Skip to content

Enhance High Availability and SSL Configuration for OpenGauss Cluster #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
liubao68 merged 7 commits into from
Sep 8, 2025
Merged

Enhance High Availability and SSL Configuration for OpenGauss Cluster #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
1e757b4
Add cluster_ha_showcase.py for demonstrating high availability, load …
Sep 6, 2025
c0ea136
Enhance tests-ssl.yml workflow and cluster_ha_showcase.py: Add config…
Sep 6, 2025
fd66a6c
Update tests-ssl.yml and cluster_ha_showcase.py: Enhance config permi…
Sep 6, 2025
b404242
Refine tests-ssl.yml and cluster_ha_showcase.py: Remove separate conf…
Sep 6, 2025
9ccbaaa
Update tests-ssl.yml: Replace tee with cat for file creation, add own…
Sep 6, 2025
2e46a8f
Update tests-ssl.yml: Replace tee with cat for file creation, add own…
Sep 6, 2025
370d1fd
Enhance cluster_ha_showcase.py with DSN masking for secure logging, a…
Sep 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 30 additions & 27 deletions .github/workflows/tests-ssl.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ jobs:
- name: Create configuration directories
run: |
mkdir -p ${{ github.workspace }}/opengauss/conf
sudo chown omm:omm ${{ github.workspace }}/opengauss/conf ${{ github.workspace }}/certs || true
sudo chown omm:omm ${{ github.workspace }}/certs || true
sudo chmod 755 ${{ github.workspace }}/opengauss/conf ${{ github.workspace }}/certs || true

- name: Set certificate permissions
Expand All @@ -70,7 +70,7 @@ jobs:

- name: Create postgresql.conf with SSL
run: |
sudo -u omm bash -c 'cat > ${{ github.workspace }}/opengauss/conf/postgresql.conf <<EOF
sudo cat > ${{ github.workspace }}/opengauss/conf/postgresql.conf <<'EOF'
max_connections = 200
session_timeout = 10min
bulk_write_ring_size = 2GB
Expand All @@ -81,63 +81,66 @@ jobs:
enable_double_write = on
wal_keep_segments = 16
enable_slot_log = off
synchronous_standby_names = '"'"'*'"'"'
synchronous_standby_names = '*'
walsender_max_send_size = 8MB
hot_standby = on
enable_kill_query = off
logging_collector = on
log_filename = '"'"'postgresql-%Y-%m-%d_%H%M%S.log'"'"'
log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'
log_file_mode = 0600
log_rotation_size = 20MB
log_min_duration_statement = 1800000
log_connections = off
log_disconnections = off
log_duration = off
log_hostname = off
log_line_prefix = '"'"'%m %u %d %h %p %S '"'"'
log_timezone = '"'"'UTC'"'"'
log_line_prefix = '%m %u %d %h %p %S '
log_timezone = 'UTC'
enable_alarm = on
connection_alarm_rate = 0.9
alarm_report_interval = 10
alarm_component = '"'"'/opt/snas/bin/snas_cm_cmd'"'"'
alarm_component = '/opt/snas/bin/snas_cm_cmd'
use_workload_manager = on
datestyle = '"'"'iso, mdy'"'"'
timezone = '"'"'UTC'"'"'
lc_messages = '"'"'en_US.utf8'"'"'
lc_monetary = '"'"'en_US.utf8'"'"'
lc_numeric = '"'"'en_US.utf8'"'"'
lc_time = '"'"'en_US.utf8'"'"'
default_text_search_config = '"'"'pg_catalog.english'"'"'
datestyle = 'iso, mdy'
timezone = 'UTC'
lc_messages = 'en_US.utf8'
lc_monetary = 'en_US.utf8'
lc_numeric = 'en_US.utf8'
lc_time = 'en_US.utf8'
default_text_search_config = 'pg_catalog.english'
lockwait_timeout = 1200s
pgxc_node_name = '"'"'gaussdb'"'"'
pgxc_node_name = 'gaussdb'
audit_enabled = on
job_queue_processes = 10
dolphin.nulls_minimal_policy = on
password_encryption_type = 0
wal_level = logical
application_name = '"'"''"'"'
listen_addresses = '"'"'*'"'"'
application_name = ''
listen_addresses = '*'
max_replication_slots = 10
max_wal_senders = 10
shared_buffers = 512MB
ssl = on
ssl_cert_file = '"'"'/var/lib/opengauss/certs/server.crt'"'"'
ssl_key_file = '"'"'/var/lib/opengauss/certs/server.key'"'"'
ssl_ca_file = '"'"'/var/lib/opengauss/certs/ca.crt'"'"'
EOF'
sudo chmod 644 ${{ github.workspace }}/opengauss/conf/postgresql.conf
ssl_cert_file = '/var/lib/opengauss/certs/server.crt'
ssl_key_file = '/var/lib/opengauss/certs/server.key'
ssl_ca_file = '/var/lib/opengauss/certs/ca.crt'
EOF

- name: Create pg_hba.conf with SSL
run: |
sudo -u omm bash -c 'cat > ${{ github.workspace }}/opengauss/conf/pg_hba.conf <<EOF
sudo cat >${{ github.workspace }}/opengauss/conf/pg_hba.conf <<'EOF'
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
hostssl all all 0.0.0.0/0 cert
host all all 0.0.0.0/0 md5
host replication gaussdb 0.0.0.0/0 md5
EOF'
sudo chmod 644 ${{ github.workspace }}/opengauss/conf/pg_hba.conf
host all all 0.0.0.0/0 md5
host replication gaussdb 0.0.0.0/0 md5
EOF

- name: Fix ownership
run: |
sudo chown -R omm:omm ${{ github.workspace }}/opengauss
sudo chmod 644 ${{ github.workspace }}/opengauss/conf/*

- name: Debug file permissions
run: |
Expand Down
Loading
Loading