Trusted Postgres Architect 23.35 release notes v23

PermissionsStartOnly has been deprecated and is now achieved via ExecStartPost=+/bin/bash... syntax.

The PostGIS package will automatically be added when a user specifies postgisas an entry in either postgres_extensions or the list of extensions named underpostgres_databases. Also enables the CRB (Code Ready Builder) repository for RHEL-compatible distributions so PostGIS dependencies can be installed.

Certain required privileges are granted to Postgres role, barman_role, which is then granted to the barman Postgres user. This avoids creating thebarman user as a superuser. This role can also be granted to other Postgres users by adding it to their granted_roles list using postgres/createuser. Thebarman_role is created as part of the Barman tasks; if Barman is not used, this role will not be created. Therefore, the task that grants privileges to this role is only executed if the barman_role username is in the list of Postgres users that are created. The ''barman'' user now has NOSUPERUSER explicitly specified as a role attribute. If a cluster was deployed with a previous TPA version (which created the ''barman'' user as a superuser), deploying with this version will remove the superuser role attribute from the barman user.

Improve postgres-monitor script to better manage recoverable errors and add retries on network errors to ensure that it won''t return failure when it just didn't allow enough time for postgres service to be fully started.

A support ticket questioned why the pemserver and barman nodes are added to the Allowed node host list in EFM when they are not relevant to EFM functions. Refactored the task that writes the efm.node configuration to only include those nodes that have efm in their list of roles.

The --efm-install-path and --efm-cluster-name flags are set when a PEM server is registered on an EFM node. The Streaming Replication, Failover Manager Node Status and Failover Manager Cluster Info probes are enabled when a PEM agent is registered on an EFM node. '

Fixed a bug whereby the test that ensures the current pgd-proxy configuration matches the expected configuration would fail for version < 5.5.0. This fix ensures that TPA won't try to query configuration keys added in version 5.5.0.

A primary_slot_name is configured on the primary node to ensure the old primary uses a physical slot for replication during an EFM switchover. However, ''bdr_init_physical'' attempts to use it for node initialisation and hangs indefinitely since the slot does not exist in a PGD installation. This primary_slot_nameis now conditionally set explicitly when the failover_manager is EFM to avoid setting it unnecessarily.

If the pgdcli_package_version is specified in config.yml, the bash-completionpackage is incorrectly named because the packages_for filter erroneously appends the pgdcli_package_version to the package name. This results in an attempt to download a nonexistant package. The bash-completion package is now appended to the list after the packages_for filter, since it''s version is independent from the pgdcli_package_version.

Fixed an issue whereby in some cases error messages would be repeated even after successful tasks.

Fixed an issue whereby new replicas in patroni clusters would fail with errors related to replication slots.

'If --enable-pem and --enable-pg-backup-api are passed to tpaexec configure, pem-agent is added twice to the barman node if it is also a witness. Fixed by by consolidating both if statements together to only evaluate the conditions once. '

Fixed a bug whereby if the user excluded the pkg selector, later pem-related tasks would fail because the pem_python_executable fact had not been set.