chore: clean up and consolidate configuration for PgBouncer

dragarcia · dragarcia · commit 7529dbcafbe6 · 2021-06-10T22:33:21.000+08:00
diff --git a/ansible/files/pgbouncer_config/pgbouncer.ini.j2 b/ansible/files/pgbouncer_config/pgbouncer.ini.j2
@@ -43,8 +43,8 @@
 ;;; Administrative settings
 ;;;
 
-logfile = /var/log/postgresql/pgbouncer.log
-pidfile = /var/run/postgresql/pgbouncer.pid
+logfile = /var/log/pgbouncer.log
+pidfile = /var/run/pgbouncer/pgbouncer.pid
 
 ;;;
 ;;; Where to wait for clients
diff --git a/ansible/files/pgbouncer_config/pgbouncer.service.j2 b/ansible/files/pgbouncer_config/pgbouncer.service.j2
@@ -0,0 +1,40 @@
+# Example systemd service unit for PgBouncer
+#
+# - Adjust the paths in ExecStart for your installation.
+#
+# - The User setting requires careful consideration.  PgBouncer needs
+#   to be able to place a Unix-domain socket file where PostgreSQL
+#   clients will look for it.  In the olden days, this was in /tmp,
+#   but systems using systemd now prefer something like
+#   /var/run/postgresql/.  But then some systems also lock down that
+#   directory so that only the postgres user can write to it.  That
+#   means you need to either
+#
+#   - run PgBouncer as the postgres user, or
+#
+#   - create a separate user and add it to the postgres group and
+#     make /var/run/postgresql/ group-writable, or
+#
+#   - use systemd to create the sockets; see pgbouncer.socket nearby.
+#
+#   For packagers and deployment systems, this requires some
+#   coordination between the PgBouncer and the PostgreSQL
+#   packages/components.
+#
+[Unit]
+Description=connection pooler for PostgreSQL
+Documentation=man:pgbouncer(1)
+Documentation=https://www.pgbouncer.org/
+After=network.target
+#Requires=pgbouncer.socket
+
+[Service]
+Type=notify
+User=postgres
+ExecStart=/usr/local/bin/pgbouncer /etc/pgbouncer/pgbouncer.ini
+ExecReload=/bin/kill -HUP $MAINPID
+KillSignal=SIGINT
+#LimitNOFILE=1024
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ansible/files/pgbouncer_config/pgbouncer_auth_schema.sql b/ansible/files/pgbouncer_config/pgbouncer_auth_schema.sql
diff --git a/ansible/playbook.yml b/ansible/playbook.yml
@@ -9,7 +9,7 @@
 
   vars:
     sql_files:
-      - { source: "pgbouncer_auth_schema.sql", dest: "00-schema.sql" }
+      - { source: "pgbouncer_config/pgbouncer_auth_schema.sql", dest: "00-schema.sql" }
       - { source: "stat_extension.sql", dest: "01-extension.sql" }
 
   environment:
@@ -68,11 +68,6 @@
         state: absent
       loop: "{{ sql_files }}"
 
-    - name: Adjust pgbouncer.ini
-      copy:
-        src: files/pgbouncer.ini
-        dest: /etc/pgbouncer/pgbouncer.ini
-
     - name: UFW - Allow SSH connections
       ufw:
         rule: allow
diff --git a/ansible/tasks/setup-pgbouncer.yml b/ansible/tasks/setup-pgbouncer.yml
@@ -8,6 +8,13 @@
     update_cache: yes
     cache_valid_time: 3600
 
+- name: Create directory for pgbouncer.pid
+  file:
+    path: /var/run/pgbouncer
+    state: directory
+    owner: postgres
+    group: postgres
+
 - name: PgBouncer - download latest release
   get_url:
     url: "https://www.pgbouncer.org/downloads/files/{{ pgbouncer_release }}/pgbouncer-{{ pgbouncer_release }}.tar.gz"
@@ -39,8 +46,24 @@
   become: yes
 
 # Create /etc/postgresql directory and make sure postgres group owns it
-- name: Create a directory if it does not exist
+- name: PgBouncer - create a directory if it does not exist
   file:
     path: /etc/pgbouncer
     state: directory
     group: postgres
+
+- name: PgBouncer - adjust pgbouncer.ini
+  copy:
+    src: files/pgbouncer_config/pgbouncer.ini.j2
+    dest: /etc/pgbouncer/pgbouncer.ini
+
+# Add systemd file for PgBouncer
+- name: PgBouncer - import postgresql.service
+  template:
+    src: files/pgbouncer_config/pgbouncer.service.j2
+    dest: /etc/systemd/system/pgbouncer.service
+  become: yes
+
+- name: PgBouncer - reload systemd
+  systemd:
+    daemon_reload: yes
diff --git a/scripts/91-log_cleanup.sh b/scripts/91-log_cleanup.sh
@@ -6,3 +6,6 @@ rm -rf /var/log/*
 
 # https://github.com/fail2ban/fail2ban/issues/1593
 touch /var/log/auth.log
+
+touch /var/log/pgbouncer.log
+chown postgres:postgres /var/log/pgbouncer.log
