In multi-master replication, superusers are used to connect to each other's databases.
Therefore, you must store the authentication credentials for the postgres user on the target FEPCluster.
Additionally, databases performing multi-master replication connect via password authentication. Protect the communication path between databases using features such as peering between cloud regions.
The postgres user password is either written directly to the FEPCluster custom resource or stored and managed in Cloud Secret Management.
Store the connection information for the postgres user of the target FEPCluster using the same method as defining the postgres user's credentials.
When storing in Kubernetes resources, the postgres user's password is defined by the FEPCluster custom resource. For the definition method, refer to "FEPCluster Parameter" in the Reference.
To share the postgres user credentials between the two FEP Clusters, you must specify the postgres user password definition for both the replication source (fepChildCrVal.sysUsers.pgAdminPassword) and the replication destination (spec.fep.multiMasterReplication.replicationHosts[0].pgAdminPassword).
When using the CSI driver, refer to the User's Guide section "4.6 Deploying FEPClusters with Cloud-based Secret Management".
Store the postgres user's password in the Secret management service.
Record the stored filename for definition in the FEPCluster custom resource.
Additionally, store the target postgres user information in the same location as the Secret management service defined in spec.fepChildCrVal.secretStore.csi. You cannot reference postgres user information from a location different from the Secret management service defined in spec.fepChildCrVal.secretStore.csi.
Therefore, store the postgres user information in the Secret management service within the region where Kubernetes is deployed. Alternatively, if the Secret management service provides cross-region replication services, use that functionality to ensure the postgres user information is accessible in each region.
To establish multi-master replication between FEPClusters deployed on different Kubernetes clusters, create a Service resource to enable external connections to the database container.
Configure the Service resource to be externally accessible by selecting a type such as NodePort or LoadBalancer and assigning an ExternalIP.
Below is an example definition for a NodePort-type Service resource.
kind: Service
apiVersion: v1
metadata:
name: my-fep-internal-svc
namespace: sample-namespace # Apply the service to the namespace where the FEPCluster is deployed
spec:
ports:
- protocol: TCP
port: 27500
type: NodePort
selector: # Specify the FEPCluster custom resource name for <FEPCR name>
app: <FEPCR name>-sts
feprole: masterAfter creating the Service resource, record the connection information for the Service (such as hostname and port) to define it as the destination for bidirectional replication in the FEPCluster custom resource.
Define the database to replicate using multi-master replication.
Mount this configuration file to the FEPCluster using one of the following methods:
Apply as a ConfigMap and specify the ConfigMap name on the FEPCluster custom resource
Store in a CSI and specify the mount point on the FEPCluster custom resource
An example of creating a ConfigMap is provided below. When storing in a CSI, place the YAML definitions under multi-master-replication-conf.yaml into the CSI.
kind: ConfigMap
data:
multi-master-replication-conf.yaml: |
- databaseName: app1
replicationOwner: fep-cluster-1
- databaseName: app2
replicationOwner: fep-cluster-2Multi-master replication creates one replication per database. The following databases will never create a replication:
postgres
template0
template1
Databases defined in spec.fepChildCrVal.sysUsers.pgdb of the FEPCluster custom resource
Additionally, replication will not be created in the following cases:
When a database name that does not exist is specified in databaseName
When a database already replicated is specified with a different replicationName
When the same database is specified multiple times, replication will not be created at any of the specified locations.
Furthermore, if there are elements with no databaseName specified (creating replication for all databases) and elements with a databaseName specified, the definition of the element with the databaseName specified takes precedence.
Specify the definition for the multi-master replication setup in data.multi-master-replication-conf.yaml using the following values.
Parameter | Default | Description |
|---|---|---|
databaseName | - | Option Specify the database name to replicate. If the database to replicate does not exist, the replication group will not be created. If any of the databases specified as postgres, template1, template0, or spec.fepChildCrVal.sysUsers.pgdb are specified, no replication group will be created. If no database is specified, all databases other than those specified as postgres, template1, template0, or spec.fepChildCrVal.sysUsers.pgdb will be replicated when updating replication information. Replication is created per database. |
excludeDatabase | - | Option When databaseName is not specified, you can specify databases to exclude from replication. Multiple databases can be specified in array format. |
excludeTable | - | Options When databaseName is specified, this parameter designates tables to exclude from replication. Multiple tables can be specified in array format. The specified tables must already exist when executing "update_multi_master_replication" in the FEPAction custom resource, and no DML operations must have been performed on them. Tables once designated for exclusion cannot be removed from exclusion by deleting them from this parameter. To remove a table from exclusion after it has been specified, refer to the Fujitsu Enterprise Postgres Cluster Operation Guide (Multi-master Replication) for the pgx_pgactive_reset_table_replication_set() function. |
replicationName | - | Option You can specify the replication name. When omitted, the database name becomes the replication name. |
state | - | Option create: Creates the specified replication. delete: Deletes the specified replication. |
replicationOwner | Specify the hostname of the owner that creates the multi-master replication. The owner's FEP cluster creates a replication group based on the definition. FEP clusters other than the owner join the replication group. |
Create or modify the FEPCluster custom resource.
When enabling multi-master replication on a pre-built FEPCluster where multi-master replication is disabled, the database Pod will restart to mount the multi-master replication definition file and the replication destination's authentication credentials.
Define the following values for the custom resource:
Connection information for the replication destination
Your hostname/IP address
Location where the multi-master replication configuration file is stored
spec:
fep:
hostName: fep-cluster-1 #Enter connection information for the Service resource for external
port: 27501
multiMasterReplication:
configMapName: multi-master-repl-info-cm
replicationHosts:
- hostName: fep-cluster-2
port: 27502
pgAdminPassword: multi-master-passwordApply the FEPCluster custom resource using the defined YAML file.
If multiMasterReplication is defined and pgactive is not defined in shared_preload_libraries under spec.fepChildCrVal.customPgParams, the Operator will automatically define it.