File: pg_autoctl_create_monitor.rst

package info (click to toggle)
pg-auto-failover 2.0-2
  • links: PTS
  • area: main
  • in suites: bookworm
  • size: 5,156 kB
  • sloc: ansic: 58,245; python: 5,501; sql: 3,171; makefile: 593; sh: 35
file content (203 lines) | stat: -rw-r--r-- 6,778 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
 
.. _pg_autoctl_create_monitor:

pg_autoctl create monitor
=========================

pg_autoctl create monitor - Initialize a pg_auto_failover monitor node

Synopsis
--------

This command initializes a PostgreSQL cluster and installs the
`pgautofailover` extension so that it's possible to use the new instance to
monitor PostgreSQL services::

  usage: pg_autoctl create monitor  [ --pgdata --pgport --pgctl --hostname ]

  --pgctl           path to pg_ctl
  --pgdata          path to data directory
  --pgport          PostgreSQL's port number
  --hostname        hostname by which postgres is reachable
  --auth            authentication method for connections from data nodes
  --skip-pg-hba     skip editing pg_hba.conf rules
  --run             create node then run pg_autoctl service
  --ssl-self-signed setup network encryption using self signed certificates (does NOT protect against MITM)
  --ssl-mode        use that sslmode in connection strings
  --ssl-ca-file     set the Postgres ssl_ca_file to that file path
  --ssl-crl-file    set the Postgres ssl_crl_file to that file path
  --no-ssl          don't enable network encryption (NOT recommended, prefer --ssl-self-signed)
  --server-key      set the Postgres ssl_key_file to that file path
  --server-cert     set the Postgres ssl_cert_file to that file path

Description
-----------

The pg_autoctl tool is the client tool provided by pg_auto_failover to
create and manage Postgres nodes and the pg_auto_failover monitor node. The
command is built with many sub-commands that each have their own manual
page.

Options
-------

The following options are available to ``pg_autoctl create monitor``:

--pgctl

  Path to the ``pg_ctl`` tool to use for the version of PostgreSQL you want
  to use.

  Defaults to the ``pg_ctl`` found in the PATH when there is a single entry
  for ``pg_ctl`` in the PATH. Check your setup using ``which -a pg_ctl``.

  When using an RPM based distribution such as RHEL or CentOS, the path
  would usually be ``/usr/pgsql-13/bin/pg_ctl`` for Postgres 13.

  When using a debian based distribution such as debian or ubuntu, the path
  would usually be ``/usr/lib/postgresql/13/bin/pg_ctl`` for Postgres 13.
  Those distributions also use the package ``postgresql-common`` which
  provides ``/usr/bin/pg_config``. This tool can be automatically used by
  ``pg_autoctl`` to discover the default version of Postgres to use on your
  setup.

--pgdata

  Location where to initialize a Postgres database cluster, using either
  ``pg_ctl initdb`` or ``pg_basebackup``. Defaults to the environment
  variable ``PGDATA``.

--pgport

  Postgres port to use, defaults to 5432.

--hostname

  Hostname or IP address (both v4 and v6 are supported) to use from any
  other node to connect to this node.

  When not provided, a default value is computed by running the following
  algorithm.

    1. We get this machine's "public IP" by opening a connection to the
       8.8.8.8:53 public service. Then we get TCP/IP client address that
       has been used to make that connection.

    2. We then do a reverse DNS lookup on the IP address found in the
       previous step to fetch a hostname for our local machine.

    3. If the reverse DNS lookup is successful , then ``pg_autoctl`` does a
       forward DNS lookup of that hostname.

  When the forward DNS lookup response in step 3. is an IP address found in
  one of our local network interfaces, then ``pg_autoctl`` uses the hostname
  found in step 2. as the default ``--hostname``. Otherwise it uses the IP
  address found in step 1.

  You may use the ``--hostname`` command line option to bypass the whole DNS
  lookup based process and force the local node name to a fixed value.

--auth

  Authentication method used by ``pg_autoctl`` when editing the Postgres HBA
  file to open connections to other nodes. No default value, must be
  provided by the user. The value ``--trust`` is only a good choice for
  testing and evaluation of pg_auto_failover, see :ref:`security` for more
  information.

--skip-pg-hba

  When this option is used then ``pg_autoctl`` refrains from any editing of
  the Postgres HBA file. Please note that editing the HBA file is still
  needed so that other nodes can connect using either read privileges or
  replication streaming privileges.

  When ``--skip-pg-hba`` is used, ``pg_autoctl`` still outputs the HBA
  entries it needs in the logs, it only skips editing the HBA file.

--run

  Immediately run the ``pg_autoctl`` service after having created this
  node.

--ssl-self-signed

  Generate SSL self-signed certificates to provide network encryption. This
  does not protect against man-in-the-middle kinds of attacks. See
  :ref:`security` for more about our SSL settings.

--ssl-mode

  SSL Mode used by ``pg_autoctl`` when connecting to other nodes,
  including when connecting for streaming replication.

--ssl-ca-file

  Set the Postgres ``ssl_ca_file`` to that file path.
	
--ssl-crl-file

  Set the Postgres ``ssl_crl_file`` to that file path.
	
--no-ssl

  Don't enable network encryption. This is not recommended, prefer
  ``--ssl-self-signed``.
	
--server-key

  Set the Postgres ``ssl_key_file`` to that file path.
	
--server-cert

  Set the Postgres ``ssl_cert_file`` to that file path.
  

Environment
-----------

PGDATA

  Postgres directory location. Can be used instead of the ``--pgdata``
  option.

PG_CONFIG

  Can be set to the absolute path to the `pg_config`__ Postgres tool. This
  is mostly used in the context of building extensions, though it can be a
  useful way to select a Postgres version when several are installed on the
  same system.

  __ https://www.postgresql.org/docs/current/app-pgconfig.html

PATH

  Used the usual way mostly. Some entries that are searched in the PATH by
  the ``pg_autoctl`` command are expected to be found only once, to avoid
  mistakes with Postgres major versions.

PGHOST, PGPORT, PGDATABASE, PGUSER, PGCONNECT_TIMEOUT, ...

  See the `Postgres docs about Environment Variables`__ for details.
  
  __ https://www.postgresql.org/docs/current/libpq-envars.html

TMPDIR

  The pgcopydb command creates all its work files and directories in
  ``${TMPDIR}/pgcopydb``, and defaults to ``/tmp/pgcopydb``.

XDG_CONFIG_HOME

  The pg_autoctl command stores its configuration files in the standard
  place XDG_CONFIG_HOME. See the `XDG Base Directory Specification`__.

  __ https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
  
XDG_DATA_HOME

  The pg_autoctl command stores its internal states files in the standard
  place XDG_DATA_HOME, which defaults to ``~/.local/share``. See the `XDG
  Base Directory Specification`__.

  __ https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html