squids add db pooling and replication

[DaMandal0rian]

PR Type

Enhancement

---

Description

• Added pgcat service to the Docker Compose file for database pooling.
• Created a new script to set up a Docker Compose file for a database replica, including PostgreSQL replication settings and New Relic monitoring.
• Added installation and configuration steps for ufw-docker to enhance firewall security.
• Introduced a pgcat configuration file with settings for general pooler, pool modes, and sharding.
• Updated PostgreSQL configuration to include replication settings, enabling WAL level, replication slots, and hot standby.

---

Changes walkthrough 📝

Relevant files

Enhancement

create_squid_node_compose_file.sh Add `pgcat` service for database pooling                                  templates/terraform/explorer/base/scripts/create_squid_node_compose_file.sh Added pgcat service configuration for database pooling. Exposed ports 6432 and 9930 for pgcat. +11/-0    create_squid_node_db_replica_compose_file.sh Create script for database replica Docker Compose setup    templates/terraform/explorer/base/scripts/create_squid_node_db_replica_compose_file.sh Created script to set up a Docker Compose file for a database replica. Configured db_replica service with PostgreSQL image and replication settings. Added New Relic agent for monitoring. +46/-0    install_docker.sh Add `ufw-docker` installation and configuration                    templates/terraform/explorer/base/scripts/install_docker.sh Added installation steps for ufw-docker. Enabled and configured UFW (Uncomplicated Firewall). +8/-0      pgcat.toml Add `pgcat` configuration file for database pooling            templates/terraform/explorer/base/config/pgcat.toml Added configuration file for pgcat. Configured general pooler settings, pool modes, and sharding. +115/-0  postgresql.conf Add replication settings to PostgreSQL configuration          templates/terraform/explorer/base/config/postgresql.conf Added replication settings to PostgreSQL configuration. Enabled WAL level, replication slots, and hot standby. +7/-0

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[github-actions]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Key issues to review Configuration Duplication The database key is duplicated at lines 113 and 115. This might cause confusion or errors in configuration parsing. It should be defined only once. Hardcoded Values The pgcat service uses a hardcoded image tag (e1e4929d439313d987c352b4517a6d99627f3e9c) at line 32. Consider using a variable for the image tag to make updates easier and the script more maintainable.

[github-actions]

PR Code Suggestions ✨

Category	Suggestion	Score
Possible bug	Remove duplicate configuration entries to avoid parsing errors The database key is duplicated at the end of the configuration file. This might cause confusion or errors in the configuration parsing. Remove the duplicate entry to maintain clarity and correctness in the configuration. templates/terraform/explorer/base/config/pgcat.toml [114-115] -database = "postgres" database = "postgres" Suggestion importance[1-10]: 10 Why: Removing duplicate configuration entries is crucial to avoid parsing errors and maintain clarity in the configuration file. This suggestion addresses a possible bug that could lead to configuration issues.	10
Security	Add checksum verification for downloaded files to enhance security Ensure that the URL used in the wget command is verified to prevent potential security risks from untrusted sources. Consider adding a checksum verification step after downloading the file. templates/terraform/explorer/base/scripts/install_docker.sh [28-29] sudo wget -O /usr/local/bin/ufw-docker \ https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker +echo "expected_checksum downloaded_checksum" | sha256sum -c Suggestion importance[1-10]: 9 Why: Adding checksum verification for downloaded files is an important security measure to ensure the integrity and authenticity of the files. This suggestion addresses a potential security vulnerability.	9
	Avoid embedding credentials directly in scripts It's recommended to avoid embedding credentials directly in scripts. Instead, use environment variables or secret management tools to handle sensitive information securely. templates/terraform/explorer/base/scripts/create_squid_node_db_replica_compose_file.sh [15-16] -POSTGRES_USER: ${POSTGRES_USER} -POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} +POSTGRES_USER: ${POSTGRES_USER_ENV} +POSTGRES_PASSWORD: ${POSTGRES_PASSWORD_ENV} Suggestion importance[1-10]: 8 Why: Avoiding the embedding of credentials directly in scripts is a significant security improvement. Using environment variables or secret management tools helps protect sensitive information.	8
Best practice	Use a specific version tag for Docker images to ensure stability Consider using a specific version tag for the pgcat image instead of a commit hash. This can help ensure that the image is stable and has been vetted for production use. Using a specific version tag can also make it easier to track which version of the software is being used. templates/terraform/explorer/base/scripts/create_squid_node_compose_file.sh [32] -image: ghcr.io/postgresml/pgcat:e1e4929d439313d987c352b4517a6d99627f3e9c +image: ghcr.io/postgresml/pgcat:1.0.0 # Example version tag Suggestion importance[1-10]: 7 Why: Using a specific version tag for Docker images is a best practice that can improve stability and traceability. However, it is not a critical issue, hence the moderate score.	7