feat(lab-06): PostgreSQL production -- HA replication (bitnami), PgBouncer, postgres-exporter

RedjiJB · RedjiJB · commit 0c8a4009e0ab · 2026-02-28T18:40:20.000-05:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -37,11 +37,9 @@ jobs:
           echo "Validating: docker/docker-compose.integration.yml"
           docker compose -f docker/docker-compose.integration.yml config -q
           echo "OK: docker/docker-compose.integration.yml"
-          for f in docker/docker-compose.production.yml; do
-            echo "Checking scaffold: $f"
-            docker compose -f "$f" config --no-interpolate -q 2>&1 && echo "OK: $f" \
-              || echo "WARN: $f has placeholder variables (scaffold — not yet built out)"
-          done
+          echo "Validating: docker/docker-compose.production.yml"
+          docker compose -f docker/docker-compose.production.yml config -q
+          echo "OK: docker/docker-compose.production.yml"
 
       - name: ShellCheck — lab test scripts
         run: |
@@ -262,4 +260,40 @@ jobs:
 
       - name: Cleanup
         if: always()
-        run: docker compose -f docker/docker-compose.integration.yml down -v
+        run: docker compose -f docker/docker-compose.integration.yml down -v
+
+  lab-06-smoke:
+    name: Lab 06 — PostgreSQL Production HA (primary+replica+PgBouncer+exporter)
+    runs-on: ubuntu-latest
+    needs: validate
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install tools
+        run: sudo apt-get install -y postgresql-client curl
+
+      - name: Start production stack
+        run: docker compose -f docker/docker-compose.production.yml up -d
+
+      - name: Wait for PG primary
+        run: timeout 120 bash -c 'until pg_isready -h localhost -p 5432 -U labadmin; do sleep 3; done'
+
+      - name: Wait for PG replica
+        run: timeout 60 bash -c 'until pg_isready -h localhost -p 5433 -U labadmin; do sleep 3; done'
+
+      - name: Wait for PgBouncer
+        run: timeout 60 bash -c 'until pg_isready -h localhost -p 6432 -U labadmin; do sleep 3; done'
+
+      - name: Run Lab 03-06 test script
+        env:
+          PG_PASS: "Lab06Password!"
+        run: bash tests/labs/test-lab-03-06.sh
+
+      - name: Collect logs on failure
+        if: failure()
+        run: docker compose -f docker/docker-compose.production.yml logs
+
+      - name: Cleanup
+        if: always()
+        run: docker compose -f docker/docker-compose.production.yml down -v
diff --git a/docker/docker-compose.production.yml b/docker/docker-compose.production.yml
@@ -1,53 +1,126 @@
-# Lab 06 — Production: postgresql HA-ready with monitoring and external volumes
+# Lab 06 -- Production: PostgreSQL HA with streaming replication, PgBouncer, Prometheus exporter
 ---
+x-pg-common: &pg-common
+  image: bitnami/postgresql:16
+  restart: always
+  networks:
+    - pg-prod-net
+
 services:
-  postgresql:
-    image: postgres:16
-    container_name: it-stack-postgresql
-    restart: always
+  pg-primary:
+    <<: *pg-common
+    container_name: it-stack-pg-primary
     ports:
-      - "5432:$firstPort"
+      - "5432:5432"
     environment:
-      - IT_STACK_ENV=production
-      - KEYCLOAK_URL=
-      - DB_HOST=
-      - REDIS_HOST=
-      - GRAYLOG_HOST=
+      POSTGRESQL_REPLICATION_MODE: master
+      POSTGRESQL_REPLICATION_USER: replicator
+      POSTGRESQL_REPLICATION_PASSWORD: "Lab06Password!"
+      POSTGRESQL_USERNAME: labadmin
+      POSTGRESQL_PASSWORD: "Lab06Password!"
+      POSTGRESQL_DATABASE: labapp
+      POSTGRESQL_POSTGRES_PASSWORD: "Lab06Password!"
     volumes:
-      - postgresql_data:/var/lib/postgresql
-      - /etc/ssl/certs:/etc/ssl/certs:ro
+      - pg-primary-data:/bitnami/postgresql
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U labadmin -d labapp"]
+      interval: 10s
+      timeout: 5s
+      retries: 10
+      start_period: 60s
     deploy:
-      replicas: 1
       resources:
         limits:
-          cpus: "4.0"
-          memory: G
-        reservations:
-          cpus: "1.0"
-          memory: 1G
-      restart_policy:
-        condition: any
-        delay: 5s
-    logging:
-      driver: gelf
-      options:
-        gelf-address: "udp://${GRAYLOG_HOST}:12201"
-        tag: "it-stack-postgresql"
+          cpus: "2.0"
+          memory: 2G
+
+  pg-replica:
+    <<: *pg-common
+    container_name: it-stack-pg-replica
+    ports:
+      - "5433:5432"
+    environment:
+      POSTGRESQL_REPLICATION_MODE: slave
+      POSTGRESQL_MASTER_HOST: pg-primary
+      POSTGRESQL_MASTER_PORT_NUMBER: 5432
+      POSTGRESQL_REPLICATION_USER: replicator
+      POSTGRESQL_REPLICATION_PASSWORD: "Lab06Password!"
+      POSTGRESQL_USERNAME: labadmin
+      POSTGRESQL_PASSWORD: "Lab06Password!"
+      POSTGRESQL_POSTGRES_PASSWORD: "Lab06Password!"
+    volumes:
+      - pg-replica-data:/bitnami/postgresql
+    depends_on:
+      pg-primary:
+        condition: service_healthy
     healthcheck:
-      test: ["CMD-SHELL", "curl -sf http://localhost/health || exit 1"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
+      test: ["CMD-SHELL", "pg_isready -U labadmin"]
+      interval: 10s
+      timeout: 5s
+      retries: 20
       start_period: 120s
+    deploy:
+      resources:
+        limits:
+          cpus: "2.0"
+          memory: 2G
+
+  pgbouncer:
+    image: bitnami/pgbouncer:1
+    container_name: it-stack-pgbouncer
+    ports:
+      - "6432:6432"
+    environment:
+      POSTGRESQL_HOST: pg-primary
+      POSTGRESQL_PORT: 5432
+      POSTGRESQL_DATABASE: labapp
+      POSTGRESQL_USERNAME: labadmin
+      POSTGRESQL_PASSWORD: "Lab06Password!"
+      PGBOUNCER_POOL_MODE: transaction
+      PGBOUNCER_MAX_CLIENT_CONN: 200
+      PGBOUNCER_DEFAULT_POOL_SIZE: 20
+      PGBOUNCER_AUTH_TYPE: scram-sha-256
+    depends_on:
+      pg-primary:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -h localhost -p 6432 -U labadmin"]
+      interval: 15s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
     networks:
-      - it-stack-net
+      - pg-prod-net
+    deploy:
+      resources:
+        limits:
+          cpus: "0.5"
+          memory: 256M
+
+  postgres-exporter:
+    image: prometheuscommunity/postgres-exporter:latest
+    container_name: it-stack-postgres-exporter
+    ports:
+      - "9187:9187"
+    environment:
+      DATA_SOURCE_NAME: "postgresql://labadmin:Lab06Password!@pg-primary:5432/labapp?sslmode=disable"
+      PG_EXPORTER_DISABLE_SETTINGS_METRICS: "false"
+      PG_EXPORTER_AUTO_DISCOVER_DATABASES: "true"
+    depends_on:
+      pg-primary:
+        condition: service_healthy
+    networks:
+      - pg-prod-net
+    deploy:
+      resources:
+        limits:
+          cpus: "0.5"
+          memory: 256M
 
 networks:
-  it-stack-net:
-    external: true
-    name: it-stack-production
+  pg-prod-net:
+    driver: bridge
 
 volumes:
-  postgresql_data:
-    external: true
-    name: it-stack-postgresql-data
+  pg-primary-data:
+  pg-replica-data:
diff --git a/tests/labs/test-lab-03-06.sh b/tests/labs/test-lab-03-06.sh
