Trusted Postgres Architect 23.39.0 release notes v23.39.0

There was no specific package defined for this distro which caused deployment errors. Additionally, this ensures that either mod_wsgi or edb's mod_wsgi module is enabled by default where it applies.

When a user specifies edb_stat_monitor as an entry in either postgres_extensionsor the list of extensions named under postgres_databases, TPA will handle installing the correct package, creating the extension and including it in the shared_preload_libraries.

TPA now supports the s390x CPU architecture. Supported s390x operating systems are RHEL 8 and 9 and SLES 15. TPA can run on these systems and use them as target hosts for cluster deployment.

Because s390x binaries are not available for all PyPI packages, it is highly recommended that you install the tpaexec-deps package from EDB rather than rely on installation from PyPI during setup. Similarly, because there is not a PGDG RPM repo for s390x you must have access to EDB Repos for TPA to install Postgres and other cluster components from packages.

Starting with EFM 5.1, there will be a new property auto.rewind that is part of a new feature to attempt to rebuild failed primary db servers.

This adds support for the jdbc.properties property in EFM 5.0 and later.

Starting with EFM 5.1, there will be a new property jdbc.loglevel that is used to increase information logged from the JDBC driver. This property can be used to get more information when there are connection problems, e.g. when using ssl for database connections.

Starting with EFM 5.1, there will be a new property check.vip.timeoutthat is used to control how long EFM will keep checking is the VIP (if used) is reachable before promoting a standby.

Ubuntu 20.04 is now out of support upstream and is no longer fully supported by TPA.

Now that the old 2q repositories and EDB Repos 1.0 are no longer available, TPA will not try to use them or check for configuration related to them. All packages that were formerly available in those repositories are now available in the EDB Repos 2.0 repositories.

When running tpaexec configure for a SLES system, use either EDB repositories or PGDG repositories, not both, matching the behavior of other operating systems. This ensures that packages such as barman, which are available in both places, are consistently sourced from the same repository as other packages.

pgd_proxy_package_version and pgdcli_package_version may be explicitly defined in config.yml. If they are not explicitly defined, they now default to the value of bdr_package_version, if it is set. If none of them is set, the latest available versions of packages are installed. Setting these package versions to different values is not supported and is only useful for testing.

In recent Postgres versions, the suggested default for vacuum_cost_delayhas been reduced to 2ms. TPA now matches this.

Added a new section to the efm.md documentation that explains how TPA determines whether a node is eligible for promotion during failover. The update clarifies the rules for promotability, including the roles of witness nodes, cascading standbys, and nodes explicitly marked with the efm-not-promotable role. This enhancement should help users understand and control failover behavior, reducing the risk of unintended promotions in EFM-managed clusters.

Since the include_vars module immediately parses and evaluates expressions, nested variables do not exist at the point they are loaded from config.yml and thus are undefined when evaluated in templated expressions. This is now documented with an example so it is clearer for users.

TPA now uses the Rocky Linux organization's docker images rather than docker hub's "official" ones. These are more frequently updated and hence less likely to cause dependency problems with newer packages.

The PGD6 architectures now have correct metadata and therefore appear as expected in the output of tpaexec info architectures.

The replication_user entry is required the .pgpass file for both replicaand primary nodes managed by either efm or patroni as the failover_manager. Previously, it was only added to the .pgass file for replica nodes, resulting in connection issues to the primary node after a switchover.

Previously, TPA would mistakenly try to enable routing for subscriber-only groups during PGD6 deployments. This property is not editable anymore as it forms core part of the definition of subscriber-only groups in PGD6.

The TPA task Register PEM backend database server for monitoring and configurationexplicitly calls the pem.setup SQL function. This is not considered part of the public API of PEM and the signature changed between 10.1.0 and 10.1.1 causing TPA's call to this function to fail. This fix addresses the issue by adjusting the function call according to the installed PEM server version. To accommodate this change we have introduced a new pem/server/facts Ansible role that is responsible for collecting facts about the installed PEM version. This also means that TPA will no longer attempt to run postgresexpert.sql on PEM 10, where Postgres Expert is no longer present.

If a file supplied in the --overrides-from argument to tpaexec configuresets bdr_node_groups in cluster_vars, the contents of this will now be added to the node groups automatically created.

Since PGD version 6 has a built-in Connection Manager which replaces PGD Proxy, the pgdproxy Postgres user should not be used in any DSNs. A new variablebdr_connection_manager_route_dsn is introduced for defining connection strings to Connection Manager. Users can additionally define bdr_connection_manager_dsn_attributesin their config.yml to specify additional connection parameters in the DSN.

For Patroni clusters TPA will now dynamically generate the ignore_slots setting corresponding to Barman nodes in the cluster. This change ensures that Patroni will not remove the physical slots created for each of the Barman nodes. This is especially important for the Patroni clusters with more than one backup servers; including shared Barman nodes for example.

Upgraded Base Image to Debian Trixie to meet TPA's Python 3.12 minimum requirement, ensuring compatibility with modern dependencies.

• Removed --use-community-ansible flag as it is no longer supported.
• Included the openssh-client package to prevent tpaexec failures due to missing ssh-keygen, enhancing out-of-the-box functionality.
• Introduced Build-Time Versioning: Added an ARG variable to pass the output of git describe from the host during build, storing it as /opt/EDB/TPA/VERSION for improved version tracking.
• Revised docker/README.md and docs/src/INSTALL-docker.md to reflect the latest setup instructions and best practices.

For Postgres 15+, the Barman user is now created with the pg_checkpointrole. This allows Barman to run CHECKPOINT without the need of being superuser,barman switch-wal --force will not fail any more.