From 7e5192b83ff1a9d81b712b2e0113020d50338a1a Mon Sep 17 00:00:00 2001 From: sonny Date: Sat, 6 Nov 2021 20:24:23 +0100 Subject: [PATCH] Update pgbouncer config to bullseye's --- templates/pgbouncer.j2 | 209 +++++++++++++++++++++-------------------- 1 file changed, 108 insertions(+), 101 deletions(-) diff --git a/templates/pgbouncer.j2 b/templates/pgbouncer.j2 index 532dae5..c9a687c 100644 --- a/templates/pgbouncer.j2 +++ b/templates/pgbouncer.j2 @@ -3,32 +3,37 @@ ;; database name = connect string ;; ;; connect string params: -;; dbname= host= port= user= password= +;; dbname= host= port= user= password= auth_user= ;; client_encoding= datestyle= timezone= -;; pool_size= connect_query= -;; auth_user= +;; pool_size= reserve_pool= max_db_connections= +;; pool_mode= connect_query= application_name= [databases] newsreader = host={{ postgres_host }} port={{ postgres_port }} dbname={{ postgres_db }} user={{ postgres_user }} password={{ postgres_password }} -; foodb over Unix socket +;; foodb over Unix socket ;foodb = -; redirect bardb to bazdb on localhost +;; redirect bardb to bazdb on localhost ;bardb = host=localhost dbname=bazdb -; access to dest database will go with single user -;forcedb = host=127.0.0.1 port=300 user=baz password=foo client_encoding=UNICODE datestyle=ISO connect_query='SELECT 1' +;; access to dest database will go with single user +;forcedb = host=localhost port=300 user=baz password=foo client_encoding=UNICODE datestyle=ISO connect_query='SELECT 1' -; use custom pool sizes +;; use custom pool sizes ;nondefaultdb = pool_size=50 reserve_pool=10 -; use auth_user with auth_query if user not present in auth_file -; auth_user must exist in auth_file +;; use auth_user with auth_query if user not present in auth_file +;; auth_user must exist in auth_file ; foodb = auth_user=bar -; fallback connect string +;; fallback connect string ;* = host=testserver +;; User-specific configuration +[users] + +;user1 = pool_mode=transaction max_user_connections=10 + ;; Configuration section [pgbouncer] @@ -43,12 +48,12 @@ pidfile = /var/run/postgresql/pgbouncer.pid ;;; Where to wait for clients ;;; -; IP address or * which means all IPs +;; IP address or * which means all IPs listen_addr = {{ pgbouncer_listen_address }} listen_port = {{ pgbouncer_port }} -; Unix socket is also used for -R. -; On Debian it should be /var/run/postgresql +;; Unix socket is also used for -R. +;; On Debian it should be /var/run/postgresql ;unix_socket_dir = /tmp ;unix_socket_mode = 0777 ;unix_socket_group = @@ -72,8 +77,8 @@ unix_socket_dir = /var/run/postgresql ;; fast, normal, secure, legacy, ;client_tls_ciphers = fast -;; all, secure, tlsv1.0, tlsv1.1, tlsv1.2 -;client_tls_protocols = all +;; all, secure, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3 +;client_tls_protocols = secure ;; none, auto, legacy ;client_tls_dheparams = auto @@ -96,8 +101,8 @@ server_tls_sslmode = require ;server_tls_key_file = ;server_tls_cert_file = -;; all, secure, tlsv1.0, tlsv1.1, tlsv1.2 -server_tls_protocols = secure +;; all, secure, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3 +;server_tls_protocols = secure ;; fast, normal, secure, legacy, ;server_tls_ciphers = fast @@ -106,7 +111,7 @@ server_tls_protocols = secure ;;; Authentication settings ;;; -; any, trust, plain, crypt, md5, cert, hba, pam +;; any, trust, plain, md5, cert, hba, pam auth_type = trust auth_file = /etc/pgbouncer/userlist.txt @@ -121,77 +126,63 @@ auth_file = /etc/pgbouncer/userlist.txt ;;; Users allowed into database 'pgbouncer' ;;; -; comma-separated list of users, who are allowed to change settings +;; comma-separated list of users who are allowed to change settings ;admin_users = user2, someadmin, otheradmin -; comma-separated list of users who are just allowed to use SHOW command +;; comma-separated list of users who are just allowed to use SHOW command ;stats_users = stats, root ;;; ;;; Pooler personality questions ;;; -; When server connection is released back to pool: -; session - after client disconnects -; transaction - after transaction finishes -; statement - after statement finishes -pool_mode = session +;; When server connection is released back to pool: +;; session - after client disconnects (default) +;; transaction - after transaction finishes +;; statement - after statement finishes +;pool_mode = session -; -; Query for cleaning connection immediately after releasing from client. -; No need to put ROLLBACK here, pgbouncer does not reuse connections -; where transaction is left open. -; -; Query for 8.3+: -; DISCARD ALL; -; -; Older versions: -; RESET ALL; SET SESSION AUTHORIZATION DEFAULT -; -; Empty if transaction pooling is in use. -; -server_reset_query = DISCARD ALL +;; Query for cleaning connection immediately after releasing from +;; client. No need to put ROLLBACK here, pgbouncer does not reuse +;; connections where transaction is left open. +;server_reset_query = DISCARD ALL - -; Whether server_reset_query should run in all pooling modes. -; If it is off, server_reset_query is used only for session-pooling. +;; Whether server_reset_query should run in all pooling modes. If it +;; is off, server_reset_query is used only for session-pooling. ;server_reset_query_always = 0 -; -; Comma-separated list of parameters to ignore when given -; in startup packet. Newer JDBC versions require the -; extra_float_digits here. -; +;; Comma-separated list of parameters to ignore when given in startup +;; packet. Newer JDBC versions require the extra_float_digits here. ;ignore_startup_parameters = extra_float_digits -; -; When taking idle server into use, this query is ran first. -; SELECT 1 -; +;; When taking idle server into use, this query is run first. ;server_check_query = select 1 -; If server was used more recently that this many seconds ago, +;; If server was used more recently that this many seconds ago, ; skip the check query. Value 0 may or may not run in immediately. ;server_check_delay = 30 -; Close servers in session pooling mode after a RECONNECT, RELOAD, -; etc. when they are idle instead of at the end of the session. +;; Close servers in session pooling mode after a RECONNECT, RELOAD, +;; etc. when they are idle instead of at the end of the session. ;server_fast_close = 0 ;; Use as application_name on server. ;application_name_add_host = 0 +;; Period for updating aggregated stats. +;stats_period = 60 + ;;; ;;; Connection limits ;;; -; total number of clients that can connect -max_client_conn = 100 +;; Total number of clients that can connect +;max_client_conn = 100 -; default pool size. 20 is good number when transaction pooling -; is in use, in session pooling it needs to be the number of -; max clients you want to handle at any moment -default_pool_size = 20 +;; Default pool size. 20 is good number when transaction pooling +;; is in use, in session pooling it needs to be the number of +;; max clients you want to handle at any moment +;default_pool_size = 20 ;; Minimum number of server connections to keep in pool. ;min_pool_size = 0 @@ -199,14 +190,17 @@ default_pool_size = 20 ; how many additional connection to allow in case of trouble ;reserve_pool_size = 0 -; if a clients needs to wait more than this many seconds, use reserve pool +;; If a clients needs to wait more than this many seconds, use reserve +;; pool. ;reserve_pool_timeout = 5 -; how many total connections to a single database to allow from all pools +;; Maximum number of server connections for a database ;max_db_connections = 0 + +;; Maximum number of server connections for a user ;max_user_connections = 0 -; If off, then server connections are reused in LIFO manner +;; If off, then server connections are reused in LIFO manner ;server_round_robin = 0 ;;; @@ -218,17 +212,17 @@ default_pool_size = 20 ;syslog_facility = daemon ;syslog_ident = pgbouncer -; log if client connects or server connection is made +;; log if client connects or server connection is made ;log_connections = 1 -; log if and why connection was closed +;; log if and why connection was closed ;log_disconnections = 1 -; log error messages pooler sends to clients +;; log error messages pooler sends to clients ;log_pooler_errors = 1 -;; Period for writing aggregated stats into log. -;stats_period = 60 +;; write aggregated stats into log +;log_stats = 1 ;; Logging verbosity. Same as -v switch on command line. ;verbose = 0 @@ -240,8 +234,8 @@ default_pool_size = 20 ;; Close server connection if its been connected longer. ;server_lifetime = 3600 -;; Close server connection if its not been used in this time. -;; Allows to clean unnecessary connections from pool after peak. +;; Close server connection if its not been used in this time. Allows +;; to clean unnecessary connections from pool after peak. ;server_idle_timeout = 600 ;; Cancel connection attempt if server does not answer takes longer. @@ -251,35 +245,37 @@ default_pool_size = 20 ;; then wait this many second. ;server_login_retry = 15 -;; Dangerous. Server connection is closed if query does not return -;; in this time. Should be used to survive network problems, -;; _not_ as statement_timeout. (default: 0) +;; Dangerous. Server connection is closed if query does not return in +;; this time. Should be used to survive network problems, _not_ as +;; statement_timeout. (default: 0) ;query_timeout = 0 -;; Dangerous. Client connection is closed if the query is not assigned -;; to a server in this time. Should be used to limit the number of queued -;; queries in case of a database or network failure. (default: 120) +;; Dangerous. Client connection is closed if the query is not +;; assigned to a server in this time. Should be used to limit the +;; number of queued queries in case of a database or network +;; failure. (default: 120) ;query_wait_timeout = 120 -;; Dangerous. Client connection is closed if no activity in this time. -;; Should be used to survive network problems. (default: 0) +;; Dangerous. Client connection is closed if no activity in this +;; time. Should be used to survive network problems. (default: 0) ;client_idle_timeout = 0 ;; Disconnect clients who have not managed to log in after connecting ;; in this many seconds. ;client_login_timeout = 60 -;; Clean automatically created database entries (via "*") if they -;; stay unused in this many seconds. +;; Clean automatically created database entries (via "*") if they stay +;; unused in this many seconds. ; autodb_idle_timeout = 3600 -;; How long SUSPEND/-R waits for buffer flush before closing connection. -;suspend_timeout = 10 - -;; Close connections which are in "IDLE in transaction" state longer than -;; this many seconds. +;; Close connections which are in "IDLE in transaction" state longer +;; than this many seconds. ;idle_transaction_timeout = 0 +;; How long SUSPEND/-R waits for buffer flush before closing +;; connection. +;suspend_timeout = 10 + ;;; ;;; Low-level tuning options ;;; @@ -296,11 +292,14 @@ default_pool_size = 20 ;; Maximum PostgreSQL protocol packet size. ;max_packet_size = 2147483647 +;; Set SO_REUSEPORT socket option +;so_reuseport = 0 + ;; networking options, for info: man 7 tcp -;; Linux: notify program about new connection only if there -;; is also data received. (Seconds to wait.) -;; On Linux the default is 45, on other OS'es 0. +;; Linux: Notify program about new connection only if there is also +;; data received. (Seconds to wait.) On Linux the default is 45, on +;; other OS'es 0. ;tcp_defer_accept = 0 ;; In-kernel buffer size (Linux default: 4096) @@ -309,19 +308,23 @@ default_pool_size = 20 ;; whether tcp keepalive should be turned on (0/1) ;tcp_keepalive = 1 -;; The following options are Linux-specific. -;; They also require tcp_keepalive=1. +;; The following options are Linux-specific. They also require +;; tcp_keepalive=1. -;; count of keepalive packets +;; Count of keepalive packets ;tcp_keepcnt = 0 -;; how long the connection can be idle, -;; before sending keepalive packets +;; How long the connection can be idle before sending keepalive +;; packets ;tcp_keepidle = 0 -;; The time between individual keepalive probes. +;; The time between individual keepalive probes ;tcp_keepintvl = 0 +;; How long may transmitted data remain unacknowledged before TCP +;; connection is closed (in milliseconds) +;tcp_user_timeout = 0 + ;; DNS lookup caching time ;dns_max_ttl = 15 @@ -331,22 +334,26 @@ default_pool_size = 20 ;; DNS negative result caching time ;dns_nxdomain_ttl = 15 +;; Custom resolv.conf file, to set custom DNS servers or other options +;; (default: empty = use OS settings) +;resolv_conf = /etc/pgbouncer/resolv.conf + ;;; ;;; Random stuff ;;; -;; Hackish security feature. Helps against SQL-injection - when PQexec is disabled, -;; multi-statement cannot be made. +;; Hackish security feature. Helps against SQL injection: when PQexec +;; is disabled, multi-statement cannot be made. ;disable_pqexec = 0 -;; Config file to use for next RELOAD/SIGHUP. +;; Config file to use for next RELOAD/SIGHUP ;; By default contains config file from command line. ;conffile -;; Win32 service name to register as. job_name is alias for service_name, -;; used by some Skytools scripts. +;; Windows service name to register as. job_name is alias for +;; service_name, used by some Skytools scripts. ;service_name = pgbouncer ;job_name = pgbouncer -;; Read additional config from the /etc/pgbouncer/pgbouncer-other.ini file +;; Read additional config from other file ;%include /etc/pgbouncer/pgbouncer-other.ini