From e98c913f864ad26c2a81cdba77b7ffdf97c13282 Mon Sep 17 00:00:00 2001 From: larsux <47422541+larsux@users.noreply.github.com> Date: Wed, 15 May 2024 20:47:33 +0200 Subject: [PATCH] Add postgresql option target_session_attrs (#1847) Signed-off-by: Lars Wildemann --- .helm/starter/templates/postgres-config.yaml | 1 + docs/user-guide/database-configuration.md | 3 +++ roles/installer/tasks/database_configuration.yml | 1 + roles/installer/templates/settings/credentials.py.j2 | 6 ++++++ 4 files changed, 11 insertions(+) diff --git a/.helm/starter/templates/postgres-config.yaml b/.helm/starter/templates/postgres-config.yaml index 4a1d9ecbe..12bb2836c 100644 --- a/.helm/starter/templates/postgres-config.yaml +++ b/.helm/starter/templates/postgres-config.yaml @@ -12,6 +12,7 @@ stringData: username: {{ .username }} password: {{ .password }} sslmode: {{ .sslmode }} + target_session_attrs: {{ .target_session_attrs | default "any" }} type: {{ .type }} type: Opaque {{- end }} diff --git a/docs/user-guide/database-configuration.md b/docs/user-guide/database-configuration.md index 2f1bcffe8..af5714d7b 100644 --- a/docs/user-guide/database-configuration.md +++ b/docs/user-guide/database-configuration.md @@ -27,6 +27,7 @@ stringData: username: password: sslmode: prefer + target_session_attrs: read-write type: unmanaged type: Opaque ``` @@ -37,6 +38,8 @@ type: Opaque **Note**: The variable `sslmode` is valid for `external` databases only. The allowed values are: `prefer`, `disable`, `allow`, `require`, `verify-ca`, `verify-full`. +**Note**: The variable `target_session_attrs` is only useful for `clustered external` databases. The allowed values are: `any` (default), `read-write`, `read-only`, `primary`, `standby` and `prefer-standby`, whereby only `read-write` and `primary` really make sense in AWX use, as you want to connect to a database node that offers write support. + Once the secret is created, you can specify it on your spec: ```yaml diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index 6f3d9a9f2..efab21738 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -100,6 +100,7 @@ awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}" awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}" awx_postgres_sslmode: "{{ pg_config['resources'][0]['data']['sslmode'] | default('prefer'|b64encode) | b64decode }}" + awx_postgres_target_session_attrs: "{{ pg_config['resources'][0]['data']['target_session_attrs'] | default('') | b64decode }}" no_log: "{{ no_log }}" - name: Set database as managed diff --git a/roles/installer/templates/settings/credentials.py.j2 b/roles/installer/templates/settings/credentials.py.j2 index 19208e0bd..87b2cbb77 100644 --- a/roles/installer/templates/settings/credentials.py.j2 +++ b/roles/installer/templates/settings/credentials.py.j2 @@ -10,6 +10,9 @@ DATABASES = { 'OPTIONS': { 'sslmode': '{{ awx_postgres_sslmode }}', {% if awx_postgres_sslmode in ['verify-ca', 'verify-full'] %} 'sslrootcert': '{{ ca_trust_bundle }}', +{% endif %} +{% if awx_postgres_target_session_attrs %} + 'target_session_attrs': '{{ awx_postgres_target_session_attrs }}', {% endif %} }, } @@ -25,6 +28,9 @@ LISTENER_DATABASES = { 'keepalives_count': {{ postgres_keepalives_count }}, {% else %} 'keepalives': 0, +{% endif %} +{% if awx_postgres_target_session_attrs %} + 'target_session_attrs': '{{ awx_postgres_target_session_attrs }}', {% endif %} }, }