admin/e-ticket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix PgBouncer auth: template pgbouncer.ini and userlist.txt with vault db_password

Browse Source 
- Create pgbouncer.ini.j2 with auth_type plain (no MD5 hash needed)
- Create userlist.txt.j2 with vault db_password
- Add Ansible tasks to deploy both files before docker-compose
- Mount pgbouncer files as read-only in compose template

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Serreau Jovann
2026-03-20 14:07:16 +01:00
parent d061748da6
commit de945add75
4 changed files with 38 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ansible/deploy.yml
View File

@@ -45,6 +45,22 @@
chdir: /var/www/e-ticket
become_user: bot
- name: Deploy PgBouncer config
template:
src: pgbouncer.ini.j2
dest: /var/www/e-ticket/docker/pgsql/pgbouncer.ini
owner: bot
group: bot
mode: "0600"
- name: Deploy PgBouncer userlist
template:
src: userlist.txt.j2
dest: /var/www/e-ticket/docker/pgsql/userlist.txt
owner: bot
group: bot
mode: "0600"
- name: Deploy docker-compose-prod.yml
template:
src: docker-compose-prod.yml.j2

4
ansible/docker-compose-prod.yml.j2
View File

@@ -70,8 +70,8 @@ services:
image: edoburu/pgbouncer
restart: unless-stopped
volumes:
- ./docker/pgsql/pgbouncer.ini:/etc/pgbouncer/pgbouncer.ini
- ./docker/pgsql/userlist.txt:/etc/pgbouncer/userlist.txt
- ./docker/pgsql/pgbouncer.ini:/etc/pgbouncer/pgbouncer.ini:ro
- ./docker/pgsql/userlist.txt:/etc/pgbouncer/userlist.txt:ro
depends_on:
db-master:
condition: service_healthy

19
ansible/pgbouncer.ini.j2 Normal file
View File

@@ -0,0 +1,19 @@
[databases]
e-ticket = host=db-master port=5432 dbname=e-ticket
e-ticket_readonly = host=db-slave port=5432 dbname=e-ticket
[pgbouncer]
listen_addr = 0.0.0.0
listen_port = 6432
auth_type = plain
auth_file = /etc/pgbouncer/userlist.txt
pool_mode = transaction
max_client_conn = 200
default_pool_size = 20
min_pool_size = 5
reserve_pool_size = 5
reserve_pool_timeout = 3
server_lifetime = 3600
server_idle_timeout = 600
log_connections = 0
log_disconnections = 0

1
ansible/userlist.txt.j2 Normal file
View File

@@ -0,0 +1 @@
"e-ticket" "{{ db_password }}"