Trusted Postgres Architect 23.34 release notes v23

Released: 22 August 2024

New features, enhancements, bug fixes, and other changes in Trusted Postgres Architect 23.34 include the following:

TypeDescription
EnhancementTPA now has an efm-pre-config hook which runs after efm has been installed and its configuration directory and user have been created, but before efm is configured. It can be used to install custom efm helper scripts.
EnhancementTPA now has its own output plugin, which shows one line of information per task, omitting tasks for which even one line would be uninformative. The lines are indented to enable TPA's control flow to be visible, and include color-coded counts of successful, skipped, and ignored hosts. The fuller output can be turned on by setting TPA_USE_DEFAULT_OUTPUT=true in your environment, or by adding the -v switch to the command line.
EnhancementTPA now allows you to specify additional options when registering PEM agents by listing them under pemagent_registration_opts in cluster_vars.
EnhancementYou can now provide your own web server certificates for use with the PEM server by including the names of the certificate and key pair for use on the PEM server in config.yml under the cluster_vars or pem-server instance vars pem_server_ssl_certificate and pem_server_ssl_key. TPA will copy them from the ssl/pemserver directory of the cluster directory to the PEM server and configure Apache/httpd accordingly.
EnhancementTPA now runs the EFM upgrade-conf command on new cluster deployments to benefit from the comments and inline documentation that are added to both <cluster_name>.properties and <cluster_name>.nodes files.
EnhancementTPA can now set up EFM clusters using hostname resolution instead of IP addresses for bind.address value. This can be invoked with tha --efm-bind-by-hostname option for the configure command or `efm_bind_by_hostname: true
EnhancementTPA now supports setting the EFM properties that added in EFM 4.9: enable.stop.cluster: boolean, default true, priority.standbys: default '', detach.on.agent.failure: boolean, default false, pid.dir: default ''.
EnhancementTPA can now configure pgBouncer to use cert authentication for connections from pgBouncer to Postgres. This is enabled by setting pgbouncer_use_cert_authentication to true in cluster_vars. When enabled, the authentication method for users connecting to pgBouncer is also changed from md5 to scram-sha-256.
ChangeTPA no longer supports RAID creation on AWS.
ChangeRemoved EFM dependency for resolving upstream_primary. Previously, EFM was queried for the current primary on a deploy after a switchover. If EFM is not running, this will fail. Now the cluster_facts collected through Postgres are used to determine the current primary after a switchover, removing the dependency on EFM.
ChangeIn EFM clusters, the upstream_primary is now correctly updated after switchover, resulting in the correct auto.reconfigure setting be set on replicas. Standbys now follow the new primary.
Bug FixFixed an issue whereby TPA would incorrectly apply proxy settings when accessing the Patroni API. The Ansible default is to use a proxy, if defined. This does not work in the (rather common) case of an airgapped environment that needs a proxy to download packages from the internet, because the proxy also intercepts (and disrupts) calls to the Patroni API.
Bug FixFixed an issue whereby TPA would set PEM agent parameters on all instances that were only appropriate for the pemserver instance.
Bug FixAdded missing entries for pgd-proxy and pgdcli default package name when using SLES operating system as target for cluster nodes.
Bug FixFix an issue whereby TPA would fail to reload/restart postgres on existing nodes to re-read configuration changes and the new node would therefore fail to connect to the cluster.
Bug FixFixed an issue whereby when taking backups from a replica, barman could fail when taking its initial backup by timing out waiting for WAL files. This is fixed by waiting for barman to complete its base backup before forcing a WAL segment switch.
Bug FixEnsure that repmgr witness register command is used with the correct postgres_port value even when using non-default postgres port for the upstream_primary postgres.
Bug FixFixed an issue whereby failover_manager override to repmgr would not work correctly when set at instance level for subscriber-only nodes and their replicas in PGD clusters.
Bug FixFixed two cases of incorrect cgroup detection: on MacOSX, we no longer try to read /proc/mounts. On systems where /sys/fs/cgroup is ro but mounts under it are rw, TPA now correctly detects this.
Bug FixEnsure we can verify the actual config set on pgd-proxy nodes for the newly added read_listen_port option in pgd-proxy.
Bug FixFixed an issue that would prevent deployment with PEM 9.7.0. PEM 9.7.0 no longer depends on Apache at a package level therefore to use Apache as the web server we install the packages explicitly.