--- #==============================================================# # File : fat.yml # Desc : Pigsty Feature-All-Test config template # Ctime : 2020-05-22 # Mtime : 2025-12-28 # Docs : https://pigsty.io/docs/conf/fat # License : Apache-2.0 @ https://pigsty.io/docs/about/license/ # Copyright : 2018-2026 Ruohang Feng / Vonng (rh@vonng.com) #==============================================================# # This is the 4-node sandbox for pigsty # # Usage: # curl https://repo.pigsty.io/get | bash # ./configure -c fat [-v 18|17|16|15] # ./deploy.yml all: #==============================================================# # Clusters, Nodes, and Modules #==============================================================# children: #----------------------------------------------# # PGSQL : https://pigsty.io/docs/pgsql #----------------------------------------------# # this is an example single-node postgres cluster with pgvector installed, with one biz database & two biz users pg-meta: hosts: 10.10.10.10: { pg_seq: 1, pg_role: primary } # <---- primary instance with read-write capability #x.xx.xx.xx: { pg_seq: 2, pg_role: replica } # <---- read only replica for read-only online traffic #x.xx.xx.xy: { pg_seq: 3, pg_role: offline } # <---- offline instance of ETL & interactive queries vars: pg_cluster: pg-meta # install, load, create pg extensions: https://pigsty.io/docs/pgsql/ext/ pg_extensions: [ pg18-main ,pg18-time ,pg18-gis ,pg18-rag ,pg18-fts ,pg18-olap ,pg18-feat ,pg18-lang ,pg18-type ,pg18-util ,pg18-func ,pg18-admin ,pg18-stat ,pg18-sec ,pg18-fdw ,pg18-sim ,pg18-etl] pg_libs: 'timescaledb, pg_stat_statements, auto_explain, pg_wait_sampling' # define business users/roles : https://pigsty.io/docs/pgsql/config/user pg_users: - name: dbuser_meta # REQUIRED, `name` is the only mandatory field of a user definition password: DBUser.Meta # optional, the password. can be a scram-sha-256 hash string or plain text #state: create # optional, create|absent, 'create' by default, use 'absent' to drop user #login: true # optional, can log in, true by default (new biz ROLE should be false) #superuser: false # optional, is superuser? false by default #createdb: false # optional, can create databases? false by default #createrole: false # optional, can create role? false by default #inherit: true # optional, can this role use inherited privileges? true by default #replication: false # optional, can this role do replication? false by default #bypassrls: false # optional, can this role bypass row level security? false by default #pgbouncer: true # optional, add this user to the pgbouncer user-list? false by default (production user should be true explicitly) #connlimit: -1 # optional, user connection limit, default -1 disable limit #expire_in: 3650 # optional, now + n days when this role is expired (OVERWRITE expire_at) #expire_at: '2030-12-31' # optional, YYYY-MM-DD 'timestamp' when this role is expired (OVERWRITTEN by expire_in) #comment: pigsty admin user # optional, comment string for this user/role #roles: [dbrole_admin] # optional, belonged roles. default roles are: dbrole_{admin|readonly|readwrite|offline} #parameters: {} # optional, role level parameters with `ALTER ROLE SET` #pool_mode: transaction # optional, pgbouncer pool mode at user level, transaction by default #pool_connlimit: -1 # optional, max database connections at user level, default -1 disable limit # Enhanced roles syntax (PG16+): roles can be string or object with options: # - dbrole_readwrite # simple string: GRANT role # - { name: role, admin: true } # GRANT WITH ADMIN OPTION # - { name: role, set: false } # PG16: REVOKE SET OPTION # - { name: role, inherit: false } # PG16: REVOKE INHERIT OPTION # - { name: role, state: absent } # REVOKE membership - { name: dbuser_view ,password: DBUser.Viewer ,pgbouncer: true ,roles: [dbrole_readonly], comment: read-only viewer for meta database } #- {name: dbuser_bytebase ,password: DBUser.Bytebase ,pgbouncer: true ,roles: [dbrole_admin] ,comment: admin user for bytebase database } #- {name: dbuser_remove ,state: absent } # use state: absent to remove a user # define business databases : https://pigsty.io/docs/pgsql/config/db pg_databases: # define business databases on this cluster, array of database definition - name: meta # REQUIRED, `name` is the only mandatory field of a database definition #state: create # optional, create|absent|recreate, create by default baseline: cmdb.sql # optional, database sql baseline path, (relative path among the ansible search path, e.g.: files/) schemas: [ pigsty ] # optional, additional schemas to be created, array of schema names extensions: # optional, additional extensions to be installed: array of `{name[,schema]}` - vector # install pgvector for vector similarity search - postgis # install postgis for geospatial type & index - timescaledb # install timescaledb for time-series data - { name: pg_wait_sampling, schema: monitor } # install pg_wait_sampling on monitor schema comment: pigsty meta database # optional, comment string for this database #pgbouncer: true # optional, add this database to the pgbouncer database list? true by default #owner: postgres # optional, database owner, current user if not specified #template: template1 # optional, which template to use, template1 by default #strategy: FILE_COPY # optional, clone strategy: FILE_COPY or WAL_LOG (PG15+), default to PG's default #encoding: UTF8 # optional, inherited from template / cluster if not defined (UTF8) #locale: C # optional, inherited from template / cluster if not defined (C) #lc_collate: C # optional, inherited from template / cluster if not defined (C) #lc_ctype: C # optional, inherited from template / cluster if not defined (C) #locale_provider: libc # optional, locale provider: libc, icu, builtin (PG15+) #icu_locale: en-US # optional, icu locale for icu locale provider (PG15+) #icu_rules: '' # optional, icu rules for icu locale provider (PG16+) #builtin_locale: C.UTF-8 # optional, builtin locale for builtin locale provider (PG17+) #tablespace: pg_default # optional, default tablespace, pg_default by default #is_template: false # optional, mark database as template, allowing clone by any user with CREATEDB privilege #allowconn: true # optional, allow connection, true by default. false will disable connect at all #revokeconn: false # optional, revoke public connection privilege. false by default. (leave connect with grant option to owner) #register_datasource: true # optional, register this database to grafana datasources? true by default #connlimit: -1 # optional, database connection limit, default -1 disable limit #pool_auth_user: dbuser_meta # optional, all connection to this pgbouncer database will be authenticated by this user #pool_mode: transaction # optional, pgbouncer pool mode at database level, default transaction #pool_size: 64 # optional, pgbouncer pool size at database level, default 64 #pool_size_reserve: 32 # optional, pgbouncer pool size reserve at database level, default 32 #pool_size_min: 0 # optional, pgbouncer pool size min at database level, default 0 #pool_max_db_conn: 100 # optional, max database connections at database level, default 100 #- {name: bytebase ,owner: dbuser_bytebase ,revokeconn: true ,comment: bytebase primary database } pg_hba_rules: # https://pigsty.io/docs/pgsql/config/hba - { user: all ,db: all ,addr: intra ,auth: pwd ,title: 'everyone intranet access with password' ,order: 800 } pg_crontab: # https://pigsty.io/docs/pgsql/admin/crontab - '00 01 * * * /pg/bin/pg-backup full' # define (OPTIONAL) L2 VIP that bind to primary pg_vip_enabled: true pg_vip_address: 10.10.10.2/24 pg_vip_interface: eth1 #----------------------------------------------# # INFRA : https://pigsty.io/docs/infra #----------------------------------------------# infra: hosts: 10.10.10.10: { infra_seq: 1 } vars: repo_enabled: true # build local repo: https://pigsty.io/docs/infra/admin/repo #repo_extra_packages: [ pg18-main ,pg18-time ,pg18-gis ,pg18-rag ,pg18-fts ,pg18-olap ,pg18-feat ,pg18-lang,pg18-type ,pg18-util ,pg18-func ,pg18-admin ,pg18-stat ,pg18-sec ,pg18-fdw ,pg18-sim ,pg18-etl] repo_packages: [ node-bootstrap, infra-package, infra-addons, node-package1, node-package2, pgsql-utility, extra-modules, pg18-full,pg18-time,pg18-gis,pg18-rag,pg18-fts,pg18-olap,pg18-feat,pg18-lang,pg18-type,pg18-util,pg18-func,pg18-admin,pg18-stat,pg18-sec,pg18-fdw,pg18-sim,pg18-etl, pg17-full,pg17-time,pg17-gis,pg17-rag,pg17-fts,pg17-olap,pg17-feat,pg17-lang,pg17-type,pg17-util,pg17-func,pg17-admin,pg17-stat,pg17-sec,pg17-fdw,pg17-sim,pg17-etl, pg16-full,pg16-time,pg16-gis,pg16-rag,pg16-fts,pg16-olap,pg16-feat,pg16-lang,pg16-type,pg16-util,pg16-func,pg16-admin,pg16-stat,pg16-sec,pg16-fdw,pg16-sim,pg16-etl, pg15-full,pg15-time,pg15-gis,pg15-rag,pg15-fts,pg15-olap,pg15-feat,pg15-lang,pg15-type,pg15-util,pg15-func,pg15-admin,pg15-stat,pg15-sec,pg15-fdw,pg15-sim,pg15-etl, pg14-full,pg14-time,pg14-gis,pg14-rag,pg14-fts,pg14-olap,pg14-feat,pg14-lang,pg14-type,pg14-util,pg14-func,pg14-admin,pg14-stat,pg14-sec,pg14-fdw,pg14-sim,pg14-etl, pg13-full,pg13-time,pg13-gis,pg13-rag,pg13-fts,pg13-olap,pg13-feat,pg13-lang,pg13-type,pg13-util,pg13-func,pg13-admin,pg13-stat,pg13-sec,pg13-fdw,pg13-sim,pg13-etl, infra-extra, kafka, java-runtime, sealos, tigerbeetle, polardb, ivorysql ] #----------------------------------------------# # ETCD : https://pigsty.io/docs/etcd #----------------------------------------------# etcd: hosts: 10.10.10.10: { etcd_seq: 1 } vars: etcd_cluster: etcd etcd_safeguard: false # prevent purging running etcd instance? #----------------------------------------------# # MINIO : https://pigsty.io/docs/minio #----------------------------------------------# minio: hosts: 10.10.10.10: { minio_seq: 1 } vars: minio_cluster: minio minio_users: # list of minio user to be created - { access_key: pgbackrest ,secret_key: S3User.Backup ,policy: pgsql } - { access_key: s3user_meta ,secret_key: S3User.Meta ,policy: meta } - { access_key: s3user_data ,secret_key: S3User.Data ,policy: data } #----------------------------------------------# # DOCKER : https://pigsty.io/docs/docker # APP : https://pigsty.io/docs/app #----------------------------------------------# # OPTIONAL, launch example pgadmin app with: ./app.yml & ./app.yml -e app=bytebase app: hosts: { 10.10.10.10: {} } vars: docker_enabled: true # enabled docker with ./docker.yml #docker_registry_mirrors: ["https://docker.1panel.live","https://docker.1ms.run","https://docker.xuanyuan.me","https://registry-1.docker.io"] app: pgadmin # specify the default app name to be installed (in the apps) apps: # define all applications, appname: definition # Admin GUI for PostgreSQL, launch with: ./app.yml pgadmin: # pgadmin app definition (app/pgadmin -> /opt/pgadmin) conf: # override /opt/pgadmin/.env PGADMIN_DEFAULT_EMAIL: admin@pigsty.cc # default user name PGADMIN_DEFAULT_PASSWORD: pigsty # default password # Schema Migration GUI for PostgreSQL, launch with: ./app.yml -e app=bytebase bytebase: conf: BB_DOMAIN: http://ddl.pigsty # replace it with your public domain name and postgres database url BB_PGURL: "postgresql://dbuser_bytebase:DBUser.Bytebase@10.10.10.10:5432/bytebase?sslmode=prefer" #==============================================================# # Global Parameters #==============================================================# vars: #----------------------------------------------# # INFRA : https://pigsty.io/docs/infra #----------------------------------------------# version: v4.0.0 # pigsty version string admin_ip: 10.10.10.10 # admin node ip address region: default # upstream mirror region: default|china|europe proxy_env: # global proxy env when downloading packages no_proxy: "localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16,*.pigsty,*.aliyun.com,mirrors.*,*.myqcloud.com,*.tsinghua.edu.cn" # http_proxy: # set your proxy here: e.g http://user:pass@proxy.xxx.com # https_proxy: # set your proxy here: e.g http://user:pass@proxy.xxx.com # all_proxy: # set your proxy here: e.g http://user:pass@proxy.xxx.com certbot_sign: false # enable certbot to sign https certificate for infra portal certbot_email: your@email.com # replace your email address to receive expiration notice infra_portal: # domain names and upstream servers home : { domain: i.pigsty } pgadmin : { domain: adm.pigsty ,endpoint: "${admin_ip}:8885" } bytebase : { domain: ddl.pigsty ,endpoint: "${admin_ip}:8887" ,websocket: true} minio : { domain: m.pigsty ,endpoint: "${admin_ip}:9001" ,scheme: https ,websocket: true } #website: # static local website example stub # domain: repo.pigsty # external domain name for static site # certbot: repo.pigsty # use certbot to sign https certificate for this static site # path: /www/pigsty # path to the static site directory #supabase: # dynamic upstream service example stub # domain: supa.pigsty # external domain name for upstream service # certbot: supa.pigsty # use certbot to sign https certificate for this upstream server # endpoint: "10.10.10.10:8000" # path to the static site directory # websocket: true # add websocket support # certbot: supa.pigsty # certbot cert name, apply with `make cert` #----------------------------------------------# # NODE : https://pigsty.io/docs/node/param #----------------------------------------------# nodename_overwrite: true # overwrite node hostname on multi-node template node_tune: oltp # node tuning specs: oltp,olap,tiny,crit node_etc_hosts: # add static domains to all nodes /etc/hosts - 10.10.10.10 i.pigsty sss.pigsty - 10.10.10.10 adm.pigsty ddl.pigsty repo.pigsty supa.pigsty node_repo_modules: local,node,infra,pgsql # use pre-made local repo rather than install from upstream node_repo_remove: true # remove existing node repo for node managed by pigsty #node_packages: [openssh-server] # packages to be installed current nodes with latest version #node_timezone: Asia/Hong_Kong # overwrite node timezone #----------------------------------------------# # PGSQL : https://pigsty.io/docs/pgsql/param #----------------------------------------------# pg_version: 18 # default postgres version pg_conf: oltp.yml # pgsql tuning specs: {oltp,olap,tiny,crit}.yml pg_safeguard: false # prevent purging running postgres instance? pg_packages: [ pgsql-main, pgsql-common ] # pg kernel and common utils #pg_extensions: [ pg18-time ,pg18-gis ,pg18-rag ,pg18-fts ,pg18-olap ,pg18-feat ,pg18-lang ,pg18-type ,pg18-util ,pg18-func ,pg18-admin ,pg18-stat ,pg18-sec ,pg18-fdw ,pg18-sim ,pg18-etl] #----------------------------------------------# # BACKUP : https://pigsty.io/docs/pgsql/backup #----------------------------------------------# # if you want to use minio as backup repo instead of 'local' fs, uncomment this, and configure `pgbackrest_repo` # you can also use external object storage as backup repo pgbackrest_method: minio # if you want to use minio as backup repo instead of 'local' fs, uncomment this pgbackrest_repo: # pgbackrest repo: https://pgbackrest.org/configuration.html#section-repository local: # default pgbackrest repo with local posix fs path: /pg/backup # local backup directory, `/pg/backup` by default retention_full_type: count # retention full backups by count retention_full: 2 # keep 2, at most 3 full backups when using local fs repo minio: # optional minio repo for pgbackrest type: s3 # minio is s3-compatible, so s3 is used s3_endpoint: sss.pigsty # minio endpoint domain name, `sss.pigsty` by default s3_region: us-east-1 # minio region, us-east-1 by default, useless for minio s3_bucket: pgsql # minio bucket name, `pgsql` by default s3_key: pgbackrest # minio user access key for pgbackrest [CHANGE ACCORDING to minio_users.pgbackrest] s3_key_secret: S3User.Backup # minio user secret key for pgbackrest [CHANGE ACCORDING to minio_users.pgbackrest] s3_uri_style: path # use path style uri for minio rather than host style path: /pgbackrest # minio backup path, default is `/pgbackrest` storage_port: 9000 # minio port, 9000 by default storage_ca_file: /etc/pki/ca.crt # minio ca file path, `/etc/pki/ca.crt` by default block: y # Enable block incremental backup bundle: y # bundle small files into a single file bundle_limit: 20MiB # Limit for file bundles, 20MiB for object storage bundle_size: 128MiB # Target size for file bundles, 128MiB for object storage cipher_type: aes-256-cbc # enable AES encryption for remote backup repo cipher_pass: pgBackRest # AES encryption password, default is 'pgBackRest' retention_full_type: time # retention full backup by time on minio repo retention_full: 14 # keep full backup for the last 14 days s3: # you can use cloud object storage as backup repo type: s3 # Add your object storage credentials here! s3_endpoint: oss-cn-beijing-internal.aliyuncs.com s3_region: oss-cn-beijing s3_bucket: s3_key: s3_key_secret: s3_uri_style: host path: /pgbackrest bundle: y # bundle small files into a single file bundle_limit: 20MiB # Limit for file bundles, 20MiB for object storage bundle_size: 128MiB # Target size for file bundles, 128MiB for object storage cipher_type: aes-256-cbc # enable AES encryption for remote backup repo cipher_pass: pgBackRest # AES encryption password, default is 'pgBackRest' retention_full_type: time # retention full backup by time on minio repo retention_full: 14 # keep full backup for the last 14 days #----------------------------------------------# # PASSWORD : https://pigsty.io/docs/setup/security/ #----------------------------------------------# grafana_admin_password: pigsty grafana_view_password: DBUser.Viewer pg_admin_password: DBUser.DBA pg_monitor_password: DBUser.Monitor pg_replication_password: DBUser.Replicator patroni_password: Patroni.API haproxy_admin_password: pigsty minio_secret_key: S3User.MinIO etcd_root_password: Etcd.Root ...