How To Automate PostgreSQL and repmgr on Vagrant

Rui Trigo - Jul 28 '20 - - Dev Community

I often get asked if it's possible to build a resilient system with PostgreSQL.

Considering that resilience should feature cluster high-availability, fault tolerance, and self-healing, it's not an easy answer. But there is a lot to be said about this.

As of today, we can't achieve that level of resilience with the same ease as MongoDB built-in features. But let's see what we can in fact do with the help of repmgr and some other tooling.

At the end of this exercise, we will have achieved some things that come in handy, such as:

  • a few Ansible roles that can be reused for production
  • a Vagrantfile for single-command cluster deployment
  • a development environment that’s more realistic; being close to production state is good to foresee "production-exclusive issues"

Objectives

  • build a local development environment PostgreSQL cluster with fault tolerance capabilities;
  • develop configuration management code to reuse in production.

Pre-requisites

Install Vagrant, VirtualBox and Ansible

sudo apt install vagrant
sudo apt install virtualbox && sudo apt install virtualbox-dkms
sudo apt install ansible
Enter fullscreen mode Exit fullscreen mode

Note: An alternative to installing Ansible on your host machine would be using the ansible-local Vagrant provider, which needs Ansible installed on the generated virtual machine instead.

Configuration

1. Write a Vagrantfile

You can use vagrant init to generate the file or simply create it and insert our first blocks.

Vagrant.configure("2") do |config|
  (1..3).each do |n|
    config.vm.define "node#{n}" do |define|
      define.ssh.insert_key = false
      define.vm.box = "ubuntu/bionic64"
      define.vm.hostname = "node#{n}"
      define.vm.network :private_network, ip: "172.16.1.1#{n}"

      define.vm.provider :virtualbox do |v|
        v.cpus = 2
        v.memory = 1024
        v.name = "node#{n}"
      end
    end
  end
end
Enter fullscreen mode Exit fullscreen mode

Let's go block by block:

  • the 1st block is where we set up the Vagrant version;
  • on the 2nd block, we iterate the following code so we reuse it to generate 3 equal VMs;
  • OS, hostname and network settings are set in the 3rd block;
  • the 4th block contains VirtualBox specific settings.

You can create the servers with:

# create all 3 VMs
vagrant up
# or create only a specific VM
vagrant up node1
Enter fullscreen mode Exit fullscreen mode

2. Add a provisioner

Just by doing the first step alone, we can already launch 3 working virtual machines. A little exciting, but the best is yet to come.

Launching virtual machines is a nice feature of Vagrant, but we want these servers to have PostgreSQL and repmgr configured, so we will use configuration management software to help us. This is the moment Ansible walks in to amaze us.

Vagrant supports several providers, two of them being Ansible and Ansible Local. The difference between them is where Ansible runs, or in other words, where it must be installed. By Vagrant terms, the Ansible provider runs on a host machine (your computer) and the Ansible Local provider runs on guest machines (virtual machines). As we already installed Ansible in the prerequisites section, we'll go with the first option.

Let's add a block for this provisioner in our Vagrantfile.

Vagrant.configure("2") do |config|
  (1..3).each do |n|
    config.vm.define "node#{n}" do |define|
      define.ssh.insert_key = false
      define.vm.box = "ubuntu/bionic64"
      define.vm.hostname = "node#{n}"
      define.vm.network :private_network, ip: "172.16.1.1#{n}"

      define.vm.provider :virtualbox do |v|
        v.cpus = 2
        v.memory = 1024
        v.name = "node#{n}"
      end

      if n == 3
        define.vm.provision :ansible do |ansible|
          ansible.limit = "all"
          ansible.playbook = "provisioning/playbook.yaml"

          ansible.host_vars = {
            "node1" => {:connection_host => "172.16.1.11",
                        :node_id => 1,
                        :role => "primary" },

            "node2" => {:connection_host => "172.16.1.12",
                        :node_id => 2,
                        :role => "standby" },

            "node3" => {:connection_host => "172.16.1.13",
                        :node_id => 3,
                        :role => "witness" }
          }
        end
      end

    end
  end
end
Enter fullscreen mode Exit fullscreen mode

Ansible allows us to configure several servers simultaneously. To take advantage of this feature on Vagrant, we add ansible.limit = "all" and must wait until all 3 VMs are up. Vagrant knows they are all created because of the condition if n == 3, which makes Ansible only run after Vagrant iterated 3 times.

ansible.playbook is the configuration entry point and ansible.host_vars contains the Ansible host variables to be used on the tasks and templates we are about to create.

3. Create an organized Ansible folder structure

If you're already familiar with Ansible, there's little to learn in this section. For those who aren't, it doesn't get too complicated.

First, we have a folder for all Ansible files, named provisioning. Inside this folder, we have our aforementioned entry point playbook.yaml, a group_vars folder for Ansible group variables, and a roles folder.

We could have all Ansible tasks within playbook.yaml, but role folder structure helps with organization. You can read the Ansible documentation to learn the best practices. Below, you will find the folder structure for this tutorial.

project_root
| provisioning
|  |  group_vars
|  |  |  all.yaml
|  |  roles
|  |  |  postgres_12
|  |  |  registration
|  |  |  repmgr
|  |  |  ssh
|  |  playbook.yaml
|  Vagrantfile
Enter fullscreen mode Exit fullscreen mode

4. Ansible roles

4.1 PostgreSQL role

To configure repmgr on PostgreSQL, we need to edit two well-known PostgreSQL configuration files: postgresql.conf and pg_hba.conf. We will then write our tasks to apply the configurations on tasks/main.yaml. I named the PostgreSQL role folder as postgres_12 but you can easily use another version if you want to.

postgres_12
|  tasks
|  |  main.yaml
|  templates
|  |  pg_hba.conf.j2
|  |  pg_hba.conf.j2
Enter fullscreen mode Exit fullscreen mode

You can reuse the default file which comes with PostgreSQL installation and add the following lines to whitelist repmgr database sessions from your trusted VMs. Create an Ansible template file (Jinja2 format) like so:

# default configuration (...)

# repmgr
local   replication   repmgr                              trust
host    replication   repmgr      127.0.0.1/32            trust
host    replication   repmgr      {{ node1_ip }}/32       trust
host    replication   repmgr      {{ node2_ip }}/32       trust
host    replication   repmgr      {{ node3_ip }}/32       trust

local   repmgr        repmgr                              trust
host    repmgr        repmgr      127.0.0.1/32            trust
host    repmgr        repmgr      {{ node1_ip }}/32       trust
host    repmgr        repmgr      {{ node2_ip }}/32       trust
host    repmgr        repmgr      {{ node3_ip }}/32       trust
Enter fullscreen mode Exit fullscreen mode

In the same fashion as pg_hba.conf, you can reuse the postgresql.conf default file and add a few more replication related settings to the bottom of the file:

# default configuration (...)

# repmgr
listen_addresses = '*'
shared_preload_libraries = 'repmgr'
wal_level = replica
max_wal_senders = 5
wal_keep_segments = 64
max_replication_slots = 5
hot_standby = on
wal_log_hints = on
Enter fullscreen mode Exit fullscreen mode

The tasks below will install PostgreSQL and apply our configurations. Their names are self-explanatory.

- name: Add PostgreSQL apt key
  apt_key:
    url: https://www.postgresql.org/media/keys/ACCC4CF8.asc

- name: Add PostgreSQL repository
  apt_repository:
    # ansible_distribution_release = xenial, bionic, focal
    repo: deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main

- name: Install PostgreSQL 12
  apt:
    name: postgresql-12
    update_cache: yes

- name: Copy database configuration
  template:
    src: full_postgresql.conf.j2
    dest: /etc/postgresql/12/main/postgresql.conf
    group: postgres
    mode: '0644'
    owner: postgres

- name: Copy user access configuration
  template:
    src: pg_hba.conf.j2
    dest: /etc/postgresql/12/main/pg_hba.conf
    group: postgres
    mode: '0640'
    owner: postgres
Enter fullscreen mode Exit fullscreen mode

4.2 SSH server configuration

ssh
|  files
|  |  keys
|  |   |  id_rsa
|  |   |  id_rsa.pub
|  tasks
|  |  main.yaml
Enter fullscreen mode Exit fullscreen mode

Generate a key pair to use throughout our virtual machines to allow access to them. If you don't know how to do it, this link can help. Just make sure the keys file paths match the paths in the next step.

The tasks below will install the OpenSSH server and apply our configurations. Their names are self-explanatory.

- name: Install OpenSSH
  apt:
    name: openssh-server
    update_cache: yes
    state: present

- name: Create postgres SSH directory
  file:
    mode: '0755'
    owner: postgres
    group: postgres
    path: /var/lib/postgresql/.ssh/
    state: directory

- name: Copy SSH private key
  copy:
    src: "keys/id_rsa"
    dest: /var/lib/postgresql/.ssh/id_rsa
    owner: postgres
    group: postgres
    mode: '0600'

- name: Copy SSH public key
  copy:
    src: "keys/id_rsa.pub"
    dest: /var/lib/postgresql/.ssh/id_rsa.pub
    owner: postgres
    group: postgres
    mode: '0644'

- name: Add key to authorized keys file
  authorized_key:
    user: postgres
    state: present
    key: "{{ lookup('file', 'keys/id_rsa.pub') }}"

- name: Restart SSH service
  service:
    name: sshd
    enabled: yes
    state: restarted
Enter fullscreen mode Exit fullscreen mode

4.3 repmgr installation

repmgr
|  tasks
|  |  main.yaml
|  templates
|  |  repmgr.conf.j2
Enter fullscreen mode Exit fullscreen mode

We configure settings like promote command, follow command, timeouts and retry count on failure scenarios inside repmgr.conf. We will copy this file to its default directory /etc to avoid passing the -f argument on the repmgr command all the time.

The tasks below will install repmgr and apply our configurations. Their names are self-explanatory.

- name: Download repmgr repository installer
  get_url:
    dest: /tmp/repmgr-installer.sh
    mode: 0700
    url: https://dl.2ndquadrant.com/default/release/get/deb

- name: Execute repmgr repository installer
  shell: /tmp/repmgr-installer.sh

- name: Install repmgr for PostgreSQL {{ pg_version }}
  apt:
    name: postgresql-{{ pg_version }}-repmgr
    update_cache: yes

- name: Setup repmgr user and database
  become_user: postgres
  ignore_errors: yes
  shell: |
    createuser --replication --createdb --createrole --superuser repmgr &&
    psql -c 'ALTER USER repmgr SET search_path TO repmgr_test, "$user", public;' &&
    createdb repmgr --owner=repmgr

- name: Copy repmgr configuration
  template:
    src: repmgr.conf.j2
    dest: /etc/repmgr.conf

- name: Restart PostgreSQL
  systemd:
    name: postgresql
    enabled: yes
    state: restarted

Enter fullscreen mode Exit fullscreen mode

4.4 repmgr node registration

Finally, we reach the moment where fault tolerance is established.

registration
|  tasks
|  |  main.yaml
Enter fullscreen mode Exit fullscreen mode
node_id = {{ node_id }}
node_name = 'node{{ node_id }}'
conninfo = 'host={{ connection_host }} user=repmgr dbname=repmgr'
data_directory = '/var/lib/postgresql/{{ pg_version }}/main'
use_replication_slots = yes
reconnect_attempts = 5
reconnect_interval = 1
failover = automatic
pg_bindir = '/usr/lib/postgresql/{{ pg_version }}/bin'
promote_command = 'repmgr standby promote -f /etc/repmgr.conf'
follow_command = 'repmgr standby follow -f /etc/repmgr.conf'
log_level = INFO
log_file = '/var/log/postgresql/repmgr.log'
Enter fullscreen mode Exit fullscreen mode

This role was built according to the repmgr documentation and it might be the most complex role, as it needs to:

  • run some commands as root and others as Postgres;
  • stop services between reconfigurations;
  • have different tasks for primary, standby, and support witness role configuration (in case you want node3 to also be a standby node, just assign role: standby in Vagrantfile ansible.host_vars)
- name: Register primary node
  become_user: postgres
  shell: repmgr primary register
  ignore_errors: yes
  when: role == "primary"

- name: Stop PostgreSQL
  systemd:
    name: postgresql
    state: stopped
  when: role == "standby"

- name: Clean up PostgreSQL data directory
  become_user: postgres
  file:
    path: /var/lib/postgresql/{{ pg_version }}/main
    force: yes
    state: absent
  when: role == "standby"

- name: Clone primary node data
  become_user: postgres
  shell: repmgr -h {{ node1_ip }} -U repmgr -d repmgr standby clone
  ignore_errors: yes
  when: role == "standby"

- name: Start PostgreSQL
  systemd:
    name: postgresql
    state: started
  when: role == "standby"

- name: Register {{ role }} node
  become_user: postgres
  shell: repmgr {{ role }} register -F
  ignore_errors: yes
  when: role != "primary"

- name: Start repmgrd
  become_user: postgres
  shell: repmgrd
  ignore_errors: yes
Enter fullscreen mode Exit fullscreen mode

5. Set group variables

Create a file group_vars/all.yaml to set your VMs IP addresses and the PostgreSQL version you would like to use. Like host_vars set on Vagrantfile, these variables will be placed in the templates placeholders.

client_ip: "172.16.1.1"
node1_ip: "172.16.1.11"
node2_ip: "172.16.1.12"
node3_ip: "172.16.1.13"
pg_version: "12"
Enter fullscreen mode Exit fullscreen mode

6. Put all pieces together with a playbook

The only thing missing is the playbook itself. Create a file named playbook.yaml and invoke the roles we have been developing. gather_facts is an Ansible property to fetch operative system data like distribution (ansible_distribution_release) among other useful variables. You can also read these variables with the Ansible setup module.

- hosts: all
  gather_facts: yes
  become: yes
  roles:
    - postgres_12
    - ssh
    - repmgr
    - registration
Enter fullscreen mode Exit fullscreen mode

7. Start cluster

It's finished. You can now start your cluster with vagrant up and then perform your connections and failover tests.

Testing cluster failover

Now that our cluster is up and configured, you can start by shutting down your standby node:

# save standby state and shut it down ungracefully
vagrant suspend node2
Enter fullscreen mode Exit fullscreen mode

You will see that the cluster is operating normally. Bring the standby node back and it will stay that way.

# bring standby back online after suspension
vagrant resume node1
Enter fullscreen mode Exit fullscreen mode

How about taking down the primary node?

# save primary state and shut it down ungracefully
vagrant suspend node1
Enter fullscreen mode Exit fullscreen mode

At this point, as repmgrd is enabled, the standby node will retry connecting to the primary node the configured number of times (reconnect_attempts = 5) and, if it obtains no response, will promote itself to primary and take over write operations on the PostgreSQL cluster. Success!

To join the cluster again, the old primary node will have to lose its current data, clone the new primary data, and register as a new standby.

vagrant resume node1
vagrant ssh node1
service postgresql stop
rm -r /var/lib/postgresql/12/main
repmgr -h 172.16.1.12 -U -d repmgr standby clone
service postgresql start
repmgr standby register -F
repmgrd
repmgr service status
Enter fullscreen mode Exit fullscreen mode

This last command shows us that the cluster is working properly, but with inverted roles.

postgres@node1:~$ repmgr service status
 ID | Name  | Role  | Status    | Upstream | repmgrd | PID   | Paused? | Upstream last seen
----+-------+---------+-----------+----------+---------+-------+---------+--------------------
 1  | node1 | standby |   running | node2   | running | 22490 | no      | n/a                
 2  | node2 | primary | * running |         | running | 22548 | no      | 0 second(s) ago   
 3  | node3 | witness | * running | node2   | running | 22535 | no      | 0 second(s) ago   
Enter fullscreen mode Exit fullscreen mode

Nothing wrong with this, but let's make these nodes switch their roles.

# ssh in and out just to add host key to known_hosts file
ssh <current_primary_ip_address> -o StrictHostKeyChecking=no
exit
# trigger switchover on current standby
repmgr standby switchover --siblings-follow
Enter fullscreen mode Exit fullscreen mode

And we're back to the initial state.

postgres@node1:~$ repmgr service status
 ID | Name  | Role  | Status    | Upstream | repmgrd | PID   | Paused? | Upstream last seen
----+-------+---------+-----------+----------+---------+-------+---------+--------------------
 1  | node1 | primary | * running |         | running | 22490 | no      | n/a                
 2  | node2 | standby |   running | node1   | running | 22548 | no      | 0 second(s) ago   
 3  | node3 | witness | * running | node1   | running | 22535 | no      | 0 second(s) ago   
Enter fullscreen mode Exit fullscreen mode

Conclusion

We managed to build a fault-tolerant PostgreSQL cluster using Vagrant and Ansible.

High availability is a big challenge. Much like life’s own matters, we are only prepared for the biggest challenges when we fit that challenges’ conditions.

Production environment unique problems are natural and tough to guess. Bridging the gap between development and production is a way to prevent deployment/production issues. We can make some efforts toward that objective, and that is precisely what we just achieved with this high availability database setup.

You can find the source code of this tutorial here.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .