This project not only facilitates the creation of new clusters but also offers support for integrating with pre-existing PostgreSQL instances. If you intend to upgrade your conventional PostgreSQL setup to a high-availability configuration, then just set postgresql_exists=true in the inventory file. Be aware that initiating cluster mode requires temporarily stopping your existing PostgreSQL service, which will lead to a brief period of database downtime. Please plan this transition accordingly.

:trophy: Use the sponsoring program to get personalized support, or just to contribute to this project.

Supported setups of Postgres Cluster

You have three schemes available for deployment:

1. PostgreSQL High-Availability only

This is simple scheme without load balancing (used by default).

Components of high availability:

• Patroni is a template for you to create your own customized, high-availability solution using Python and - for maximum accessibility - a distributed configuration store like ZooKeeper, etcd, Consul or Kubernetes. Used for automate the management of PostgreSQL instances and auto failover.

• etcd is a distributed reliable key-value store for the most critical data of a distributed system. etcd is written in Go and uses the Raft consensus algorithm to manage a highly-available replicated log. It is used by Patroni to store information about the status of the cluster and PostgreSQL configuration parameters.

What is Distributed Consensus?

To provide a single entry point (VIP) for database access is used "vip-manager".

• vip-manager (_optional, if the cluster_vip variable is specified_) is a service that gets started on all cluster nodes and connects to the DCS. If the local node owns the leader-key, vip-manager starts the configured VIP. In case of a failover, vip-manager removes the VIP on the old leader and the corresponding service on the new leader starts it there.

• PgBouncer (optional, if the pgbouncer_install variable is true) is a connection pooler for PostgreSQL.

2. PostgreSQL High-Availability with HAProxy Load Balancing

To use this scheme, specify with_haproxy_load_balancing: true in variable file vars/main.yml

This scheme provides the ability to distribute the load on reading. This also allows us to scale out the cluster (with read-only replicas).

• port 5000 (read / write) master
• port 5001 (read only) all replicas

if variable "synchronous_mode" is 'true' (vars/main.yml):

• port 5002 (read only) synchronous replica only
• port 5003 (read only) asynchronous replicas only

:heavy_exclamation_mark: Note: Your application must have support sending read requests to a custom port 5001, and write requests to port 5000.

Components of load balancing:

• HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications.

• confd manage local application configuration files using templates and data from etcd or consul. Used to automate HAProxy configuration file management.

• Keepalived (_optional, if the cluster_vip variable is specified_) provides a virtual high-available IP address (VIP) and single entry point for databases access. Implementing VRRP (Virtual Router Redundancy Protocol) for Linux. In our configuration keepalived checks the status of the HAProxy service and in case of a failure delegates the VIP to another server in the cluster.

3. PostgreSQL High-Availability with Consul Service Discovery (DNS)

To use this scheme, specify dcs_type: consul in variable file vars/main.yml

This scheme is suitable for master-only access and for load balancing (using DNS) for reading across replicas. Consul Service Discovery with DNS resolving is used as a client access point to the database.

Client access point (example):

• master.postgres-cluster.service.consul
• replica.postgres-cluster.service.consul

Besides, it can be useful for a distributed cluster across different data centers. We can specify in advance which data center the database server is located in and then use this for applications running in the same data center.

Example: replica.postgres-cluster.service.dc1.consul, replica.postgres-cluster.service.dc2.consul

It requires the installation of a consul in client mode on each application server for service DNS resolution (or use forward DNS to the remote consul server instead of installing a local consul client).

Compatibility

RedHat and Debian based distros (x86_64)

Supported Linux Distributions:

• Debian: 10, 11, 12
• Ubuntu: 20.04, 22.04
• CentOS: 7, 8
• CentOS Stream: 8, 9
• Oracle Linux: 7, 8, 9
• Rocky Linux: 8, 9
• AlmaLinux: 8, 9

PostgreSQL versions:

all supported PostgreSQL versions

:white_check_mark: tested, works fine: PostgreSQL 10, 11, 12, 13, 14, 15, 16

Table of results of daily automated testing of cluster deployment:	Distribution	Test result
Debian 10
Debian 11
Debian 12
Ubuntu 20.04
Ubuntu 22.04
CentOS Stream 8
CentOS Stream 9
Oracle Linux 8
Oracle Linux 9
Rocky Linux 8
Rocky Linux 9
AlmaLinux 8
AlmaLinux 9

Ansible version

Minimum supported Ansible version: 2.11.0

Requirements

This playbook requires root privileges or sudo.

Ansible (What is Ansible?)

if dcs_type: "consul", please install consul role requirements on the control node:

ansible-galaxy install -r roles/consul/requirements.yml

Port requirements

List of required TCP ports that must be open for the database cluster:

• 5432 (postgresql)
• 6432 (pgbouncer)
• 8008 (patroni rest api)
• 2379, 2380 (etcd)

for the scheme "[Type A] PostgreSQL High-Availability with Load Balancing":

• 5000 (haproxy - (read/write) master)
• 5001 (haproxy - (read only) all replicas)
• 5002 (haproxy - (read only) synchronous replica only)
• 5003 (haproxy - (read only) asynchronous replicas only)
• 7000 (optional, haproxy stats)

for the scheme "[Type C] PostgreSQL High-Availability with Consul Service Discovery (DNS)":

• 8300 (Consul Server RPC)
• 8301 (Consul Serf LAN)
• 8302 (Consul Serf WAN)
• 8500 (Consul HTTP API)
• 8600 (Consul DNS server)

Recommenations

• linux (Operation System):

Update your operating system on your target servers before deploying;

Make sure you have time synchronization is configured (NTP). Specify ntp_enabled:'true' and ntp_servers if you want to install and configure the ntp service.

• DCS (Distributed Consensus Store):

Fast drives and a reliable network are the most important factors for the performance and stability of an etcd (or consul) cluster.

Avoid storing etcd (or consul) data on the same drive along with other processes (such as the database) that are intensively using the resources of the disk subsystem! Store the etcd and postgresql data on different disks (see etcd_data_dir, consul_data_path variables), use ssd drives if possible. See hardware recommendations and tuning guides.

It is recommended to deploy the DCS cluster on dedicated servers, separate from the database servers.

• Placement of cluster members in different data centers:

If you’d prefer a cross-data center setup, where the replicating databases are located in different data centers, etcd member placement becomes critical.

There are quite a lot of things to consider if you want to create a really robust etcd cluster, but there is one rule: do not placing all etcd members in your primary data center. See some examples.

• How to prevent data loss in case of autofailover (synchronous_modes):

Due to performance reasons, a synchronous replication is disabled by default.

To minimize the risk of losing data on autofailover, you can configure settings in the following way:

• synchronous_mode: 'true'
• synchronous_mode_strict: 'true'
• synchronous_commit: 'on' (or 'remote_apply')

Deployment: quick start

0. Install Ansible on one control node (which could easily be a laptop)

sudo apt update && sudo apt install -y python3-pip sshpass git
pip3 install ansible

1. Download or clone this repository

git clone https://github.com/vitabaks/postgresql_cluster.git

2. Go to the playbook directory

cd postgresql_cluster/

3. Edit the inventory file

Specify (non-public) IP addresses and connection settings (ansible_user, ansible_ssh_pass or ansible_ssh_private_key_file for your environment

nano inventory

4. Edit the variable file vars/main.yml

nano vars/main.yml

Minimum set of variables:

• proxy_env # if required (for download packages)
• cluster_vip # for client access to databases in the cluster (optional)
• patroni_cluster_name
• postgresql_version
• postgresql_data_dir
• with_haproxy_load_balancing 'true' (Type A) or 'false'/default (Type B)
• dcs_type # "etcd" (default) or "consul" (Type C)

if dcs_type: "consul", please install consul role requirements on the control node:

ansible-galaxy install -r roles/consul/requirements.yml

5. Try to connect to hosts

ansible all -m ping

6. Run playbook:

ansible-playbook deploy_pgcluster.yml

Deploy Cluster with TimescaleDB

To deploy a PostgreSQL High-Availability Cluster with the TimescaleDB extension, you just need to add the enable_timescale variable.

Example:

ansible-playbook deploy_pgcluster.yml -e "enable_timescale=true"

Variables

See the vars/main.yml, system.yml and (Debian.yml or RedHat.yml) files for more details.

Cluster Scaling

After you successfully deployed your PostgreSQL HA cluster, you may need to scale it further. \ Use the add_pgnode.yml playbook for this.

Restore and Cloning

Create new clusters from your existing backups with pgBackRest or WAL-G \ Point-In-Time-Recovery

Maintenance

I recommend that you study the following materials for further maintenance of the cluster:

• Tutorial: Management of High-Availability PostgreSQL clusters with Patroni
• Patroni documentation
• etcd operations guide

Changing PostgreSQL configuration parameters

To change the PostgreSQL configuration in a cluster using automation:

1. Update the postgresql_parameters variable with the desired parameter changes.
   • Note: Optionally, set pending_restart: true to automatically restart PostgreSQL if a parameter change requires it.
2. Execute the config_pgcluster.yml playbook to apply the changes.

Using Git for cluster configuration management (IaC/GitOps)

Infrastructure as Code (IaC) is the managing and provisioning of infrastructure through code instead of through manual processes. \ GitOps automates infrastructure updates using a Git workflow with continuous integration (CI) and continuous delivery (CI/CD). When new code is merged, the CI/CD pipeline enacts the change in the environment. Any configuration drift, such as manual changes or errors, is overwritten by GitOps automation so the environment converges on the desired state defined in Git.

Once the cluster is deployed, you can use the config_pgcluster.yml playbook to integrate with Git to manage cluster configurations. \ For example, GitHub Action (link), GitLab CI/CD (link)

Details about IaC and GitOps:

• What is GitOps?
• What is Infrastructure as Code (IaC)?

Update the PostgreSQL HA Cluster

Use the update_pgcluster.yml playbook for update the PostgreSQL HA Cluster to a new minor version (for example 15.1->15.2, and etc).

More details here

PostgreSQL major upgrade

Use the pg_upgrade.yml playbook to upgrade the PostgreSQL to a new major version (for example 14->15, and etc).

More details here

Disaster Recovery

A high availability cluster provides an automatic failover mechanism, and does not cover all disaster recovery scenarios. You must take care of backing up your data yourself.

etcd

Patroni nodes are dumping the state of the DCS options to disk upon for every change of the configuration into the file patroni.dynamic.json located in the Postgres data directory. The master (patroni leader) is allowed to restore these options from the on-disk dump if these are completely absent from the DCS or if they are invalid.

However, I recommend that you read the disaster recovery guide for the etcd cluster:

• etcd disaster recovery

PostgreSQL (databases)

I can recommend the following backup and restore tools:

• pgbackrest
• pg_probackup
• wal-g

Do not forget to validate your backups (for example pgbackrest auto).

How to start from scratch

Should you need to start from very beginning, use the playbook remove_cluster.yml.

To prevent the script to be used by accident in a production environment, edit remove_cluster.yml and remove the safety pin. Change these variables accordingly:

• remove_postgres: true
• remove_etcd: true (or remove_consul)

Run the script and all the data are gone.

ansible-playbook remove_cluster.yml

A new installation can now be made from scratch.

:heavy_exclamation_mark: Be careful not to copy this script without the safety pin to the production environment.

Sponsor this project

Join our sponsorship program to directly contribute to our project's growth and gain exclusive access to personalized support. Your sponsorship is crucial for innovation and progress. Become a sponsor today!

Support our work through GitHub Sponsors

Support our work through Patreon

Support our work through a crypto wallet:

USDT (TRC20): TSTSXZzqDCUDHDjZwCpuBkdukjuDZspwjj

License

Licensed under the MIT License. See the LICENSE file for details.

Author

Vitaliy Kukharik (PostgreSQL DBA) \ vitabaks@gmail.com

Feedback, bug-reports, requests, ...

Are welcome!