fleetanalytics_mcp/pgbouncer/userlist.txt.example
kiania b58e429c1c infra(pgbouncer): add transaction-pooling front for timescale_db
The DB is at max_connections=100 with ~9 services each holding persistent pools
(several as the postgres superuser, idle for hours), so peaks hit "too many
connections". PgBouncer multiplexes many client connections onto a small fixed
set of backends, bounding DB connections regardless of how many app pools exist.

Adds (stack-wide infra, parked in this repo for now — see README scope note):
- pgbouncer.ini: transaction pooling, auth_query pass-through, bounded pool sizes
- auth_setup.sql: pgbouncer_auth role + SECURITY DEFINER pgbouncer.user_lookup()
  so per-app passwords aren't hand-maintained
- docker-compose.yml: the service (join the existing DB network)
- userlist.txt.example + .gitignore: keep the auth verifier out of git
- README.md: deploy steps, incremental cutover (superuser apps first), and the
  transaction-pooling caveats — including the MCP-specific note (rely on role-level
  GUCs; simplest to leave the minor MCP direct and pool the heavy superuser apps)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-19 23:44:30 +03:00

14 lines
788 B
Text

# userlist.txt — ONLY the pgbouncer_auth role needs an entry; every other user is
# resolved at connect time by auth_query (pgbouncer.user_lookup). See README.
#
# The real userlist.txt is gitignored (it holds a credential). Generate it from the
# pgbouncer_auth password you set in auth_setup.sql — PgBouncer accepts the verifier
# in SCRAM form. Easiest: copy the stored verifier straight from Postgres so the
# formats always match:
#
# docker exec -i <timescale_db> psql -U postgres -d tracksolid_db -tAc \
# "SELECT '\"pgbouncer_auth\" \"' || passwd || '\"' \
# FROM pg_shadow WHERE usename='pgbouncer_auth'" > pgbouncer/userlist.txt
#
# That yields a line of the form (SCRAM-SHA-256 verifier shown abbreviated):
"pgbouncer_auth" "SCRAM-SHA-256$4096:....$....:...."