Even better this version of patch. It also sets https scheme for dcs endpoints and configures cacert, cert and key in .vip file.
-- Peter.
--- /usr/bin/pg_createconfig_patroni 2023-12-01 10:16:15.000000000 +0000 +++ /root/pg_createconfig_patroni 2024-01-10 01:53:03.538645769 +0000 @@ -141,17 +141,19 @@ exit 1 fi VIP_KEY="/postgresql-common/${VERSION}-${CLUSTER}/leader" - DCS_TYPE="$(egrep -v '^[[:space:]]*$|^ *#' /etc/patroni/dcs.yml | egrep -v '[[:space:]]-' | egrep '(etcd|consul|zookeeper)' | sed s/:.*//)" + DCS_TYPE="$(egrep -v '^[[:space:]]*$|^ *#' /etc/patroni/dcs.yml | egrep -v '[[:space:]]-' | egrep '(etcd(3)?|consul|zookeeper):' | sed s/:.*//)" if [ -z "$DCS_TYPE" ]; then echo "DCS type could not be determined from /etc/patroni/dcs.yml, cannot write VIP file" exit 1 fi if [ -z "$DCS_ENDPOINT" ]; then + DCS_PROTOCOL="$(egrep -v '^[[:space:]]*$|^ *#' /etc/patroni/dcs.yml | egrep -v '[[:space:]]-' | egrep 'protocol:' | sed s/.*protocol:[[:space:]]*//)" + DCS_PROTOCOL=${DCS_PROTOCOL:-http} # determine DCS_ENDPOINTS from dcs.yml. This currently assumes that DCS # hosts are listed with their ip-addresses, while hostnames appear to # be valid as well. If DCS servers are to be specified by hostname, # they can be explicitly passed via the --endpoint option. - DCS_ENDPOINT="$(egrep -v '^[[:space:]]*$|^ *#' /etc/patroni/dcs.yml | egrep '(host|-)' | egrep -v '^[[:space:]]*$' | egrep '[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+' | sed -r -e 's/.*(host|hosts)://' -e s/-// -e 's/ //g' | grep -v ^$ | sed -r -e 's/^([0-9])/http:\/\/\1/')" + DCS_ENDPOINT="$(egrep -v '^[[:space:]]*$|^ *#' /etc/patroni/dcs.yml | egrep '(host|-)' | egrep -v '^[[:space:]]*$' | egrep '[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+' | sed -r -e 's/.*(host|hosts)://' -e s/-// -e 's/ //g' | grep -v ^$ | sed -r -e 's/^([0-9])/'$DCS_PROTOCOL':\/\/\1/')" if [ -z "$DCS_ENDPOINT" ]; then echo "DCS endpoint URL could not be determined from /etc/patroni/dcs.yml and --endpoint not provided, cannot write VIP file" exit 1 @@ -161,6 +163,13 @@ # sed -> remove trailing comma DCS_ENDPOINT=$( echo "$DCS_ENDPOINT" | tr '\n' ',' | sed 's/,$//' ) fi + COMMENT="#" + if [ $DCS_PROTOCOL = "https" ]; then + COMMENT="" + VIP_ETCD_CA_FILE="$(egrep -v '^[[:space:]]*$|^ *#' /etc/patroni/dcs.yml | egrep -v '[[:space:]]-' | egrep '^[[:space:]]*cacert:' | sed s/.*cacert:[[:space:]]*//)" + VIP_ETCD_CERT_FILE="$(egrep -v '^[[:space:]]*$|^ *#' /etc/patroni/dcs.yml | egrep -v '[[:space:]]-' | egrep '^[[:space:]]*cert:' | sed s/.*cert:[[:space:]]*//)" + VIP_ETCD_KEY_FILE="$(egrep -v '^[[:space:]]*$|^ *#' /etc/patroni/dcs.yml | egrep -v '[[:space:]]-' | egrep '^[[:space:]]*key:' | sed s/.*key:[[:space:]]*//)" + fi fi LISTEN_VIP=",$VIP_IP" else @@ -215,7 +224,7 @@ -e "s#@NETWORK@#${NETWORK}#g" \ -e "s/@API_PORT@/${API_PORT}/g" \ -e "s/@PORT@/${PORT}/g" \ - -e "s/@DCS_CONFIG@/${DCS_CONFIG}/g" \ + -e "s#@DCS_CONFIG@#${DCS_CONFIG}#g" \ >> $CONFIG_FILE # write vip configuration, if requested @@ -228,6 +237,9 @@ -e "s/@VIP_HOST@/${HOSTNAME}/g" \ -e "s/@VIP_TYPE@/${DCS_TYPE}/g" \ -e "s#@VIP_ENDPOINT@#${DCS_ENDPOINT}#g" \ + -e "s:^#\?\(VIP_ETCD_CA_FILE=\).*:${COMMENT}\1${VIP_ETCD_CA_FILE}:" \ + -e "s:^#\?\(VIP_ETCD_CERT_FILE=\).*:${COMMENT}\1${VIP_ETCD_CERT_FILE}:" \ + -e "s:^#\?\(VIP_ETCD_KEY_FILE=\).*:${COMMENT}\1${VIP_ETCD_KEY_FILE}:" \ >> $VIP_FILE fi