Environment: Web Universe Main Dev on web-03
"{\"env\": \"dev\", \"zone\": \"universe\", \"branch\": \"main\", \"db_app\": \"postgresql\", \"service\": \"web\", \"db_enabled\": true, \"pg_standby\": 0, \"pg_workers\": 1, \"description\": \"\", \"iam_enabled\": false, \"worker_1_ip\": \"\", \"eventbus_app\": \"kafka\", \"worker_1_fqdn\": \"db-web-universe-main-dev-postgresql-worker-01.fastorder.com\", \"search_enabled\": false, \"eventbus_enabled\": true, \"postgresql_enabled\": true, \"postgresql_run_verification\": true}"
This job encountered an error. You can restart from the failed step.
This job has been restarted. You are viewing an older attempt. The logs and status shown below are from the latest retry.
This job failed at one of the steps below. You can resume from where it failed to save time and avoid re-running successful steps.
β³ This step is pending and will execute after the previous steps complete successfully.
Loading logs...β³ This step is pending and will execute after the previous steps complete successfully.
Loading logs...β³ This step is pending and will execute after the previous steps complete successfully.
Loading logs...β³ This step is pending and will execute after the previous steps complete successfully.
Loading logs...β³ This step is pending and will execute after the previous steps complete successfully.
Loading logs...β³ This step is pending and will execute after the previous steps complete successfully.
Loading logs...β³ This step is pending and will execute after the previous steps complete successfully.
Loading logs...[0;34m[INFO][0m Using database engine from DB_ENGINE environment variable: postgresql
[0;34m[INFO][0m Cleaning up any existing locks...
[0;32m[1mStarting database engine: postgresql[0m
[1;33mβββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34m[INFO][0m Using environment from web interface: web-universe-main-dev
[0;32m[2026-02-05 06:27:18][0m Using web-provided environment: web-universe-main-dev
[0;32m[2026-02-05 06:27:18][0m Service: web, Zone: universe, Branch: main, Env: dev
[0;32mβ[0m Environment initialized successfully (mode: general)
[0;34m[INFO][0m Checking observability cell readiness: obs-web-universe-main-dev
[1;32m[OK][0m Observability cell endpoints registered for web-universe-main-dev
[0;34m[INFO][0m Observability cell verified for web-universe-main-dev
[0;34m[INFO][0m Monitoring will be configured after PostgreSQL deployment (step 10-monitoring-setup.sh)
[0;34m[INFO][0m Citus mode ENABLED
[0;34m[INFO][0m β Coordinator + 1 worker(s) + 0 standby node(s) per worker
ββββββββββββββββββββββββββββββββββββββββββββββββββ
Setting up coordinator (Citus control plane)β¦
ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] π Initializing log directories...
[2026-02-05 06:27:19 UTC] USER=unknown EUID=33 PID=4077129 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/metrics
[2026-02-05 06:27:19 UTC] USER=unknown EUID=33 PID=4077138 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/audit
[2026-02-05 06:27:19 UTC] USER=unknown EUID=33 PID=4077145 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/provisioning
[2026-02-05 06:27:19 UTC] USER=unknown EUID=33 PID=4077152 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/metrics
[2026-02-05 06:27:19 UTC] USER=unknown EUID=33 PID=4077159 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/audit
[2026-02-05 06:27:19 UTC] USER=unknown EUID=33 PID=4077166 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/provisioning
/opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/01-install/run.sh: line 41: ok: command not found
[INFO] π’ Starting PostgreSQL provisioning for web in universe-dev...
[INFO] Environment: web-universe-main-dev
[INFO] Identifier: coordinator
[INFO] VM IP: 142.93.238.16
[DEBUG] RUN_UUID=e39355e5-fb86-4b73-875a-81a7159dab1b JOB_UUID=a159f786-94d7-4cd4-805a-b03a8486ea31
[DEBUG] Tracking substep start: steps/01-install/steps/00-configure-network-hosts (RUN_UUID=e39355e5-fb86-4b73-875a-81a7159dab1b)
[INFO] π¦ 00 configure network hosts...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CONFIGURING POSTGRESQL NETWORK & DNS
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Environment: web-universe-main-dev
[0;34m[INFO][0m Identifier: coordinator
[0;34m[INFO][0m PostgreSQL IP: 10.100.1.54
[0;34m[INFO][0m Primary hostname: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
[0;34m[INFO][0m Adding /etc/hosts entries for coordinator...
[0;34m[INFO][0m 1. db-web-universe-main-dev-postgresql.fastorder.com β 10.100.1.54 (primary/short)
[0;34m[INFO][0m 2. db-web-universe-main-dev-postgresql-coordinator.fastorder.com β 10.100.1.54 (compatibility)
[0;34m[INFO][0m π Updating db-web-universe-main-dev-postgresql.fastorder.com β 10.100.1.54
[0;32mβ
[0m β
Updated: db-web-universe-main-dev-postgresql.fastorder.com β 10.100.1.54
[0;34m[INFO][0m π Updating db-web-universe-main-dev-postgresql-coordinator.fastorder.com β 10.100.1.54
[0;32mβ
[0m β
Updated: db-web-universe-main-dev-postgresql-coordinator.fastorder.com β 10.100.1.54
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ
[0m β
Network & DNS configuration complete
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Verifying /etc/hosts entries:
10.100.1.54 db-web-universe-main-dev-postgresql.fastorder.com
10.100.1.54 db-web-universe-main-dev-postgresql-coordinator.fastorder.com
[DEBUG] Tracking substep start: steps/01-install/steps/01-prepare-ssl-server-postgres (RUN_UUID=e39355e5-fb86-4b73-875a-81a7159dab1b)
[INFO] π¦ 01 prepare ssl server postgres...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βββββββββββββββββββββββββββββββββββββββββββββββββ
π¦ PostgreSQL Server Certificate Generation
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe (FastOrder Universe)
Branch: main
Env: dev
Node: coordinator
Primary CN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Alt CN: web-universe-main-dev.fastorder.com
Internal IP: 10.100.1.54 (from topology: db-coordinator-postgresql)
Shared IP: 142.93.238.16 (legacy/public, also included in SANs)
Coordinator variants:
- db-web-universe-main-dev-postgresql-coordinator-coordinator.fastorder.com
- db-universe-main-dev-postgresql-coordinator-coordinator.fastorder.com
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
Removing existing server certificates (preserving client certs)...
[2026-02-05 06:27:21 UTC] USER=www-data EUID=0 PID=4077395 ACTION=fsop ARGS=rm -f /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
β
Ensuring directories exist: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator and /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:27:21 UTC] USER=www-data EUID=0 PID=4077404 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Generating 4096-bit private key...
[2026-02-05 06:27:21 UTC] USER=www-data EUID=0 PID=4077414 ACTION=fsop ARGS=chmod 755 /tmp/pg-cert-gen-4077360
[2026-02-05 06:27:21 UTC] USER=www-data EUID=0 PID=4077423 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-cert-gen-4077360/ra_root.crt
[2026-02-05 06:27:21 UTC] USER=www-data EUID=0 PID=4077432 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-cert-gen-4077360/ra_root.key
[2026-02-05 06:27:21 UTC] USER=www-data EUID=0 PID=4077441 ACTION=fsop ARGS=chmod 644 /tmp/pg-cert-gen-4077360/ra_root.crt
[2026-02-05 06:27:21 UTC] USER=www-data EUID=0 PID=4077450 ACTION=fsop ARGS=chmod 644 /tmp/pg-cert-gen-4077360/ra_root.key
π Creating certificate signing request (CSR)...
π Signing certificate with internal CA...
Certificate request self-signature ok
subject=C = US, ST = Virginia, L = Ashburn, O = FastOrder, OU = PostgreSQL, CN = db-web-universe-main-dev-postgresql-coordinator.fastorder.com
[2026-02-05 06:27:24 UTC] USER=www-data EUID=0 PID=4077593 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-4077360/server.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
[2026-02-05 06:27:24 UTC] USER=www-data EUID=0 PID=4077602 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-4077360/server.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
[2026-02-05 06:27:24 UTC] USER=www-data EUID=0 PID=4077611 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
π Setting up CA certificate...
[2026-02-05 06:27:24 UTC] USER=www-data EUID=0 PID=4077620 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-4077360/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:24 UTC] USER=www-data EUID=0 PID=4077629 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:24 UTC] USER=www-data EUID=0 PID=4077638 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:24 UTC] USER=www-data EUID=0 PID=4077647 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt
β
Using CA certificate: /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt
π Setting up key in private directory...
Key already in correct location (CERT_DIR == KEY_DIR)
π Securing key and cert permissions...
[2026-02-05 06:27:24 UTC] USER=www-data EUID=0 PID=4077658 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
[2026-02-05 06:27:24 UTC] USER=www-data EUID=0 PID=4077667 ACTION=fsop ARGS=chmod 600 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
[2026-02-05 06:27:24 UTC] USER=www-data EUID=0 PID=4077676 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
[2026-02-05 06:27:24 UTC] USER=www-data EUID=0 PID=4077685 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
[2026-02-05 06:27:25 UTC] USER=www-data EUID=0 PID=4077694 ACTION=fsop ARGS=chown root:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:27:25 UTC] USER=www-data EUID=0 PID=4077703 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Verifying certificate...
Certificate details:
Subject: C = US, ST = Virginia, L = Ashburn, O = FastOrder, OU = PostgreSQL, CN = db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
--
X509v3 Subject Alternative Name:
DNS:db-web-universe-main-dev-postgresql-coordinator.fastorder.com, DNS:web-universe-main-dev.fastorder.com, DNS:db-web-universe-main-dev-postgresql-coordinator.fastorder.com, DNS:db-web-universe-main-dev-postgresql-coordinator, DNS:localhost, DNS:db-web-universe-main-dev-postgresql-coordinator-coordinator.fastorder.com, DNS:db-universe-main-dev-postgresql-coordinator-coordinator.fastorder.com, DNS:db-web-universe-main-dev-postgresql.fastorder.com, IP Address:10.100.1.54, IP Address:127.0.0.1, IP Address:142.93.238.16
X509v3 Subject Key Identifier:
β οΈ Certificate chain verification: FAILED (but certificate may still work)
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
PostgreSQL Server Certificate Generated Successfully!
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Node: coordinator
Primary CN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Certificate files installed:
π Server cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
π Server key: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
ποΈ CA cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt (ca.crt symlink also available)
To use these certificates in PostgreSQL:
1. Update postgresql.conf:
ssl = on
ssl_cert_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt'
ssl_key_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key'
ssl_ca_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt'
2. Restart PostgreSQL:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl restart postgresql@web-universe-main-dev-coordinator.service
3. Test SSL connection:
psql "host=db-web-universe-main-dev-postgresql-coordinator.fastorder.com port=5432 user=postgres sslmode=verify-full"
βββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: postgres
Identifier: coordinator
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: coordinator
User (CN): postgres
Hostname: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:27:25 UTC] USER=www-data EUID=0 PID=4077764 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-coordinator-postgres
[2026-02-05 06:27:25 UTC] USER=www-data EUID=0 PID=4077776 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-coordinator-postgres/ra_root.crt
[2026-02-05 06:27:25 UTC] USER=www-data EUID=0 PID=4077801 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-coordinator-postgres/ra_root.key
[2026-02-05 06:27:25 UTC] USER=www-data EUID=0 PID=4077810 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-postgres/ra_root.crt
[2026-02-05 06:27:25 UTC] USER=www-data EUID=0 PID=4077820 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-postgres/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = postgres
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4077865 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4077874 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4077883 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4077892 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4077902 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4077923 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4077936 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4077954 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4077965 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4077983 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4077995 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078004 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078013 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078024 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078034 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078043 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078052 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078062 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078088 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078097 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078106 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078115 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078124 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078133 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078142 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078151 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078160 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078169 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:27:26 UTC] USER=www-data EUID=0 PID=4078178 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078187 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078197 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078207 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078216 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078225 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078234 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078243 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078252 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078261 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078270 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078281 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078294 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078303 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078312 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078322 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078332 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078341 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078350 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078359 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078368 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078377 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078386 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078395 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078404 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078413 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078422 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078431 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078441 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078451 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078460 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078469 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078478 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078487 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078496 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078506 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:27:27 UTC] USER=www-data EUID=0 PID=4078515 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078524 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078533 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078545 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078554 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078564 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078574 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078592 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078601 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078610 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078619 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078628 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078637 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078652 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: postgres
Node: coordinator
FQDN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-coordinator.fastorder.com -U postgres -d postgres
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: postgres
Identifier: coordinator
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: coordinator
User (CN): postgres
Hostname: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078739 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-coordinator-postgres
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078748 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-coordinator-postgres/ra_root.crt
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078759 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-coordinator-postgres/ra_root.key
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078771 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-postgres/ra_root.crt
[2026-02-05 06:27:28 UTC] USER=www-data EUID=0 PID=4078786 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-postgres/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = postgres
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4078808 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4078817 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4078826 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4078837 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4078846 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4078874 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4078889 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4078899 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4078912 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4078934 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4078956 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4078989 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4079017 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4079044 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4079060 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4079069 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4079079 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4079088 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4079097 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4079106 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4079132 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:29 UTC] USER=www-data EUID=0 PID=4079142 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079153 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079163 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079175 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079186 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079195 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079208 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079221 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079232 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079245 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079254 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079265 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079275 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079317 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079326 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079342 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079351 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079360 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079369 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079378 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079396 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079413 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079425 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079435 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:30 UTC] USER=www-data EUID=0 PID=4079444 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079453 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079462 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079472 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079482 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079491 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079503 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079521 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079530 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079539 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079549 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079569 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079578 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079589 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079598 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079620 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079634 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079643 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079652 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079662 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079673 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079683 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079693 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079703 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:27:31 UTC] USER=www-data EUID=0 PID=4079712 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:27:32 UTC] USER=www-data EUID=0 PID=4079721 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:27:32 UTC] USER=www-data EUID=0 PID=4079730 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:27:32 UTC] USER=www-data EUID=0 PID=4079739 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:27:32 UTC] USER=www-data EUID=0 PID=4079748 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:27:32 UTC] USER=www-data EUID=0 PID=4079757 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:27:32 UTC] USER=www-data EUID=0 PID=4079766 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: postgres
Node: coordinator
FQDN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-coordinator.fastorder.com -U postgres -d postgres
[DEBUG] Tracking substep start: steps/01-install/steps/02-setup-pg-instance (RUN_UUID=e39355e5-fb86-4b73-875a-81a7159dab1b)
[INFO] π¦ 02 setup pg instance...
[0;34m[DEADLOCK-PREVENTION][0m Deadlock prevention library loaded
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
π Configuring AWS credentials...
β
Using permanent AWS credentials from /var/www/.aws/credentials
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
βββββββββββββββββββββββββββββββββββββββββββββββββ
π Configuring AWS credentials...
[WARN] ~/.aws/credentials file not found
[WARN] AWS operations may require SSO login
βββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Using existing db-coordinator-postgresql environment: db-web-universe-main-dev-postgresql-coordinator.fastorder.com (10.100.1.54)
[INFO] PostgreSQL will listen on application-specific IP: 10.100.1.54
[0;34m[INFO][0m Environment: web-universe-main-dev
[0;34m[INFO][0m Identifier: coordinator
[0;34m[INFO][0m Data dir: /data/postgresql/17/web-universe-main-dev/coordinator
[0;34m[INFO][0m Port: 5432
[0;34m[INFO][0m Hostname: db-web-universe-main-dev-postgresql-coordinator
[2026-02-05 06:27:33 UTC] USER=www-data EUID=0 PID=4079901 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:27:33 UTC] USER=www-data EUID=0 PID=4079925 ACTION=fsop ARGS=chmod 755 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:27:34 UTC] USER=www-data EUID=0 PID=4079946 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:27:34 UTC] USER=www-data EUID=0 PID=4079970 ACTION=fsop ARGS=chown root:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[1;33m[WARN][0m Server certificate not found at /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
[0;34m[INFO][0m Generating server certificate using ssl/server.sh...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βββββββββββββββββββββββββββββββββββββββββββββββββ
π¦ PostgreSQL Server Certificate Generation
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe (FastOrder Universe)
Branch: main
Env: dev
Node: coordinator
Primary CN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Alt CN: web-universe-main-dev.fastorder.com
Internal IP: 10.100.1.54 (from topology: db-coordinator-postgresql)
Shared IP: 142.93.238.16 (legacy/public, also included in SANs)
Coordinator variants:
- db-web-universe-main-dev-postgresql-coordinator-coordinator.fastorder.com
- db-universe-main-dev-postgresql-coordinator-coordinator.fastorder.com
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
Removing existing server certificates (preserving client certs)...
[2026-02-05 06:27:34 UTC] USER=www-data EUID=0 PID=4080022 ACTION=fsop ARGS=rm -f /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
β
Ensuring directories exist: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator and /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:27:34 UTC] USER=www-data EUID=0 PID=4080031 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Generating 4096-bit private key...
[2026-02-05 06:27:34 UTC] USER=www-data EUID=0 PID=4080041 ACTION=fsop ARGS=chmod 755 /tmp/pg-cert-gen-4079977
[2026-02-05 06:27:34 UTC] USER=www-data EUID=0 PID=4080050 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-cert-gen-4079977/ra_root.crt
[2026-02-05 06:27:34 UTC] USER=www-data EUID=0 PID=4080068 ACTION=fsop ARGS=chmod 644 /tmp/pg-cert-gen-4079977/ra_root.crt
[2026-02-05 06:27:34 UTC] USER=www-data EUID=0 PID=4080078 ACTION=fsop ARGS=chmod 644 /tmp/pg-cert-gen-4079977/ra_root.key
π Creating certificate signing request (CSR)...
π Signing certificate with internal CA...
Certificate request self-signature ok
subject=C = US, ST = Virginia, L = Ashburn, O = FastOrder, OU = PostgreSQL, CN = db-web-universe-main-dev-postgresql-coordinator.fastorder.com
[2026-02-05 06:27:36 UTC] USER=www-data EUID=0 PID=4080202 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-4079977/server.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
[2026-02-05 06:27:36 UTC] USER=www-data EUID=0 PID=4080211 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-4079977/server.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
[2026-02-05 06:27:36 UTC] USER=www-data EUID=0 PID=4080221 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
π Setting up CA certificate...
[2026-02-05 06:27:36 UTC] USER=www-data EUID=0 PID=4080230 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-4079977/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:36 UTC] USER=www-data EUID=0 PID=4080239 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:36 UTC] USER=www-data EUID=0 PID=4080249 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:27:36 UTC] USER=www-data EUID=0 PID=4080260 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt
β
Using CA certificate: /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt
π Setting up key in private directory...
Key already in correct location (CERT_DIR == KEY_DIR)
π Securing key and cert permissions...
[2026-02-05 06:27:36 UTC] USER=www-data EUID=0 PID=4080275 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
[2026-02-05 06:27:36 UTC] USER=www-data EUID=0 PID=4080284 ACTION=fsop ARGS=chmod 600 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
[2026-02-05 06:27:36 UTC] USER=www-data EUID=0 PID=4080293 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
[2026-02-05 06:27:36 UTC] USER=www-data EUID=0 PID=4080302 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
[2026-02-05 06:27:36 UTC] USER=www-data EUID=0 PID=4080311 ACTION=fsop ARGS=chown root:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:27:36 UTC] USER=www-data EUID=0 PID=4080320 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Verifying certificate...
Certificate details:
Subject: C = US, ST = Virginia, L = Ashburn, O = FastOrder, OU = PostgreSQL, CN = db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
--
X509v3 Subject Alternative Name:
DNS:db-web-universe-main-dev-postgresql-coordinator.fastorder.com, DNS:web-universe-main-dev.fastorder.com, DNS:db-web-universe-main-dev-postgresql-coordinator.fastorder.com, DNS:db-web-universe-main-dev-postgresql-coordinator, DNS:localhost, DNS:db-web-universe-main-dev-postgresql-coordinator-coordinator.fastorder.com, DNS:db-universe-main-dev-postgresql-coordinator-coordinator.fastorder.com, DNS:db-web-universe-main-dev-postgresql.fastorder.com, IP Address:10.100.1.54, IP Address:127.0.0.1, IP Address:142.93.238.16
X509v3 Subject Key Identifier:
β οΈ Certificate chain verification: FAILED (but certificate may still work)
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
PostgreSQL Server Certificate Generated Successfully!
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Node: coordinator
Primary CN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Certificate files installed:
π Server cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
π Server key: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
ποΈ CA cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt (ca.crt symlink also available)
To use these certificates in PostgreSQL:
1. Update postgresql.conf:
ssl = on
ssl_cert_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt'
ssl_key_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key'
ssl_ca_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt'
2. Restart PostgreSQL:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl restart postgresql@web-universe-main-dev-coordinator.service
3. Test SSL connection:
psql "host=db-web-universe-main-dev-postgresql-coordinator.fastorder.com port=5432 user=postgres sslmode=verify-full"
βββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m β
Using canonical certificate path (hardened, ProtectHome=true compatible)
[2026-02-05 06:27:37 UTC] USER=www-data EUID=0 PID=4080350 ACTION=fsop ARGS=test -f /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
[2026-02-05 06:27:37 UTC] USER=www-data EUID=0 PID=4080359 ACTION=fsop ARGS=test -f /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
[2026-02-05 06:27:37 UTC] USER=www-data EUID=0 PID=4080371 ACTION=fsop ARGS=test -f /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt
[0;32m[OK][0m mTLS certificates OK (server cert + client certs verified) and keys secured
[0;34m[INFO][0m Preflight: stopping any conflicting Postgres services/processes on port 5432β¦
[2026-02-05 06:27:37 UTC] USER=www-data EUID=0 PID=4080392 ACTION=passthru ARGS=systemctl stop postgresql@web-universe-main-dev-coordinator.service
[2026-02-05 06:27:37 UTC] USER=www-data EUID=0 PID=4080418 ACTION=passthru ARGS=systemctl stop postgresql
[1;33m[WARN][0m Cleaning stale socket directory /var/run/postgresql-web-universe-main-dev-coordinator
[2026-02-05 06:27:37 UTC] USER=www-data EUID=0 PID=4080455 ACTION=fsop ARGS=rm -rf /var/run/postgresql-web-universe-main-dev-coordinator
[0;32m[OK][0m No conflicting Postgres left on port 5432
[0;32m[OK][0m Using postgres password from vault provider
[2026-02-05 06:27:40 UTC] USER=www-data EUID=0 PID=4080566 ACTION=fsop ARGS=chown postgres:postgres /tmp/.pg_pwfile.fZ2aUA
[2026-02-05 06:27:40 UTC] USER=www-data EUID=0 PID=4080622 ACTION=fsop ARGS=mkdir -p /data/postgresql/17/web-universe-main-dev
[2026-02-05 06:27:40 UTC] USER=www-data EUID=0 PID=4080675 ACTION=fsop ARGS=chown postgres:postgres /data/postgresql/17/web-universe-main-dev
[2026-02-05 06:27:40 UTC] USER=www-data EUID=0 PID=4080698 ACTION=fsop ARGS=chmod 755 /data/postgresql/17/web-universe-main-dev
[0;34m[INFO][0m Initializing cluster in /data/postgresql/17/web-universe-main-dev/coordinator (SCRAM; pwfile)
[1;33m[WARN][0m Removing existing data directory: /data/postgresql/17/web-universe-main-dev/coordinator
[2026-02-05 06:27:41 UTC] USER=www-data EUID=0 PID=4080733 ACTION=fsop ARGS=rm -rf /data/postgresql/17/web-universe-main-dev/coordinator
[2026-02-05 06:27:41 UTC] USER=www-data EUID=0 PID=4080786 ACTION=fsop ARGS=mkdir -p /data/postgresql/17/web-universe-main-dev/coordinator
[2026-02-05 06:27:41 UTC] USER=www-data EUID=0 PID=4080807 ACTION=fsop ARGS=chown postgres:postgres /data/postgresql/17/web-universe-main-dev/coordinator
[2026-02-05 06:27:41 UTC] USER=www-data EUID=0 PID=4080828 ACTION=fsop ARGS=chmod 700 /data/postgresql/17/web-universe-main-dev/coordinator
[2026-02-05 06:27:41 UTC] USER=www-data EUID=0 PID=4080874 ACTION=fsop ARGS=chown postgres:postgres /var/run/postgresql-web-universe-main-dev-coordinator
[2026-02-05 06:27:42 UTC] USER=www-data EUID=0 PID=4080904 ACTION=passthru ARGS=sudo -u postgres /usr/lib/postgresql/17/bin/initdb -D /data/postgresql/17/web-universe-main-dev/coordinator --locale=en_US.UTF-8 --encoding=UTF8 --auth-local=scram-sha-256 --auth-host=scram-sha-256 --pwfile=/tmp/.pg_pwfile.fZ2aUA
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /data/postgresql/17/web-universe-main-dev/coordinator ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default "max_connections" ... 100
selecting default "shared_buffers" ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
Success. You can now start the database server using:
/usr/lib/postgresql/17/bin/pg_ctl -D /data/postgresql/17/web-universe-main-dev/coordinator -l logfile start
[0;32m[OK][0m initdb complete
[0;34m[INFO][0m Writing postgresql.conf (TLSβ₯1.2, SCRAM, audit logs)
[0;32m[OK][0m postgresql.conf updated successfully
[0;34m[INFO][0m Writing pg_hba.conf (mTLS with client certificates + SCRAM, least-privilege)
[2026-02-05 06:27:43 UTC] USER=www-data EUID=0 PID=4081016 ACTION=fsop ARGS=cp /tmp/tmp.3f6qaMxLLg /data/postgresql/17/web-universe-main-dev/coordinator/pg_hba.conf
[2026-02-05 06:27:43 UTC] USER=www-data EUID=0 PID=4081037 ACTION=fsop ARGS=chown postgres:postgres /data/postgresql/17/web-universe-main-dev/coordinator/pg_hba.conf
[2026-02-05 06:27:43 UTC] USER=www-data EUID=0 PID=4081061 ACTION=fsop ARGS=chmod 600 /data/postgresql/17/web-universe-main-dev/coordinator/pg_hba.conf
[0;32m[OK][0m pg_hba.conf updated
[0;34m[INFO][0m Creating systemd unit: /etc/systemd/system/postgresql@web-universe-main-dev-coordinator.service
[2026-02-05 06:27:43 UTC] USER=www-data EUID=0 PID=4081086 ACTION=fsop ARGS=mv -f /tmp/.pg_unit.Gw1Wpt /etc/systemd/system/postgresql@web-universe-main-dev-coordinator.service
[2026-02-05 06:27:43 UTC] USER=www-data EUID=0 PID=4081107 ACTION=fsop ARGS=chmod 0644 /etc/systemd/system/postgresql@web-universe-main-dev-coordinator.service
[0;32m[OK][0m systemd unit written
[2026-02-05 06:27:44 UTC] USER=www-data EUID=0 PID=4081157 ACTION=fsop ARGS=chown postgres:postgres /var/lib/pgbackrest /var/spool/pgbackrest /var/log/pgbackrest
[2026-02-05 06:27:44 UTC] USER=www-data EUID=0 PID=4081189 ACTION=passthru ARGS=systemctl daemon-reload
[0;34m[INFO][0m Starting PostgreSQL instance...
[2026-02-05 06:27:45 UTC] USER=www-data EUID=0 PID=4081339 ACTION=passthru ARGS=systemctl start postgresql@web-universe-main-dev-coordinator.service
[0;34m[INFO][0m Waiting for ACTIVE (systemd)β¦
[2026-02-05 06:27:46 UTC] USER=www-data EUID=0 PID=4081419 ACTION=passthru ARGS=systemctl is-active --quiet postgresql@web-universe-main-dev-coordinator.service
[0;32m[OK][0m Service ACTIVE
[0;34m[INFO][0m Waiting for port 5432 bindβ¦
[0;32m[OK][0m Port bound
[0;34m[INFO][0m Waiting pg_isready (socket)β¦
[0;32m[OK][0m Readiness via socket OK
[0;34m[INFO][0m Waiting pg_isready (TCP db-web-universe-main-dev-postgresql-coordinator.fastorder.com:5432)β¦
[0;32m[OK][0m Startup sequence complete
[0;34m[INFO][0m Validating core security GUCs (via local socket)β¦
[0;32m[OK][0m Security GUCs verified (ssl, min TLS, SCRAM, audit logs)
[0;34m[INFO][0m Provisioning application database and Debezium role (if not exists)...
[0;34m[INFO][0m Checking if database fastorder_web_universe_main_dev_db exists...
[0;34m[INFO][0m DB check result: exit_code=0, output='[2026-02-05 06:27:47 UTC] USER=www-data EUID=0 PID=4081626 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -Atqc SELECT 1 FROM pg_database WHERE datname = 'fastorder_web_universe_main_dev_db''
[0;34m[INFO][0m Creating database fastorder_web_universe_main_dev_db...
[2026-02-05 06:27:47 UTC] USER=www-data EUID=0 PID=4081651 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c CREATE DATABASE "fastorder_web_universe_main_dev_db" ENCODING 'UTF8' LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8' TEMPLATE template0;
CREATE DATABASE
[0;32m[OK][0m Database fastorder_web_universe_main_dev_db created
[0;34m[INFO][0m Checking if role debezium_user exists...
[0;34m[INFO][0m Role check result: exit_code=0, output='[2026-02-05 06:27:47 UTC] USER=www-data EUID=0 PID=4081675 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -Atqc SELECT 1 FROM pg_roles WHERE rolname = 'debezium_user''
[0;34m[INFO][0m Creating role debezium_user...
[2026-02-05 06:27:47 UTC] USER=www-data EUID=0 PID=4081705 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c CREATE ROLE debezium_user LOGIN PASSWORD '0WAg87ySecLauaQ8AxKUO52y';
CREATE ROLE
[0;32m[OK][0m Role debezium_user created
[2026-02-05 06:27:48 UTC] USER=www-data EUID=0 PID=4081728 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c GRANT CONNECT ON DATABASE "fastorder_web_universe_main_dev_db" TO debezium_user;
GRANT
[0;32m[OK][0m Application DB (fastorder_web_universe_main_dev_db) + Debezium role (debezium_user) provisioned (idempotent)
[0;34m[INFO][0m Applying connection and memory optimizations...
[0;34m[INFO][0m Current settings: max_connections=100, work_mem=4MB
[0;34m[INFO][0m Target settings (coordinator): max_connections=150, work_mem=8MB
[2026-02-05 06:27:48 UTC] USER=www-data EUID=0 PID=4081810 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c ALTER SYSTEM SET max_connections = 150;
ALTER SYSTEM
[2026-02-05 06:27:48 UTC] USER=www-data EUID=0 PID=4081833 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c ALTER SYSTEM SET work_mem = '8MB';
ALTER SYSTEM
[2026-02-05 06:27:48 UTC] USER=www-data EUID=0 PID=4081863 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -c SELECT pg_reload_conf();
pg_reload_conf
----------------
t
(1 row)
[0;32m[OK][0m Settings applied to postgresql.auto.conf
[2026-02-05 06:27:48 UTC] USER=www-data EUID=0 PID=4081878 ACTION=passthru ARGS=sudo -u postgres test -f /data/postgresql/17/web-universe-main-dev/coordinator/standby.signal
[0;34m[INFO][0m Service recently started (2s ago) - restarting to apply max_connections...
[0;34m[INFO][0m Stopping service...
[2026-02-05 06:27:49 UTC] USER=www-data EUID=0 PID=4081902 ACTION=passthru ARGS=systemctl stop postgresql@web-universe-main-dev-coordinator.service
[0;34m[INFO][0m Waiting for port 5432 to be released...
[0;32m[OK][0m Port 5432 released
[0;34m[INFO][0m Starting service...
[2026-02-05 06:27:52 UTC] USER=www-data EUID=0 PID=4082072 ACTION=passthru ARGS=systemctl start postgresql@web-universe-main-dev-coordinator.service
[2026-02-05 06:27:58 UTC] USER=www-data EUID=0 PID=4082279 ACTION=passthru ARGS=systemctl is-active --quiet postgresql@web-universe-main-dev-coordinator.service
[0;32m[OK][0m β
Optimization complete: max_connections=150, work_mem=8MB
[0;34m[INFO][0m Setting postgres password via centralized script... for coordinator
[0;34m[INFO][0m Temporarily disabling synchronous_commit on coordinator for password setting...
[0;32m[OK][0m Disabled synchronous_commit (was: on)
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
β οΈ ~/.aws/credentials file not found
β οΈ Using environment-based AWS authentication
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Password Rotation via AWS Secrets Manager β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mEnvironment Configuration:[0m
[0;34m Service: web[0m
[0;34m Zone: universe[0m
[0;34m Environment: dev[0m
[0;34m Identifier: coordinator[0m
[0;34mAWS Secret: fastorder/db/web/universe/main/dev/postgresql/coordinator[0m
[0;34mConnection Info:[0m
[0;34m Socket Dir: /var/run/postgresql-web-universe-main-dev-coordinator[0m
[0;34m Port: 5432[0m
[0;34mTesting AWS Secrets Manager connectivity...[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;34mMethod 1 (PREFERRED): AWS Secrets Manager Rotation[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mThis method uses AWS Secrets Manager's built-in rotation:[0m
[0;34m β Zero-downtime (dual-password window)[0m
[0;34m β Automatic rollback on failure[0m
[0;34m β CloudTrail audit log[0m
[0;34m β CloudWatch metrics[0m
[0;34m β No secret exposure in scripts[0m
[0;34mNon-interactive mode: Proceeding with password rotation automatically[0m
[0;34mInitial setup: Using password from initdb[0m
[0;32mβ PostgreSQL password already set during initdb[0m
[0;34mStoring password in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/coordinator[0m
βΉοΈ Setting PostgreSQL credentials in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator
βΉοΈ Setting secret in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/coordinator
β
Secret updated: fastorder/db/web/universe/main/dev/postgresql/coordinator
β
PostgreSQL credentials set in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator
[0;32mβ Password stored in AWS Secrets Manager[0m
[0;34mVerifying new credentials...[0m
[0;32mβ New credentials retrieved from AWS Secrets Manager[0m
[0;34mTesting PostgreSQL connection with new credentials...[0m
[0;32mβ PostgreSQL connection successful (socket authentication)[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;32mβ β Password Rotation Complete! β[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mSecret: fastorder/db/web/universe/main/dev/postgresql/coordinator[0m
[0;34mMethod: Direct Update (stored in AWS Secrets Manager)[0m
[0;34mStatus: Completed[0m
[0;34mTo retrieve credentials:[0m
[0;34m # Using Bash library[0m
[0;34m source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh[0m
[0;34m get_pg_credentials coordinator[0m
[0;34mAudit trail: AWS CloudTrail (for Secrets Manager operations)[0m
[0;32mβ Done![0m
[0;34m[INFO][0m Restoring synchronous_commit on coordinator...
[0;32m[OK][0m Restored synchronous_commit to: on
[0;32m[OK][0m Password set and persisted
[0;34m[INFO][0m Updating /etc/hosts with PostgreSQL hostname mappings...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CONFIGURING POSTGRESQL NETWORK & DNS
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Environment: web-universe-main-dev
[0;34m[INFO][0m Identifier: coordinator
[0;34m[INFO][0m PostgreSQL IP: 10.100.1.54
[0;34m[INFO][0m Primary hostname: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
[0;34m[INFO][0m Adding /etc/hosts entries for coordinator...
[0;34m[INFO][0m 1. db-web-universe-main-dev-postgresql.fastorder.com β 10.100.1.54 (primary/short)
[0;34m[INFO][0m 2. db-web-universe-main-dev-postgresql-coordinator.fastorder.com β 10.100.1.54 (compatibility)
[0;34m[INFO][0m β
db-web-universe-main-dev-postgresql.fastorder.com already exists with correct IP
[0;34m[INFO][0m β
db-web-universe-main-dev-postgresql-coordinator.fastorder.com already exists with correct IP
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ
[0m β
Network & DNS configuration complete
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Verifying /etc/hosts entries:
10.100.1.54 db-web-universe-main-dev-postgresql.fastorder.com
10.100.1.54 db-web-universe-main-dev-postgresql-coordinator.fastorder.com
[0;32m[OK][0m PostgreSQL 'web-universe-main-dev' is up with TLS/SCRAM/logging.
Superuser TCP mode: cert
Connect (mTLS):
psql "sslmode=verify-full sslrootcert=/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt \
sslcert=/home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt \
sslkey=/home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key \
host=db-web-universe-main-dev-postgresql-coordinator port=5432 dbname=postgres user=postgres"
File been compeleted perfectly: 02-setup-pg-instance
[0;34m[INFO][0m Registering PostgreSQL node to observability API...
[INFO] Detected 4-part identifier format
[INFO] Registering node via API
[INFO] Application: PostgreSQL
[INFO] Identifier: web-universe-main-dev-postgresql-coordinator
[INFO] Identifier Parent: coordinator
[INFO] IP: 10.100.1.54
[INFO] Port: 5432
[INFO] FQDN: db-web-universe-main-dev-postgresql-coordinator
[INFO] Status: running
[INFO] Environment: web-universe-main-dev (service=web, zone=universe, branch=main, env=dev)
[INFO] Calling registration API: https://skeleton.dev.fastorder.com/api/obs/register
[SUCCESS] =========================================
[SUCCESS] Node registered successfully via API!
[SUCCESS] =========================================
[SUCCESS] Node UUID: 90feffd7-89fb-4afb-a63f-cc975d7e928c
[SUCCESS] Environment UUID: b9b5805b-8033-4d13-b5de-5df5c0dd562b
[SUCCESS] Dashboard: https:\/\/skeleton.dev.fastorder.com\/dashboard\/monitoring\/environment\/b9b5805b-8033-4d13-b5de-5df5c0dd562b
[0;32m[OK][0m PostgreSQL node registered to observability API
[DEBUG] Tracking substep start: steps/01-install/steps/03-role (RUN_UUID=e39355e5-fb86-4b73-875a-81a7159dab1b)
[INFO] π¦ 03 role...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[2026-02-05 06:28:08 UTC] USER=www-data EUID=0 PID=4083005 ACTION=fsop ARGS=test -f /data/postgresql/17/web-universe-main-dev/coordinator/standby.signal
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: debezium_user
Identifier: coordinator
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: coordinator
User (CN): debezium_user
Hostname: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:28:09 UTC] USER=www-data EUID=0 PID=4083164 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-coordinator-debezium_user
[2026-02-05 06:28:09 UTC] USER=www-data EUID=0 PID=4083174 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-coordinator-debezium_user/ra_root.crt
[2026-02-05 06:28:09 UTC] USER=www-data EUID=0 PID=4083186 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-coordinator-debezium_user/ra_root.key
[2026-02-05 06:28:09 UTC] USER=www-data EUID=0 PID=4083195 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-debezium_user/ra_root.crt
[2026-02-05 06:28:09 UTC] USER=www-data EUID=0 PID=4083204 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-debezium_user/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = debezium_user
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083242 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083251 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083269 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-debezium_user/debezium_user.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083286 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-debezium_user/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083304 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-debezium_user/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083315 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083333 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-debezium_user/debezium_user.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key.pkcs1
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083345 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-debezium_user/debezium_user_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_der.key
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083354 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-debezium_user/debezium_user_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083363 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083372 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083381 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083402 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key.pkcs1
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083420 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083429 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:28:10 UTC] USER=www-data EUID=0 PID=4083438 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083465 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083474 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083492 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083501 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083510 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083519 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083529 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083541 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083553 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key.pkcs1
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083564 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_der.key
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083573 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_pk8.der
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083589 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083599 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083608 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083617 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083626 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083635 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083672 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083681 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083690 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083700 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083709 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key.pkcs1
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083718 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_der.key
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083729 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_pk8.der
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083742 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083752 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083765 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083774 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083784 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083793 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083804 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083813 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt
[2026-02-05 06:28:11 UTC] USER=www-data EUID=0 PID=4083822 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4083840 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key.pkcs1
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4083851 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_der.key
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4083860 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_pk8.der
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4083870 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4083880 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4083889 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4083915 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4083926 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4083948 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4083957 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4083966 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4083975 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key.pkcs1
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4083984 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_der.key
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4083993 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_pk8.der
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4084003 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4084013 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4084031 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4084040 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4084049 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4084061 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4084070 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4084079 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:28:12 UTC] USER=www-data EUID=0 PID=4084089 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: debezium_user
Node: coordinator
FQDN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-coordinator.fastorder.com -U debezium_user -d postgres
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
π¦ Start executing 03-create-role.sh
π¦ Setting password for user: fastorder_admin_gd
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
β οΈ ~/.aws/credentials file not found
β οΈ Using environment-based AWS authentication
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Password Rotation via AWS Secrets Manager β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mEnvironment Configuration:[0m
[0;34m Service: web[0m
[0;34m Zone: universe[0m
[0;34m Environment: dev[0m
[0;34m Identifier: coordinator[0m
[0;34mAWS Secret: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd[0m
[0;34mConnection Info:[0m
[0;34m Socket Dir: /var/run/postgresql-web-universe-main-dev-coordinator[0m
[0;34m Port: 5432[0m
[0;34mTesting AWS Secrets Manager connectivity...[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;34mMethod 1 (PREFERRED): AWS Secrets Manager Rotation[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mThis method uses AWS Secrets Manager's built-in rotation:[0m
[0;34m β Zero-downtime (dual-password window)[0m
[0;34m β Automatic rollback on failure[0m
[0;34m β CloudTrail audit log[0m
[0;34m β CloudWatch metrics[0m
[0;34m β No secret exposure in scripts[0m
[0;34mNon-interactive mode: Proceeding with password rotation automatically[0m
[0;34mGenerating new secure password...[0m
[0;34mUser fastorder_admin_gd does not exist yet - skipping ALTER, will be created by calling script[0m
[0;32mβ Password generated for new user: fastorder_admin_gd[0m
[0;34mStoring password in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd[0m
βΉοΈ Setting PostgreSQL credentials in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
βΉοΈ Setting secret in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
β
Secret updated: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
β
PostgreSQL credentials set in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
[0;32mβ Password stored in AWS Secrets Manager[0m
[0;34mVerifying new credentials...[0m
[0;32mβ New credentials retrieved from AWS Secrets Manager[0m
[0;34mTesting PostgreSQL connection with new credentials...[0m
[0;32mβ PostgreSQL connection successful (socket authentication)[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;32mβ β Password Rotation Complete! β[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mSecret: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd[0m
[0;34mMethod: Direct Update (stored in AWS Secrets Manager)[0m
[0;34mStatus: Completed[0m
[0;34mTo retrieve credentials:[0m
[0;34m # Using Bash library[0m
[0;34m source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh[0m
[0;34m get_pg_credentials coordinator[0m
[0;34mAudit trail: AWS CloudTrail (for Secrets Manager operations)[0m
[0;32mβ Done![0m
π Retrieving password from vault with identifier: coordinator/fastorder_admin_gd
β Retrieved password from centralized secrets vault
π Using PostgreSQL host: db-web-universe-main-dev-postgresql.fastorder.com
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: fastorder_admin_gd
Identifier: coordinator
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: coordinator
User (CN): fastorder_admin_gd
Hostname: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:28:22 UTC] USER=www-data EUID=0 PID=4085015 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-coordinator-fastorder_admin_gd
[2026-02-05 06:28:22 UTC] USER=www-data EUID=0 PID=4085033 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-coordinator-fastorder_admin_gd/ra_root.key
[2026-02-05 06:28:22 UTC] USER=www-data EUID=0 PID=4085042 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-fastorder_admin_gd/ra_root.crt
[2026-02-05 06:28:22 UTC] USER=www-data EUID=0 PID=4085051 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-fastorder_admin_gd/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = fastorder_admin_gd
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:28:23 UTC] USER=www-data EUID=0 PID=4085067 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:28:23 UTC] USER=www-data EUID=0 PID=4085076 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:28:23 UTC] USER=www-data EUID=0 PID=4085085 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-fastorder_admin_gd/fastorder_admin_gd.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key
[2026-02-05 06:28:23 UTC] USER=www-data EUID=0 PID=4085136 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-fastorder_admin_gd/fastorder_admin_gd.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:28:23 UTC] USER=www-data EUID=0 PID=4085146 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-fastorder_admin_gd/fastorder_admin_gd_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key
[2026-02-05 06:28:23 UTC] USER=www-data EUID=0 PID=4085156 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-fastorder_admin_gd/fastorder_admin_gd_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der
[2026-02-05 06:28:24 UTC] USER=www-data EUID=0 PID=4085165 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key
[2026-02-05 06:28:24 UTC] USER=www-data EUID=0 PID=4085180 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:28:24 UTC] USER=www-data EUID=0 PID=4085202 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der
[2026-02-05 06:28:24 UTC] USER=www-data EUID=0 PID=4085213 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:28:24 UTC] USER=www-data EUID=0 PID=4085222 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:28:24 UTC] USER=www-data EUID=0 PID=4085231 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key
[2026-02-05 06:28:24 UTC] USER=www-data EUID=0 PID=4085250 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key
[2026-02-05 06:28:24 UTC] USER=www-data EUID=0 PID=4085260 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der
[2026-02-05 06:28:24 UTC] USER=www-data EUID=0 PID=4085274 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:28:24 UTC] USER=www-data EUID=0 PID=4085287 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:25 UTC] USER=www-data EUID=0 PID=4085318 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:25 UTC] USER=www-data EUID=0 PID=4085329 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:28:25 UTC] USER=www-data EUID=0 PID=4085339 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:28:25 UTC] USER=www-data EUID=0 PID=4085349 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:25 UTC] USER=www-data EUID=0 PID=4085363 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:25 UTC] USER=www-data EUID=0 PID=4085374 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key
[2026-02-05 06:28:25 UTC] USER=www-data EUID=0 PID=4085383 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt
[2026-02-05 06:28:25 UTC] USER=www-data EUID=0 PID=4085406 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:28:25 UTC] USER=www-data EUID=0 PID=4085415 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:28:25 UTC] USER=www-data EUID=0 PID=4085424 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key
[2026-02-05 06:28:25 UTC] USER=www-data EUID=0 PID=4085434 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085465 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085478 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085494 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085507 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085517 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085526 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085541 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085550 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085559 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085568 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085578 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085588 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085601 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085637 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085674 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085690 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:26 UTC] USER=www-data EUID=0 PID=4085701 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key
[2026-02-05 06:28:27 UTC] USER=www-data EUID=0 PID=4085725 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt
[2026-02-05 06:28:27 UTC] USER=www-data EUID=0 PID=4085745 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:28:27 UTC] USER=www-data EUID=0 PID=4085776 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:28:27 UTC] USER=www-data EUID=0 PID=4085799 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key
[2026-02-05 06:28:27 UTC] USER=www-data EUID=0 PID=4085821 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der
[2026-02-05 06:28:27 UTC] USER=www-data EUID=0 PID=4085843 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:28:27 UTC] USER=www-data EUID=0 PID=4085877 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:28:27 UTC] USER=www-data EUID=0 PID=4085940 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key
[2026-02-05 06:28:27 UTC] USER=www-data EUID=0 PID=4085953 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt
[2026-02-05 06:28:27 UTC] USER=www-data EUID=0 PID=4085962 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:28:27 UTC] USER=www-data EUID=0 PID=4085973 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:28:27 UTC] USER=www-data EUID=0 PID=4085985 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:28:27 UTC] USER=www-data EUID=0 PID=4085994 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key
[2026-02-05 06:28:27 UTC] USER=www-data EUID=0 PID=4086003 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der
[2026-02-05 06:28:27 UTC] USER=www-data EUID=0 PID=4086016 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:28:28 UTC] USER=www-data EUID=0 PID=4086026 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:28:28 UTC] USER=www-data EUID=0 PID=4086045 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:28:28 UTC] USER=www-data EUID=0 PID=4086054 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:28:28 UTC] USER=www-data EUID=0 PID=4086063 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
/bin/chown: cannot access '/opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem': No such file or directory
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: fastorder_admin_gd
Node: coordinator
FQDN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-coordinator.fastorder.com -U fastorder_admin_gd -d postgres
𧱠Connecting via Unix socket to create role and database...
Socket: /var/run/postgresql-web-universe-main-dev-coordinator:5432
π¦ Creating role fastorder_admin_gd...
β
Role fastorder_admin_gd created
βΉοΈ Database fastorder_web_universe_main_dev_db already exists, skipping creation
[2026-02-05 06:28:28 UTC] USER=www-data EUID=0 PID=4086186 ACTION=passthru ARGS=sudo -u postgres psql -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc
GRANT
β
Role and DB created via SSL
π Adding user to pg_hba.conf for SSL access...
βΉοΈ Using pg_hba.conf: /data/postgresql/17/web-universe-main-dev/coordinator/pg_hba.conf
β
Added fastorder_admin_gd to pg_hba.conf
π Reloading PostgreSQL configuration...
[2026-02-05 06:28:29 UTC] USER=www-data EUID=0 PID=4086230 ACTION=passthru ARGS=systemctl reload postgresql@web-universe-main-dev-coordinator.service
β
PostgreSQL configuration reloaded
π§ͺ Testing connection for user: fastorder_admin_gd
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[0;34m=== Pre-flight Checks ===[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;32mβ[0m AWS Secrets Manager accessible
[0;34m=== Retrieving Credentials from AWS ===[0m
βΉοΈ Retrieving PostgreSQL credentials for: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
βΉοΈ Fetching secret: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
β
Retrieved from cache: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
β
PostgreSQL credentials loaded for coordinator/fastorder_admin_gd: fastorder_admin_gd@db-web-universe-main-dev-postgresql.fastorder.com:5432/fastorder_web_universe_main_dev_db
[0;32mβ[0m Credentials retrieved: fastorder_admin_gd@db-web-universe-main-dev-postgresql.fastorder.com:5432/fastorder_web_universe_main_dev_db
[0;34mββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Test Suite (AWS Secrets MGR) β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34m=== PostgreSQL Authentication Test ===[0m
[0;31mβ[0m PostgreSQL authentication failed
---- Error Details ----
psql: error: connection to server at "db-web-universe-main-dev-postgresql.fastorder.com" (10.100.1.54), port 5432 failed: root certificate file "/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd/root.crt" does not exist
Either provide the file, use the system's trusted roots with sslrootcert=system, or change sslmode to disable server certificate verification.
----------------------
β User authentication test failed
π Password stored securely in AWS Secrets Manager
π Secret path: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
π¦ End executing 03-create-role.sh
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[2026-02-05 06:28:35 UTC] USER=www-data EUID=0 PID=4086769 ACTION=fsop ARGS=test -f /data/postgresql/17/web-universe-main-dev/coordinator/standby.signal
ββ fast setup βββββββββββββββββββββββββββββββββββββββββββββ
NAME : web-universe-main-dev
IDENTIFIER : coordinator
PG HOST : db-web-universe-main-dev-postgresql.fastorder.com:5432
ROLE : debezium_user
DB : fastorder_web_universe_main_dev_db
SCHEMA : web
AUTH MODE : scram (scram=password over TLS | cert=mTLS)
SUBNET ALLOW: 10.201.0.0/16
CONNECT /32 : 142.93.238.16
SSL DIR : /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
DNS β 10.100.1.54
CA : /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
π Setting password for user: debezium_user
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
β οΈ ~/.aws/credentials file not found
β οΈ Using environment-based AWS authentication
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Password Rotation via AWS Secrets Manager β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mEnvironment Configuration:[0m
[0;34m Service: web[0m
[0;34m Zone: universe[0m
[0;34m Environment: dev[0m
[0;34m Identifier: coordinator[0m
[0;34mAWS Secret: fastorder/db/web/universe/main/dev/postgresql/coordinator/debezium_user[0m
[0;34mConnection Info:[0m
[0;34m Socket Dir: /var/run/postgresql-web-universe-main-dev-coordinator[0m
[0;34m Port: 5432[0m
[0;34mTesting AWS Secrets Manager connectivity...[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;34mMethod 1 (PREFERRED): AWS Secrets Manager Rotation[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mThis method uses AWS Secrets Manager's built-in rotation:[0m
[0;34m β Zero-downtime (dual-password window)[0m
[0;34m β Automatic rollback on failure[0m
[0;34m β CloudTrail audit log[0m
[0;34m β CloudWatch metrics[0m
[0;34m β No secret exposure in scripts[0m
[0;34mNon-interactive mode: Proceeding with password rotation automatically[0m
[0;34mGenerating new secure password...[0m
[0;34mUser debezium_user does not exist yet - skipping ALTER, will be created by calling script[0m
[0;32mβ Password generated for new user: debezium_user[0m
[0;34mStoring password in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/coordinator/debezium_user[0m
βΉοΈ Setting PostgreSQL credentials in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator/debezium_user
βΉοΈ Setting secret in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/coordinator/debezium_user
β
Secret updated: fastorder/db/web/universe/main/dev/postgresql/coordinator/debezium_user
β
PostgreSQL credentials set in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator/debezium_user
[0;32mβ Password stored in AWS Secrets Manager[0m
[0;34mVerifying new credentials...[0m
[0;32mβ New credentials retrieved from AWS Secrets Manager[0m
[0;34mTesting PostgreSQL connection with new credentials...[0m
[0;32mβ PostgreSQL connection successful (socket authentication)[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;32mβ β Password Rotation Complete! β[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mSecret: fastorder/db/web/universe/main/dev/postgresql/coordinator/debezium_user[0m
[0;34mMethod: Direct Update (stored in AWS Secrets Manager)[0m
[0;34mStatus: Completed[0m
[0;34mTo retrieve credentials:[0m
[0;34m # Using Bash library[0m
[0;34m source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh[0m
[0;34m get_pg_credentials coordinator[0m
[0;34mAudit trail: AWS CloudTrail (for Secrets Manager operations)[0m
[0;32mβ Done![0m
π Retrieving password from vault with identifier: coordinator/debezium_user
β Retrieved password from secrets vault
password : (stored in AWS Secrets Manager)
π TLS chain check...
π§ Ensuring role and grantsβ¦
βΉοΈ Role debezium_user exists, updating
[2026-02-05 06:28:47 UTC] USER=www-data EUID=0 PID=4088110 ACTION=passthru ARGS=sudo -u postgres psql -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc
ALTER ROLE
βΉοΈ Database fastorder_web_universe_main_dev_db already exists
[2026-02-05 06:28:48 UTC] USER=www-data EUID=0 PID=4088144 ACTION=passthru ARGS=sudo -u postgres psql -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d fastorder_web_universe_main_dev_db --no-psqlrc
CREATE SCHEMA
GRANT
GRANT
GRANT
GRANT
ALTER DEFAULT PRIVILEGES
β
Role/DB/grants ensured.
β οΈ Could not find pg_hba.conf (skipping HBA edits): /data/postgresql/17/web-universe-main-dev/coordinator/pg_hba.conf
π§ͺ Testing ROLE connection (scram)...
β
SCRAM+TLS probe OK
π Done.
[DEBUG] Tracking substep start: steps/01-install/steps/05-setup-service (RUN_UUID=e39355e5-fb86-4b73-875a-81a7159dab1b)
[INFO] π¦ 05 setup service...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βΉοΈ Service-specific setup (web) is handled by parent script
β
Step 5 completed (service setup delegated to 01-install/run.sh)
π DEBUG_CHECKPOINT_01: Starting service-specific steps for SERVICE=web
π DEBUG_CHECKPOINT_02: Checking for service-specific run.sh: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/01-install/steps/web/run.sh
π DEBUG_CHECKPOINT_03: Found service-specific run.sh for: web
[DEBUG] Tracking substep start: steps/01-install/steps/web (RUN_UUID=e39355e5-fb86-4b73-875a-81a7159dab1b)
[INFO] πΈ Service: web (service-specific)
π DEBUG_CHECKPOINT_04: Executing service-specific: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/01-install/steps/web/run.sh
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Web Service Schema Provisioning
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Service: web
[INFO] Zone: universe
[INFO] Branch: main
[INFO] Environment: dev
[INFO] Identifier: coordinator
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] π¦ Running: 01-init-schema.sh...
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βββββββββββββββββββββββββββββββββββββββ
Initializing config schema
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Identifier: coordinator
Database: fastorder_web_universe_main_dev_db
Host: db-web-universe-main-dev-postgresql.fastorder.com:5432
βββββββββββββββββββββββββββββββββββββββ
[INFO] Checking if config schema exists...
[INFO] Creating config schema and tables...
CREATE EXTENSION
CREATE SCHEMA
CREATE TABLE
COMMENT
CREATE TABLE
COMMENT
CREATE TABLE
COMMENT
CREATE INDEX
CREATE INDEX
CREATE INDEX
INSERT 0 1
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
NOTICE: trigger "trg_public_defaults_version" for relation "config.public_defaults" does not exist, skipping
DROP TRIGGER
CREATE TRIGGER
NOTICE: trigger "trg_feature_flags_version" for relation "config.feature_flags" does not exist, skipping
DROP TRIGGER
CREATE TRIGGER
NOTICE: trigger "trg_public_defaults_set_updated_at" for relation "config.public_defaults" does not exist, skipping
DROP TRIGGER
CREATE TRIGGER
NOTICE: trigger "trg_feature_flags_set_updated_at" for relation "config.feature_flags" does not exist, skipping
DROP TRIGGER
CREATE TRIGGER
[OK] Config schema and tables created
[INFO] Seeding initial guest services data...
INSERT 0 9
INSERT 0 1
[OK] Initial data seeded
[INFO] Verifying config schema...
βββββββββββββββββββββββββββββββββββββββ
Config Schema Verification
βββββββββββββββββββββββββββββββββββββββ
Guest services: 9
βββββββββββββββββββββββββββββββββββββββ
[OK] Config schema initialization complete
[OK] β 01-init-schema.sh completed
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[OK] Web service schema provisioning complete
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ[0m β
Coordinator setup completed
ββββββββββββββββββββββββββββββββββββββββββββββββββ
Setting up 1 worker(s) (Citus data nodes)β¦
ββββββββββββββββββββββββββββββββββββββββββββββββββ
β Setting up worker: worker-01
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] π Initializing log directories...
[2026-02-05 06:28:53 UTC] USER=unknown EUID=33 PID=4088871 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/metrics
[2026-02-05 06:28:53 UTC] USER=unknown EUID=33 PID=4088878 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/audit
[2026-02-05 06:28:53 UTC] USER=unknown EUID=33 PID=4088886 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/provisioning
[2026-02-05 06:28:53 UTC] USER=unknown EUID=33 PID=4088893 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/metrics
[2026-02-05 06:28:53 UTC] USER=unknown EUID=33 PID=4088900 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/audit
[2026-02-05 06:28:53 UTC] USER=unknown EUID=33 PID=4088913 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/provisioning
/opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/01-install/run.sh: line 41: ok: command not found
[INFO] π’ Starting PostgreSQL provisioning for web in universe-dev...
[INFO] Environment: web-universe-main-dev
[INFO] Identifier: worker-01
[INFO] VM IP: 142.93.238.16
[DEBUG] RUN_UUID=e39355e5-fb86-4b73-875a-81a7159dab1b JOB_UUID=a159f786-94d7-4cd4-805a-b03a8486ea31
[DEBUG] Tracking substep start: steps/01-install/steps/00-configure-network-hosts (RUN_UUID=e39355e5-fb86-4b73-875a-81a7159dab1b)
[INFO] π¦ 00 configure network hosts...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CONFIGURING POSTGRESQL NETWORK & DNS
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Environment: web-universe-main-dev
[0;34m[INFO][0m Identifier: worker-01
[0;34m[INFO][0m PostgreSQL IP: 10.100.1.243
[0;34m[INFO][0m Primary hostname: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[0;34m[INFO][0m Adding /etc/hosts entry for worker-01...
[0;34m[INFO][0m db-web-universe-main-dev-postgresql-worker-01.fastorder.com β 10.100.1.243
[0;34m[INFO][0m β
db-web-universe-main-dev-postgresql-worker-01.fastorder.com already exists with correct IP
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ
[0m β
Network & DNS configuration complete
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Verifying /etc/hosts entries:
10.100.1.243 db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[DEBUG] Tracking substep start: steps/01-install/steps/01-prepare-ssl-server-postgres (RUN_UUID=e39355e5-fb86-4b73-875a-81a7159dab1b)
[INFO] π¦ 01 prepare ssl server postgres...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βββββββββββββββββββββββββββββββββββββββββββββββββ
π¦ PostgreSQL Server Certificate Generation
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe (FastOrder Universe)
Branch: main
Env: dev
Node: worker-01
Primary CN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Alt CN: web-universe-main-dev.fastorder.com
Internal IP: 10.100.1.243 (from topology: db-worker-01-postgresql)
Shared IP: 142.93.238.16 (legacy/public, also included in SANs)
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
Removing existing server certificates (preserving client certs)...
[2026-02-05 06:28:56 UTC] USER=www-data EUID=0 PID=4089517 ACTION=fsop ARGS=rm -f /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
β
Ensuring directories exist: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01 and /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:28:56 UTC] USER=www-data EUID=0 PID=4089527 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Generating 4096-bit private key...
[2026-02-05 06:28:56 UTC] USER=www-data EUID=0 PID=4089537 ACTION=fsop ARGS=chmod 755 /tmp/pg-cert-gen-4089475
[2026-02-05 06:28:56 UTC] USER=www-data EUID=0 PID=4089546 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-cert-gen-4089475/ra_root.crt
[2026-02-05 06:28:56 UTC] USER=www-data EUID=0 PID=4089559 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-cert-gen-4089475/ra_root.key
[2026-02-05 06:28:57 UTC] USER=www-data EUID=0 PID=4089568 ACTION=fsop ARGS=chmod 644 /tmp/pg-cert-gen-4089475/ra_root.crt
[2026-02-05 06:28:57 UTC] USER=www-data EUID=0 PID=4089581 ACTION=fsop ARGS=chmod 644 /tmp/pg-cert-gen-4089475/ra_root.key
π Creating certificate signing request (CSR)...
π Signing certificate with internal CA...
Certificate request self-signature ok
subject=C = US, ST = Virginia, L = Ashburn, O = FastOrder, OU = PostgreSQL, CN = db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[2026-02-05 06:29:00 UTC] USER=www-data EUID=0 PID=4090046 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-4089475/server.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
[2026-02-05 06:29:00 UTC] USER=www-data EUID=0 PID=4090055 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-4089475/server.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
[2026-02-05 06:29:00 UTC] USER=www-data EUID=0 PID=4090064 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
π Setting up CA certificate...
[2026-02-05 06:29:00 UTC] USER=www-data EUID=0 PID=4090076 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-4089475/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:00 UTC] USER=www-data EUID=0 PID=4090085 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:00 UTC] USER=www-data EUID=0 PID=4090094 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:00 UTC] USER=www-data EUID=0 PID=4090103 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt
β
Using CA certificate: /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt
π Setting up key in private directory...
Key already in correct location (CERT_DIR == KEY_DIR)
π Securing key and cert permissions...
[2026-02-05 06:29:00 UTC] USER=www-data EUID=0 PID=4090114 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
[2026-02-05 06:29:00 UTC] USER=www-data EUID=0 PID=4090124 ACTION=fsop ARGS=chmod 600 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
[2026-02-05 06:29:00 UTC] USER=www-data EUID=0 PID=4090133 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
[2026-02-05 06:29:00 UTC] USER=www-data EUID=0 PID=4090142 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
[2026-02-05 06:29:00 UTC] USER=www-data EUID=0 PID=4090151 ACTION=fsop ARGS=chown root:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:29:00 UTC] USER=www-data EUID=0 PID=4090160 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Verifying certificate...
Certificate details:
Subject: C = US, ST = Virginia, L = Ashburn, O = FastOrder, OU = PostgreSQL, CN = db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
--
X509v3 Subject Alternative Name:
DNS:db-web-universe-main-dev-postgresql-worker-01.fastorder.com, DNS:web-universe-main-dev.fastorder.com, DNS:db-web-universe-main-dev-postgresql-worker-01.fastorder.com, DNS:db-web-universe-main-dev-postgresql-worker-01, DNS:localhost, IP Address:10.100.1.243, IP Address:127.0.0.1, IP Address:142.93.238.16
X509v3 Subject Key Identifier:
β οΈ Certificate chain verification: FAILED (but certificate may still work)
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
PostgreSQL Server Certificate Generated Successfully!
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Node: worker-01
Primary CN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Certificate files installed:
π Server cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
π Server key: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
ποΈ CA cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt (ca.crt symlink also available)
To use these certificates in PostgreSQL:
1. Update postgresql.conf:
ssl = on
ssl_cert_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt'
ssl_key_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key'
ssl_ca_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt'
2. Restart PostgreSQL:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl restart postgresql@web-universe-main-dev-worker-01.service
3. Test SSL connection:
psql "host=db-web-universe-main-dev-postgresql-worker-01.fastorder.com port=5432 user=postgres sslmode=verify-full"
βββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: postgres
Identifier: worker-01
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: worker-01
User (CN): postgres
Hostname: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:29:01 UTC] USER=www-data EUID=0 PID=4090217 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-worker-01-postgres
[2026-02-05 06:29:01 UTC] USER=www-data EUID=0 PID=4090229 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-worker-01-postgres/ra_root.crt
[2026-02-05 06:29:01 UTC] USER=www-data EUID=0 PID=4090238 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-worker-01-postgres/ra_root.key
[2026-02-05 06:29:01 UTC] USER=www-data EUID=0 PID=4090247 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-postgres/ra_root.crt
[2026-02-05 06:29:01 UTC] USER=www-data EUID=0 PID=4090256 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-postgres/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = postgres
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:29:02 UTC] USER=www-data EUID=0 PID=4090284 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:29:02 UTC] USER=www-data EUID=0 PID=4090293 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:29:02 UTC] USER=www-data EUID=0 PID=4090312 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:29:02 UTC] USER=www-data EUID=0 PID=4090321 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:02 UTC] USER=www-data EUID=0 PID=4090330 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:29:02 UTC] USER=www-data EUID=0 PID=4090382 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:29:02 UTC] USER=www-data EUID=0 PID=4090401 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:29:02 UTC] USER=www-data EUID=0 PID=4090419 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:29:02 UTC] USER=www-data EUID=0 PID=4090428 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:29:02 UTC] USER=www-data EUID=0 PID=4090458 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:29:02 UTC] USER=www-data EUID=0 PID=4090476 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:29:02 UTC] USER=www-data EUID=0 PID=4090485 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:29:02 UTC] USER=www-data EUID=0 PID=4090494 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:02 UTC] USER=www-data EUID=0 PID=4090503 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:08 UTC] USER=www-data EUID=0 PID=4090763 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:08 UTC] USER=www-data EUID=0 PID=4090785 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:29:08 UTC] USER=www-data EUID=0 PID=4090854 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:08 UTC] USER=www-data EUID=0 PID=4090886 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:08 UTC] USER=www-data EUID=0 PID=4090915 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:29:09 UTC] USER=www-data EUID=0 PID=4090926 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:29:09 UTC] USER=www-data EUID=0 PID=4090938 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:09 UTC] USER=www-data EUID=0 PID=4090951 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:29:09 UTC] USER=www-data EUID=0 PID=4090961 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:29:09 UTC] USER=www-data EUID=0 PID=4090973 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:29:09 UTC] USER=www-data EUID=0 PID=4090983 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:29:09 UTC] USER=www-data EUID=0 PID=4091001 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:09 UTC] USER=www-data EUID=0 PID=4091014 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:09 UTC] USER=www-data EUID=0 PID=4091032 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:29:09 UTC] USER=www-data EUID=0 PID=4091060 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:09 UTC] USER=www-data EUID=0 PID=4091070 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:29:09 UTC] USER=www-data EUID=0 PID=4091080 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:29:10 UTC] USER=www-data EUID=0 PID=4091091 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:10 UTC] USER=www-data EUID=0 PID=4091106 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:29:10 UTC] USER=www-data EUID=0 PID=4091119 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:29:10 UTC] USER=www-data EUID=0 PID=4091128 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:29:10 UTC] USER=www-data EUID=0 PID=4091138 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:29:10 UTC] USER=www-data EUID=0 PID=4091163 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:10 UTC] USER=www-data EUID=0 PID=4091176 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:10 UTC] USER=www-data EUID=0 PID=4091187 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:29:10 UTC] USER=www-data EUID=0 PID=4091202 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:29:10 UTC] USER=www-data EUID=0 PID=4091219 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:10 UTC] USER=www-data EUID=0 PID=4091255 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:29:10 UTC] USER=www-data EUID=0 PID=4091269 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:29:10 UTC] USER=www-data EUID=0 PID=4091282 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:11 UTC] USER=www-data EUID=0 PID=4091321 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:29:11 UTC] USER=www-data EUID=0 PID=4091368 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:29:11 UTC] USER=www-data EUID=0 PID=4091420 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:11 UTC] USER=www-data EUID=0 PID=4091438 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:12 UTC] USER=www-data EUID=0 PID=4091515 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:12 UTC] USER=www-data EUID=0 PID=4091595 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:29:12 UTC] USER=www-data EUID=0 PID=4091635 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:29:12 UTC] USER=www-data EUID=0 PID=4091654 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:29:12 UTC] USER=www-data EUID=0 PID=4091679 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:29:12 UTC] USER=www-data EUID=0 PID=4091693 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:29:12 UTC] USER=www-data EUID=0 PID=4091713 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:29:13 UTC] USER=www-data EUID=0 PID=4091754 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:29:13 UTC] USER=www-data EUID=0 PID=4091772 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:29:13 UTC] USER=www-data EUID=0 PID=4091797 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:29:13 UTC] USER=www-data EUID=0 PID=4091814 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:29:13 UTC] USER=www-data EUID=0 PID=4091834 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:29:13 UTC] USER=www-data EUID=0 PID=4091851 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:29:13 UTC] USER=www-data EUID=0 PID=4091865 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: postgres
Node: worker-01
FQDN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-worker-01.fastorder.com -U postgres -d postgres
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: postgres
Identifier: worker-01
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: worker-01
User (CN): postgres
Hostname: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:29:15 UTC] USER=www-data EUID=0 PID=4092061 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-worker-01-postgres
[2026-02-05 06:29:15 UTC] USER=www-data EUID=0 PID=4092093 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-worker-01-postgres/ra_root.key
[2026-02-05 06:29:15 UTC] USER=www-data EUID=0 PID=4092121 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-postgres/ra_root.crt
[2026-02-05 06:29:15 UTC] USER=www-data EUID=0 PID=4092155 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-postgres/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = postgres
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:29:16 UTC] USER=www-data EUID=0 PID=4092211 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:29:16 UTC] USER=www-data EUID=0 PID=4092233 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:29:16 UTC] USER=www-data EUID=0 PID=4092273 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:29:16 UTC] USER=www-data EUID=0 PID=4092293 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:29:16 UTC] USER=www-data EUID=0 PID=4092303 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:29:16 UTC] USER=www-data EUID=0 PID=4092313 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:29:16 UTC] USER=www-data EUID=0 PID=4092322 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:29:16 UTC] USER=www-data EUID=0 PID=4092340 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092369 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092379 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092388 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092397 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092406 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092415 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092425 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092434 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092461 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092470 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092488 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092497 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092506 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092515 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092527 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092537 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092546 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092565 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:29:17 UTC] USER=www-data EUID=0 PID=4092575 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092585 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092594 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092603 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092614 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092623 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092632 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092641 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092650 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092660 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092672 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092684 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_der.key
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092733 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092746 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092758 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092775 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092791 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:18 UTC] USER=www-data EUID=0 PID=4092800 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:29:19 UTC] USER=www-data EUID=0 PID=4092812 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:29:19 UTC] USER=www-data EUID=0 PID=4092841 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:29:19 UTC] USER=www-data EUID=0 PID=4092856 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:29:19 UTC] USER=www-data EUID=0 PID=4092895 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:19 UTC] USER=www-data EUID=0 PID=4092906 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:19 UTC] USER=www-data EUID=0 PID=4092917 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:29:19 UTC] USER=www-data EUID=0 PID=4092927 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:29:19 UTC] USER=www-data EUID=0 PID=4092945 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4092981 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4093005 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4093018 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4093033 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4093048 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4093057 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4093066 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4093090 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4093108 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4093117 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
β
Symlinked ca.pem
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4093136 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4093145 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4093154 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4093163 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4093172 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:29:20 UTC] USER=www-data EUID=0 PID=4093182 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: postgres
Node: worker-01
FQDN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-worker-01.fastorder.com -U postgres -d postgres
[DEBUG] Tracking substep start: steps/01-install/steps/02-setup-pg-instance (RUN_UUID=e39355e5-fb86-4b73-875a-81a7159dab1b)
[INFO] π¦ 02 setup pg instance...
[0;34m[DEADLOCK-PREVENTION][0m Deadlock prevention library loaded
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
π Configuring AWS credentials...
β
Using permanent AWS credentials from /var/www/.aws/credentials
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
βββββββββββββββββββββββββββββββββββββββββββββββββ
π Configuring AWS credentials...
[WARN] ~/.aws/credentials file not found
[WARN] AWS operations may require SSO login
βββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Using existing db-worker-01-postgresql environment: db-web-universe-main-dev-postgresql-worker-01.fastorder.com (10.100.1.243)
[INFO] PostgreSQL will listen on application-specific IP: 10.100.1.243
[0;34m[INFO][0m Environment: web-universe-main-dev
[0;34m[INFO][0m Identifier: worker-01
[0;34m[INFO][0m Data dir: /data/postgresql/17/web-universe-main-dev/worker-01
[0;34m[INFO][0m Port: 5432
[0;34m[INFO][0m Hostname: db-web-universe-main-dev-postgresql-worker-01
[2026-02-05 06:29:22 UTC] USER=www-data EUID=0 PID=4093334 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:29:22 UTC] USER=www-data EUID=0 PID=4093355 ACTION=fsop ARGS=chmod 755 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:29:23 UTC] USER=www-data EUID=0 PID=4093383 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:29:23 UTC] USER=www-data EUID=0 PID=4093413 ACTION=fsop ARGS=chown root:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[1;33m[WARN][0m Server certificate not found at /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
[0;34m[INFO][0m Generating server certificate using ssl/server.sh...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βββββββββββββββββββββββββββββββββββββββββββββββββ
π¦ PostgreSQL Server Certificate Generation
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe (FastOrder Universe)
Branch: main
Env: dev
Node: worker-01
Primary CN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Alt CN: web-universe-main-dev.fastorder.com
Internal IP: 10.100.1.243 (from topology: db-worker-01-postgresql)
Shared IP: 142.93.238.16 (legacy/public, also included in SANs)
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
Removing existing server certificates (preserving client certs)...
[2026-02-05 06:29:23 UTC] USER=www-data EUID=0 PID=4093477 ACTION=fsop ARGS=rm -f /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
β
Ensuring directories exist: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01 and /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:29:23 UTC] USER=www-data EUID=0 PID=4093486 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Generating 4096-bit private key...
[2026-02-05 06:29:23 UTC] USER=www-data EUID=0 PID=4093496 ACTION=fsop ARGS=chmod 755 /tmp/pg-cert-gen-4093420
[2026-02-05 06:29:23 UTC] USER=www-data EUID=0 PID=4093505 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-cert-gen-4093420/ra_root.crt
[2026-02-05 06:29:24 UTC] USER=www-data EUID=0 PID=4093514 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-cert-gen-4093420/ra_root.key
[2026-02-05 06:29:24 UTC] USER=www-data EUID=0 PID=4093523 ACTION=fsop ARGS=chmod 644 /tmp/pg-cert-gen-4093420/ra_root.crt
[2026-02-05 06:29:24 UTC] USER=www-data EUID=0 PID=4093532 ACTION=fsop ARGS=chmod 644 /tmp/pg-cert-gen-4093420/ra_root.key
π Creating certificate signing request (CSR)...
π Signing certificate with internal CA...
Certificate request self-signature ok
subject=C = US, ST = Virginia, L = Ashburn, O = FastOrder, OU = PostgreSQL, CN = db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[2026-02-05 06:29:27 UTC] USER=www-data EUID=0 PID=4093743 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-4093420/server.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
π Setting up CA certificate...
[2026-02-05 06:29:27 UTC] USER=www-data EUID=0 PID=4093770 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-4093420/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:27 UTC] USER=www-data EUID=0 PID=4093780 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:27 UTC] USER=www-data EUID=0 PID=4093790 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:29:27 UTC] USER=www-data EUID=0 PID=4093799 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt
β
Using CA certificate: /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt
π Setting up key in private directory...
Key already in correct location (CERT_DIR == KEY_DIR)
π Securing key and cert permissions...
[2026-02-05 06:29:27 UTC] USER=www-data EUID=0 PID=4093810 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
[2026-02-05 06:29:28 UTC] USER=www-data EUID=0 PID=4093826 ACTION=fsop ARGS=chmod 600 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
[2026-02-05 06:29:28 UTC] USER=www-data EUID=0 PID=4093841 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
[2026-02-05 06:29:28 UTC] USER=www-data EUID=0 PID=4093850 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
[2026-02-05 06:29:28 UTC] USER=www-data EUID=0 PID=4093872 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Verifying certificate...
Certificate details:
Subject: C = US, ST = Virginia, L = Ashburn, O = FastOrder, OU = PostgreSQL, CN = db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
--
X509v3 Subject Alternative Name:
DNS:db-web-universe-main-dev-postgresql-worker-01.fastorder.com, DNS:web-universe-main-dev.fastorder.com, DNS:db-web-universe-main-dev-postgresql-worker-01.fastorder.com, DNS:db-web-universe-main-dev-postgresql-worker-01, DNS:localhost, IP Address:10.100.1.243, IP Address:127.0.0.1, IP Address:142.93.238.16
X509v3 Subject Key Identifier:
β οΈ Certificate chain verification: FAILED (but certificate may still work)
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
PostgreSQL Server Certificate Generated Successfully!
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Node: worker-01
Primary CN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Certificate files installed:
π Server cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
π Server key: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
ποΈ CA cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt (ca.crt symlink also available)
To use these certificates in PostgreSQL:
1. Update postgresql.conf:
ssl = on
ssl_cert_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt'
ssl_key_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key'
ssl_ca_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt'
2. Restart PostgreSQL:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl restart postgresql@web-universe-main-dev-worker-01.service
3. Test SSL connection:
psql "host=db-web-universe-main-dev-postgresql-worker-01.fastorder.com port=5432 user=postgres sslmode=verify-full"
βββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m β
Using canonical certificate path (hardened, ProtectHome=true compatible)
[2026-02-05 06:29:28 UTC] USER=www-data EUID=0 PID=4093931 ACTION=fsop ARGS=test -f /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
[2026-02-05 06:29:28 UTC] USER=www-data EUID=0 PID=4093940 ACTION=fsop ARGS=test -f /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt
[0;32m[OK][0m mTLS certificates OK (server cert + client certs verified) and keys secured
[0;34m[INFO][0m Preflight: stopping any conflicting Postgres services/processes on port 5432β¦
[2026-02-05 06:29:28 UTC] USER=www-data EUID=0 PID=4093980 ACTION=passthru ARGS=systemctl stop postgresql@web-universe-main-dev-worker-01.service
[2026-02-05 06:29:29 UTC] USER=www-data EUID=0 PID=4094054 ACTION=passthru ARGS=systemctl stop postgresql
[1;33m[WARN][0m Cleaning stale socket directory /var/run/postgresql-web-universe-main-dev-worker-01
[2026-02-05 06:29:29 UTC] USER=www-data EUID=0 PID=4094279 ACTION=fsop ARGS=rm -rf /var/run/postgresql-web-universe-main-dev-worker-01
[0;32m[OK][0m No conflicting Postgres left on port 5432
[0;32m[OK][0m Using postgres password from vault provider
[2026-02-05 06:29:34 UTC] USER=www-data EUID=0 PID=4094964 ACTION=fsop ARGS=chown postgres:postgres /tmp/.pg_pwfile.Ej4VcH
[2026-02-05 06:29:34 UTC] USER=www-data EUID=0 PID=4095066 ACTION=fsop ARGS=chmod 600 /tmp/.pg_pwfile.Ej4VcH
[2026-02-05 06:29:35 UTC] USER=www-data EUID=0 PID=4095190 ACTION=fsop ARGS=mkdir -p /data/postgresql/17/web-universe-main-dev
[2026-02-05 06:29:36 UTC] USER=www-data EUID=0 PID=4096101 ACTION=fsop ARGS=chown postgres:postgres /data/postgresql/17/web-universe-main-dev
[2026-02-05 06:29:36 UTC] USER=www-data EUID=0 PID=4096654 ACTION=fsop ARGS=chmod 755 /data/postgresql/17/web-universe-main-dev
[0;34m[INFO][0m Initializing cluster in /data/postgresql/17/web-universe-main-dev/worker-01 (SCRAM; pwfile)
[1;33m[WARN][0m Removing existing data directory: /data/postgresql/17/web-universe-main-dev/worker-01
[2026-02-05 06:29:37 UTC] USER=www-data EUID=0 PID=4097155 ACTION=fsop ARGS=rm -rf /data/postgresql/17/web-universe-main-dev/worker-01
[2026-02-05 06:29:38 UTC] USER=www-data EUID=0 PID=4097300 ACTION=fsop ARGS=mkdir -p /data/postgresql/17/web-universe-main-dev/worker-01
[2026-02-05 06:29:39 UTC] USER=www-data EUID=0 PID=4097450 ACTION=fsop ARGS=chown postgres:postgres /data/postgresql/17/web-universe-main-dev/worker-01
[2026-02-05 06:29:40 UTC] USER=www-data EUID=0 PID=4097897 ACTION=fsop ARGS=mkdir -p /var/run/postgresql-web-universe-main-dev-worker-01
[2026-02-05 06:29:40 UTC] USER=www-data EUID=0 PID=4097949 ACTION=fsop ARGS=chown postgres:postgres /var/run/postgresql-web-universe-main-dev-worker-01
[2026-02-05 06:29:41 UTC] USER=www-data EUID=0 PID=4098015 ACTION=fsop ARGS=chmod 2775 /var/run/postgresql-web-universe-main-dev-worker-01
[2026-02-05 06:29:41 UTC] USER=www-data EUID=0 PID=4098053 ACTION=passthru ARGS=sudo -u postgres /usr/lib/postgresql/17/bin/initdb -D /data/postgresql/17/web-universe-main-dev/worker-01 --locale=en_US.UTF-8 --encoding=UTF8 --auth-local=scram-sha-256 --auth-host=scram-sha-256 --pwfile=/tmp/.pg_pwfile.Ej4VcH
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /data/postgresql/17/web-universe-main-dev/worker-01 ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default "max_connections" ... 100
selecting default "shared_buffers" ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
Success. You can now start the database server using:
/usr/lib/postgresql/17/bin/pg_ctl -D /data/postgresql/17/web-universe-main-dev/worker-01 -l logfile start
[0;32m[OK][0m initdb complete
[2026-02-05 06:29:52 UTC] USER=www-data EUID=0 PID=4098900 ACTION=fsop ARGS=rm -f /tmp/.pg_pwfile.Ej4VcH
[0;34m[INFO][0m Writing postgresql.conf (TLSβ₯1.2, SCRAM, audit logs)
[0;32m[OK][0m postgresql.conf updated successfully
[0;34m[INFO][0m Writing pg_hba.conf (mTLS with client certificates + SCRAM, least-privilege)
[2026-02-05 06:29:55 UTC] USER=www-data EUID=0 PID=4099043 ACTION=fsop ARGS=cp /tmp/tmp.SZuWxqmsU4 /data/postgresql/17/web-universe-main-dev/worker-01/pg_hba.conf
[2026-02-05 06:29:56 UTC] USER=www-data EUID=0 PID=4099170 ACTION=fsop ARGS=chown postgres:postgres /data/postgresql/17/web-universe-main-dev/worker-01/pg_hba.conf
[2026-02-05 06:29:57 UTC] USER=www-data EUID=0 PID=4099265 ACTION=fsop ARGS=chmod 600 /data/postgresql/17/web-universe-main-dev/worker-01/pg_hba.conf
[0;32m[OK][0m pg_hba.conf updated
[0;34m[INFO][0m Creating systemd unit: /etc/systemd/system/postgresql@web-universe-main-dev-worker-01.service
[2026-02-05 06:29:58 UTC] USER=www-data EUID=0 PID=4099352 ACTION=fsop ARGS=mv -f /tmp/.pg_unit.iyDyBY /etc/systemd/system/postgresql@web-universe-main-dev-worker-01.service
[2026-02-05 06:29:58 UTC] USER=www-data EUID=0 PID=4099492 ACTION=fsop ARGS=chmod 0644 /etc/systemd/system/postgresql@web-universe-main-dev-worker-01.service
[0;32m[OK][0m systemd unit written
[2026-02-05 06:29:59 UTC] USER=www-data EUID=0 PID=4099629 ACTION=fsop ARGS=mkdir -p /var/lib/pgbackrest /var/spool/pgbackrest /var/log/pgbackrest
[2026-02-05 06:30:01 UTC] USER=www-data EUID=0 PID=4099762 ACTION=passthru ARGS=systemctl daemon-reload
[0;34m[INFO][0m Starting PostgreSQL instance...
[2026-02-05 06:30:07 UTC] USER=www-data EUID=0 PID=4101015 ACTION=passthru ARGS=systemctl start postgresql@web-universe-main-dev-worker-01.service
[0;34m[INFO][0m Waiting for ACTIVE (systemd)β¦
[2026-02-05 06:30:09 UTC] USER=www-data EUID=0 PID=4101547 ACTION=passthru ARGS=systemctl is-active --quiet postgresql@web-universe-main-dev-worker-01.service
[0;32m[OK][0m Service ACTIVE
[0;34m[INFO][0m Waiting for port 5432 bindβ¦
[0;32m[OK][0m Port bound
[0;34m[INFO][0m Waiting pg_isready (socket)β¦
[0;32m[OK][0m Readiness via socket OK
[0;34m[INFO][0m Waiting pg_isready (TCP db-web-universe-main-dev-postgresql-worker-01.fastorder.com:5432)β¦
[0;32m[OK][0m Startup sequence complete
[0;34m[INFO][0m Validating core security GUCs (via local socket)β¦
[0;32m[OK][0m Security GUCs verified (ssl, min TLS, SCRAM, audit logs)
[0;34m[INFO][0m Provisioning application database and Debezium role (if not exists)...
[0;34m[INFO][0m Checking if database fastorder_web_universe_main_dev_db exists...
[0;34m[INFO][0m DB check result: exit_code=0, output='[2026-02-05 06:30:20 UTC] USER=www-data EUID=0 PID=4104918 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -Atqc SELECT 1 FROM pg_database WHERE datname = 'fastorder_web_universe_main_dev_db''
[0;34m[INFO][0m Creating database fastorder_web_universe_main_dev_db...
[2026-02-05 06:30:23 UTC] USER=www-data EUID=0 PID=4105475 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c CREATE DATABASE "fastorder_web_universe_main_dev_db" ENCODING 'UTF8' LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8' TEMPLATE template0;
CREATE DATABASE
[0;32m[OK][0m Database fastorder_web_universe_main_dev_db created
[0;34m[INFO][0m Checking if role debezium_user exists...
[0;34m[INFO][0m Role check result: exit_code=0, output='[2026-02-05 06:30:26 UTC] USER=www-data EUID=0 PID=4106606 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -Atqc SELECT 1 FROM pg_roles WHERE rolname = 'debezium_user''
[0;34m[INFO][0m Creating role debezium_user...
[2026-02-05 06:30:28 UTC] USER=www-data EUID=0 PID=4107034 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c CREATE ROLE debezium_user LOGIN PASSWORD 'UupazdywzJ+3lR26qD36+fjR';
CREATE ROLE
[0;32m[OK][0m Role debezium_user created
[2026-02-05 06:30:30 UTC] USER=www-data EUID=0 PID=4107843 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c GRANT CONNECT ON DATABASE "fastorder_web_universe_main_dev_db" TO debezium_user;
GRANT
[0;32m[OK][0m Application DB (fastorder_web_universe_main_dev_db) + Debezium role (debezium_user) provisioned (idempotent)
[0;34m[INFO][0m Applying connection and memory optimizations...
[0;34m[INFO][0m Current settings: max_connections=100, work_mem=4MB
[0;34m[INFO][0m Target settings (worker): max_connections=100, work_mem=8MB
[2026-02-05 06:30:36 UTC] USER=www-data EUID=0 PID=4109327 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c ALTER SYSTEM SET max_connections = 100;
ALTER SYSTEM
[2026-02-05 06:30:37 UTC] USER=www-data EUID=0 PID=4109889 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c ALTER SYSTEM SET work_mem = '8MB';
ALTER SYSTEM
[2026-02-05 06:30:38 UTC] USER=www-data EUID=0 PID=4110339 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -c SELECT pg_reload_conf();
pg_reload_conf
----------------
t
(1 row)
[0;32m[OK][0m Settings applied to postgresql.auto.conf
[2026-02-05 06:30:39 UTC] USER=www-data EUID=0 PID=4110619 ACTION=passthru ARGS=sudo -u postgres test -f /data/postgresql/17/web-universe-main-dev/worker-01/standby.signal
[0;34m[INFO][0m Service recently started (30s ago) - restarting to apply max_connections...
[0;34m[INFO][0m Stopping service...
[2026-02-05 06:30:39 UTC] USER=www-data EUID=0 PID=4110955 ACTION=passthru ARGS=systemctl stop postgresql@web-universe-main-dev-worker-01.service
[0;34m[INFO][0m Waiting for port 5432 to be released...
[0;32m[OK][0m Port 5432 released
[0;34m[INFO][0m Starting service...
[2026-02-05 06:30:44 UTC] USER=www-data EUID=0 PID=4113599 ACTION=passthru ARGS=systemctl start postgresql@web-universe-main-dev-worker-01.service
[2026-02-05 06:30:52 UTC] USER=www-data EUID=0 PID=4116318 ACTION=passthru ARGS=systemctl is-active --quiet postgresql@web-universe-main-dev-worker-01.service
[0;32m[OK][0m β
Optimization complete: max_connections=100, work_mem=8MB
[1;33m[WARN][0m β οΈ Skipping synchronous replication configuration - no standbys connected yet
[0;34m[INFO][0m Synchronous replication will be enabled automatically when standbys connect
[0;34m[INFO][0m This prevents write operations from hanging during initial setup
[0;34m[INFO][0m Expected standbys: 3
[0;34m[INFO][0m Setting postgres password via centralized script... for worker-01
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
β οΈ ~/.aws/credentials file not found
β οΈ Using environment-based AWS authentication
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Password Rotation via AWS Secrets Manager β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mEnvironment Configuration:[0m
[0;34m Service: web[0m
[0;34m Zone: universe[0m
[0;34m Environment: dev[0m
[0;34m Identifier: worker-01[0m
[0;34mAWS Secret: fastorder/db/web/universe/main/dev/postgresql/worker-01[0m
[0;34mConnection Info:[0m
[0;34m Socket Dir: /var/run/postgresql-web-universe-main-dev-worker-01[0m
[0;34m Port: 5432[0m
[0;34mTesting AWS Secrets Manager connectivity...[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;34mMethod 1 (PREFERRED): AWS Secrets Manager Rotation[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mThis method uses AWS Secrets Manager's built-in rotation:[0m
[0;34m β Zero-downtime (dual-password window)[0m
[0;34m β Automatic rollback on failure[0m
[0;34m β CloudTrail audit log[0m
[0;34m β CloudWatch metrics[0m
[0;34m β No secret exposure in scripts[0m
[0;34mNon-interactive mode: Proceeding with password rotation automatically[0m
[0;34mInitial setup: Using password from initdb[0m
[0;32mβ PostgreSQL password already set during initdb[0m
[0;34mStoring password in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/worker-01[0m
βΉοΈ Setting PostgreSQL credentials in vault: fastorder/db/web/universe/main/dev/postgresql/worker-01
βΉοΈ Setting secret in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/worker-01
β
Secret updated: fastorder/db/web/universe/main/dev/postgresql/worker-01
β
PostgreSQL credentials set in vault: fastorder/db/web/universe/main/dev/postgresql/worker-01
[0;32mβ Password stored in AWS Secrets Manager[0m
[0;34mVerifying new credentials...[0m
[0;32mβ New credentials retrieved from AWS Secrets Manager[0m
[0;34mTesting PostgreSQL connection with new credentials...[0m
[0;32mβ PostgreSQL connection successful (socket authentication)[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;32mβ β Password Rotation Complete! β[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mSecret: fastorder/db/web/universe/main/dev/postgresql/worker-01[0m
[0;34mMethod: Direct Update (stored in AWS Secrets Manager)[0m
[0;34mStatus: Completed[0m
[0;34mTo retrieve credentials:[0m
[0;34m # Using Bash library[0m
[0;34m source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh[0m
[0;34m get_pg_credentials worker-01[0m
[0;34mAudit trail: AWS CloudTrail (for Secrets Manager operations)[0m
[0;32mβ Done![0m
[0;32m[OK][0m Password set and persisted
[0;34m[INFO][0m Updating /etc/hosts with PostgreSQL hostname mappings...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CONFIGURING POSTGRESQL NETWORK & DNS
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Environment: web-universe-main-dev
[0;34m[INFO][0m Identifier: worker-01
[0;34m[INFO][0m PostgreSQL IP: 10.100.1.243
[0;34m[INFO][0m Primary hostname: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[0;34m[INFO][0m Adding /etc/hosts entry for worker-01...
[0;34m[INFO][0m db-web-universe-main-dev-postgresql-worker-01.fastorder.com β 10.100.1.243
[0;34m[INFO][0m β
db-web-universe-main-dev-postgresql-worker-01.fastorder.com already exists with correct IP
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ
[0m β
Network & DNS configuration complete
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Verifying /etc/hosts entries:
10.100.1.243 db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[0;32m[OK][0m PostgreSQL 'web-universe-main-dev' is up with TLS/SCRAM/logging.
Superuser TCP mode: cert
Connect (mTLS):
psql "sslmode=verify-full sslrootcert=/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt \
sslcert=/home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt \
sslkey=/home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key \
host=db-web-universe-main-dev-postgresql-worker-01 port=5432 dbname=postgres user=postgres"
File been compeleted perfectly: 02-setup-pg-instance
[0;34m[INFO][0m Registering PostgreSQL node to observability API...
[INFO] Detected 4-part identifier format
[INFO] Registering node via API
[INFO] Application: PostgreSQL
[INFO] Identifier: web-universe-main-dev-postgresql-worker-01
[INFO] Identifier Parent: worker-01
[INFO] IP: 10.100.1.243
[INFO] Port: 5432
[INFO] FQDN: db-web-universe-main-dev-postgresql-worker-01
[INFO] Status: running
[INFO] Environment: web-universe-main-dev (service=web, zone=universe, branch=main, env=dev)
[INFO] Calling registration API: https://skeleton.dev.fastorder.com/api/obs/register
[SUCCESS] =========================================
[SUCCESS] Node registered successfully via API!
[SUCCESS] =========================================
[SUCCESS] Node UUID: 84e4185a-2ef1-49c1-8d2a-841d077f036b
[SUCCESS] Environment UUID: b9b5805b-8033-4d13-b5de-5df5c0dd562b
[SUCCESS] Dashboard: https:\/\/skeleton.dev.fastorder.com\/dashboard\/monitoring\/environment\/b9b5805b-8033-4d13-b5de-5df5c0dd562b
[0;32m[OK][0m PostgreSQL node registered to observability API
[DEBUG] Tracking substep start: steps/01-install/steps/03-role (RUN_UUID=e39355e5-fb86-4b73-875a-81a7159dab1b)
[INFO] π¦ 03 role...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: debezium_user
Identifier: worker-01
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: worker-01
User (CN): debezium_user
Hostname: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:32:00 UTC] USER=www-data EUID=0 PID=4128201 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-worker-01-debezium_user
[2026-02-05 06:32:00 UTC] USER=www-data EUID=0 PID=4128226 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-worker-01-debezium_user/ra_root.crt
[2026-02-05 06:32:00 UTC] USER=www-data EUID=0 PID=4128267 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-worker-01-debezium_user/ra_root.key
[2026-02-05 06:32:00 UTC] USER=www-data EUID=0 PID=4128312 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-debezium_user/ra_root.crt
[2026-02-05 06:32:01 UTC] USER=www-data EUID=0 PID=4128345 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-debezium_user/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = debezium_user
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:32:03 UTC] USER=www-data EUID=0 PID=4128881 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:32:03 UTC] USER=www-data EUID=0 PID=4128963 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:32:03 UTC] USER=www-data EUID=0 PID=4129002 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-debezium_user/debezium_user.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key
[2026-02-05 06:32:03 UTC] USER=www-data EUID=0 PID=4129050 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-debezium_user/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.crt
[2026-02-05 06:32:04 UTC] USER=www-data EUID=0 PID=4129121 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-debezium_user/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:04 UTC] USER=www-data EUID=0 PID=4129190 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-debezium_user/debezium_user.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key.pkcs1
[2026-02-05 06:32:04 UTC] USER=www-data EUID=0 PID=4129211 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-debezium_user/debezium_user_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_der.key
[2026-02-05 06:32:05 UTC] USER=www-data EUID=0 PID=4129228 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-debezium_user/debezium_user_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_pk8.der
[2026-02-05 06:32:05 UTC] USER=www-data EUID=0 PID=4129238 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key
[2026-02-05 06:32:05 UTC] USER=www-data EUID=0 PID=4129247 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:05 UTC] USER=www-data EUID=0 PID=4129257 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:32:05 UTC] USER=www-data EUID=0 PID=4129279 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key
[2026-02-05 06:32:05 UTC] USER=www-data EUID=0 PID=4129291 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key.pkcs1
[2026-02-05 06:32:06 UTC] USER=www-data EUID=0 PID=4129310 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_pk8.der
[2026-02-05 06:32:06 UTC] USER=www-data EUID=0 PID=4129329 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:06 UTC] USER=www-data EUID=0 PID=4129345 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:06 UTC] USER=www-data EUID=0 PID=4129482 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:07 UTC] USER=www-data EUID=0 PID=4129535 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:07 UTC] USER=www-data EUID=0 PID=4129589 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:07 UTC] USER=www-data EUID=0 PID=4129611 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key
[2026-02-05 06:32:07 UTC] USER=www-data EUID=0 PID=4129649 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt
[2026-02-05 06:32:07 UTC] USER=www-data EUID=0 PID=4129681 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:07 UTC] USER=www-data EUID=0 PID=4129717 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:32:08 UTC] USER=www-data EUID=0 PID=4129749 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key.pkcs1
[2026-02-05 06:32:08 UTC] USER=www-data EUID=0 PID=4129834 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:08 UTC] USER=www-data EUID=0 PID=4129885 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:09 UTC] USER=www-data EUID=0 PID=4129939 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:09 UTC] USER=www-data EUID=0 PID=4129949 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:09 UTC] USER=www-data EUID=0 PID=4129958 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key
[2026-02-05 06:32:09 UTC] USER=www-data EUID=0 PID=4129995 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt
[2026-02-05 06:32:09 UTC] USER=www-data EUID=0 PID=4130026 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:09 UTC] USER=www-data EUID=0 PID=4130041 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:32:09 UTC] USER=www-data EUID=0 PID=4130064 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key.pkcs1
[2026-02-05 06:32:09 UTC] USER=www-data EUID=0 PID=4130090 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user_der.key
[2026-02-05 06:32:10 UTC] USER=www-data EUID=0 PID=4130104 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user_pk8.der
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:10 UTC] USER=www-data EUID=0 PID=4130145 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:10 UTC] USER=www-data EUID=0 PID=4130158 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:10 UTC] USER=www-data EUID=0 PID=4130172 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:10 UTC] USER=www-data EUID=0 PID=4130198 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:11 UTC] USER=www-data EUID=0 PID=4130215 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:11 UTC] USER=www-data EUID=0 PID=4130273 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:11 UTC] USER=www-data EUID=0 PID=4130293 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key.pkcs1
[2026-02-05 06:32:11 UTC] USER=www-data EUID=0 PID=4130304 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user_der.key
[2026-02-05 06:32:11 UTC] USER=www-data EUID=0 PID=4130314 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user_pk8.der
[2026-02-05 06:32:11 UTC] USER=www-data EUID=0 PID=4130324 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:12 UTC] USER=www-data EUID=0 PID=4130340 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:12 UTC] USER=www-data EUID=0 PID=4130352 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:12 UTC] USER=www-data EUID=0 PID=4130362 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:12 UTC] USER=www-data EUID=0 PID=4130376 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:12 UTC] USER=www-data EUID=0 PID=4130418 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:12 UTC] USER=www-data EUID=0 PID=4130429 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key
[2026-02-05 06:32:13 UTC] USER=www-data EUID=0 PID=4130558 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:13 UTC] USER=www-data EUID=0 PID=4130587 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:32:13 UTC] USER=www-data EUID=0 PID=4130643 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user_der.key
[2026-02-05 06:32:13 UTC] USER=www-data EUID=0 PID=4130680 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user_pk8.der
[2026-02-05 06:32:13 UTC] USER=www-data EUID=0 PID=4130712 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:32:13 UTC] USER=www-data EUID=0 PID=4130753 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:32:13 UTC] USER=www-data EUID=0 PID=4130773 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:32:13 UTC] USER=www-data EUID=0 PID=4130800 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:32:14 UTC] USER=www-data EUID=0 PID=4130825 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:32:14 UTC] USER=www-data EUID=0 PID=4130837 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:32:14 UTC] USER=www-data EUID=0 PID=4130903 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:32:14 UTC] USER=www-data EUID=0 PID=4130930 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:32:14 UTC] USER=www-data EUID=0 PID=4130960 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:32:14 UTC] USER=www-data EUID=0 PID=4130993 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: debezium_user
Node: worker-01
FQDN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-worker-01.fastorder.com -U debezium_user -d postgres
π Generating replicator client certificate for worker-01...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: replicator
Identifier: worker-01
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: worker-01
User (CN): replicator
Hostname: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:32:16 UTC] USER=www-data EUID=0 PID=4131156 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-replicator/ra_root.crt
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = replicator
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:32:17 UTC] USER=www-data EUID=0 PID=4131258 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:32:17 UTC] USER=www-data EUID=0 PID=4131278 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-replicator/replicator.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key
[2026-02-05 06:32:17 UTC] USER=www-data EUID=0 PID=4131288 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-replicator/replicator.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.crt
[2026-02-05 06:32:17 UTC] USER=www-data EUID=0 PID=4131298 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-replicator/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:18 UTC] USER=www-data EUID=0 PID=4131307 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:32:18 UTC] USER=www-data EUID=0 PID=4131320 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-replicator/replicator.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key.pkcs1
[2026-02-05 06:32:18 UTC] USER=www-data EUID=0 PID=4131329 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-replicator/replicator_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_der.key
[2026-02-05 06:32:18 UTC] USER=www-data EUID=0 PID=4131339 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-replicator/replicator_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_pk8.der
[2026-02-05 06:32:18 UTC] USER=www-data EUID=0 PID=4131350 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key
[2026-02-05 06:32:18 UTC] USER=www-data EUID=0 PID=4131402 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:18 UTC] USER=www-data EUID=0 PID=4131413 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:32:18 UTC] USER=www-data EUID=0 PID=4131424 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key
[2026-02-05 06:32:19 UTC] USER=www-data EUID=0 PID=4131435 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key.pkcs1
[2026-02-05 06:32:19 UTC] USER=www-data EUID=0 PID=4131459 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_der.key
[2026-02-05 06:32:19 UTC] USER=www-data EUID=0 PID=4131494 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_pk8.der
[2026-02-05 06:32:19 UTC] USER=www-data EUID=0 PID=4131522 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:19 UTC] USER=www-data EUID=0 PID=4131550 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:19 UTC] USER=www-data EUID=0 PID=4131683 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:19 UTC] USER=www-data EUID=0 PID=4131746 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:19 UTC] USER=www-data EUID=0 PID=4131783 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:19 UTC] USER=www-data EUID=0 PID=4131799 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:19 UTC] USER=www-data EUID=0 PID=4131816 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:20 UTC] USER=www-data EUID=0 PID=4131859 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt
[2026-02-05 06:32:20 UTC] USER=www-data EUID=0 PID=4131888 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:20 UTC] USER=www-data EUID=0 PID=4131951 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:32:20 UTC] USER=www-data EUID=0 PID=4132017 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key.pkcs1
[2026-02-05 06:32:20 UTC] USER=www-data EUID=0 PID=4132038 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/replicator_der.key
[2026-02-05 06:32:20 UTC] USER=www-data EUID=0 PID=4132050 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/replicator_pk8.der
[2026-02-05 06:32:20 UTC] USER=www-data EUID=0 PID=4132070 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:20 UTC] USER=www-data EUID=0 PID=4132085 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:20 UTC] USER=www-data EUID=0 PID=4132096 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:20 UTC] USER=www-data EUID=0 PID=4132106 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:20 UTC] USER=www-data EUID=0 PID=4132117 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:21 UTC] USER=www-data EUID=0 PID=4132129 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:21 UTC] USER=www-data EUID=0 PID=4132150 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key
[2026-02-05 06:32:21 UTC] USER=www-data EUID=0 PID=4132160 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt
[2026-02-05 06:32:21 UTC] USER=www-data EUID=0 PID=4132202 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:32:21 UTC] USER=www-data EUID=0 PID=4132212 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key.pkcs1
[2026-02-05 06:32:21 UTC] USER=www-data EUID=0 PID=4132233 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/replicator_pk8.der
[2026-02-05 06:32:22 UTC] USER=www-data EUID=0 PID=4132245 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:22 UTC] USER=www-data EUID=0 PID=4132258 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:22 UTC] USER=www-data EUID=0 PID=4132312 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:22 UTC] USER=www-data EUID=0 PID=4132323 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key
[2026-02-05 06:32:22 UTC] USER=www-data EUID=0 PID=4132359 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt
[2026-02-05 06:32:23 UTC] USER=www-data EUID=0 PID=4132387 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:32:23 UTC] USER=www-data EUID=0 PID=4132396 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key.pkcs1
[2026-02-05 06:32:23 UTC] USER=www-data EUID=0 PID=4132410 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/replicator_der.key
[2026-02-05 06:32:23 UTC] USER=www-data EUID=0 PID=4132426 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/replicator_pk8.der
[2026-02-05 06:32:23 UTC] USER=www-data EUID=0 PID=4132439 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:24 UTC] USER=www-data EUID=0 PID=4132449 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:24 UTC] USER=www-data EUID=0 PID=4132464 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:24 UTC] USER=www-data EUID=0 PID=4132476 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:24 UTC] USER=www-data EUID=0 PID=4132487 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:24 UTC] USER=www-data EUID=0 PID=4132496 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:24 UTC] USER=www-data EUID=0 PID=4132506 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key
[2026-02-05 06:32:24 UTC] USER=www-data EUID=0 PID=4132515 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt
[2026-02-05 06:32:24 UTC] USER=www-data EUID=0 PID=4132524 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:24 UTC] USER=www-data EUID=0 PID=4132534 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:32:24 UTC] USER=www-data EUID=0 PID=4132543 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key.pkcs1
[2026-02-05 06:32:24 UTC] USER=www-data EUID=0 PID=4132554 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator_der.key
[2026-02-05 06:32:25 UTC] USER=www-data EUID=0 PID=4132567 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator_pk8.der
[2026-02-05 06:32:25 UTC] USER=www-data EUID=0 PID=4132577 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:32:25 UTC] USER=www-data EUID=0 PID=4132590 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:32:25 UTC] USER=www-data EUID=0 PID=4132599 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:32:25 UTC] USER=www-data EUID=0 PID=4132608 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:32:25 UTC] USER=www-data EUID=0 PID=4132617 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:32:25 UTC] USER=www-data EUID=0 PID=4132630 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:32:25 UTC] USER=www-data EUID=0 PID=4132640 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:32:26 UTC] USER=www-data EUID=0 PID=4132709 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:32:26 UTC] USER=www-data EUID=0 PID=4132735 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: replicator
Node: worker-01
FQDN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-worker-01.fastorder.com -U replicator -d postgres
β
Replicator certificate generated for worker-01
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
π¦ Start executing 03-create-role.sh
π¦ Setting password for user: fastorder_admin_gd
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
β οΈ ~/.aws/credentials file not found
β οΈ Using environment-based AWS authentication
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Password Rotation via AWS Secrets Manager β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mEnvironment Configuration:[0m
[0;34m Service: web[0m
[0;34m Zone: universe[0m
[0;34m Environment: dev[0m
[0;34m Identifier: worker-01[0m
[0;34mAWS Secret: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd[0m
[0;34mConnection Info:[0m
[0;34m Socket Dir: /var/run/postgresql-web-universe-main-dev-worker-01[0m
[0;34m Port: 5432[0m
[0;34mTesting AWS Secrets Manager connectivity...[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;34mMethod 1 (PREFERRED): AWS Secrets Manager Rotation[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mThis method uses AWS Secrets Manager's built-in rotation:[0m
[0;34m β Zero-downtime (dual-password window)[0m
[0;34m β Automatic rollback on failure[0m
[0;34m β CloudTrail audit log[0m
[0;34m β CloudWatch metrics[0m
[0;34m β No secret exposure in scripts[0m
[0;34mNon-interactive mode: Proceeding with password rotation automatically[0m
[0;34mGenerating new secure password...[0m
[0;34mUser fastorder_admin_gd does not exist yet - skipping ALTER, will be created by calling script[0m
[0;32mβ Password generated for new user: fastorder_admin_gd[0m
[0;34mStoring password in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd[0m
βΉοΈ Setting PostgreSQL credentials in vault: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
βΉοΈ Setting secret in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
β
Secret updated: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
β
PostgreSQL credentials set in vault: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
[0;32mβ Password stored in AWS Secrets Manager[0m
[0;34mVerifying new credentials...[0m
[0;32mβ New credentials retrieved from AWS Secrets Manager[0m
[0;34mTesting PostgreSQL connection with new credentials...[0m
[0;32mβ PostgreSQL connection successful (socket authentication)[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;32mβ β Password Rotation Complete! β[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mSecret: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd[0m
[0;34mMethod: Direct Update (stored in AWS Secrets Manager)[0m
[0;34mStatus: Completed[0m
[0;34mTo retrieve credentials:[0m
[0;34m # Using Bash library[0m
[0;34m source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh[0m
[0;34m get_pg_credentials worker-01[0m
[0;34mAudit trail: AWS CloudTrail (for Secrets Manager operations)[0m
[0;32mβ Done![0m
π Retrieving password from vault with identifier: worker-01/fastorder_admin_gd
β Retrieved password from centralized secrets vault
π Using PostgreSQL host: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: fastorder_admin_gd
Identifier: worker-01
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: worker-01
User (CN): fastorder_admin_gd
Hostname: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:32:47 UTC] USER=www-data EUID=0 PID=4135505 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-worker-01-fastorder_admin_gd
[2026-02-05 06:32:47 UTC] USER=www-data EUID=0 PID=4135516 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-worker-01-fastorder_admin_gd/ra_root.crt
[2026-02-05 06:32:47 UTC] USER=www-data EUID=0 PID=4135543 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-fastorder_admin_gd/ra_root.crt
[2026-02-05 06:32:47 UTC] USER=www-data EUID=0 PID=4135559 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-fastorder_admin_gd/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = fastorder_admin_gd
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:32:48 UTC] USER=www-data EUID=0 PID=4135614 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:32:48 UTC] USER=www-data EUID=0 PID=4135631 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:32:48 UTC] USER=www-data EUID=0 PID=4135644 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-fastorder_admin_gd/fastorder_admin_gd.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key
[2026-02-05 06:32:48 UTC] USER=www-data EUID=0 PID=4135665 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-fastorder_admin_gd/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:48 UTC] USER=www-data EUID=0 PID=4135675 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:32:49 UTC] USER=www-data EUID=0 PID=4135692 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-fastorder_admin_gd/fastorder_admin_gd.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:32:49 UTC] USER=www-data EUID=0 PID=4135705 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-fastorder_admin_gd/fastorder_admin_gd_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key
[2026-02-05 06:32:49 UTC] USER=www-data EUID=0 PID=4135717 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-fastorder_admin_gd/fastorder_admin_gd_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der
[2026-02-05 06:32:49 UTC] USER=www-data EUID=0 PID=4135741 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:32:49 UTC] USER=www-data EUID=0 PID=4135750 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key
[2026-02-05 06:32:49 UTC] USER=www-data EUID=0 PID=4135759 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der
[2026-02-05 06:32:49 UTC] USER=www-data EUID=0 PID=4135773 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:49 UTC] USER=www-data EUID=0 PID=4135782 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:32:49 UTC] USER=www-data EUID=0 PID=4135793 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135802 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135812 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135821 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135830 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135841 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135871 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135884 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135898 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135907 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135919 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135932 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135943 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135952 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135961 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135970 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135979 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4135988 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der
[2026-02-05 06:32:50 UTC] USER=www-data EUID=0 PID=4136007 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:51 UTC] USER=www-data EUID=0 PID=4136033 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:51 UTC] USER=www-data EUID=0 PID=4136047 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:51 UTC] USER=www-data EUID=0 PID=4136065 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:51 UTC] USER=www-data EUID=0 PID=4136086 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:51 UTC] USER=www-data EUID=0 PID=4136107 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:51 UTC] USER=www-data EUID=0 PID=4136120 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key
[2026-02-05 06:32:51 UTC] USER=www-data EUID=0 PID=4136157 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt
[2026-02-05 06:32:51 UTC] USER=www-data EUID=0 PID=4136191 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:51 UTC] USER=www-data EUID=0 PID=4136271 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:32:51 UTC] USER=www-data EUID=0 PID=4136290 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key
[2026-02-05 06:32:51 UTC] USER=www-data EUID=0 PID=4136352 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der
[2026-02-05 06:32:52 UTC] USER=www-data EUID=0 PID=4136393 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:52 UTC] USER=www-data EUID=0 PID=4136463 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:52 UTC] USER=www-data EUID=0 PID=4136518 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:52 UTC] USER=www-data EUID=0 PID=4136564 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:52 UTC] USER=www-data EUID=0 PID=4136594 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:52 UTC] USER=www-data EUID=0 PID=4136618 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key
[2026-02-05 06:32:52 UTC] USER=www-data EUID=0 PID=4136655 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt
[2026-02-05 06:32:52 UTC] USER=www-data EUID=0 PID=4136688 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:53 UTC] USER=www-data EUID=0 PID=4136732 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:32:53 UTC] USER=www-data EUID=0 PID=4136743 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:32:53 UTC] USER=www-data EUID=0 PID=4136770 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key
[2026-02-05 06:32:53 UTC] USER=www-data EUID=0 PID=4136790 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der
[2026-02-05 06:32:53 UTC] USER=www-data EUID=0 PID=4136809 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:53 UTC] USER=www-data EUID=0 PID=4136830 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:53 UTC] USER=www-data EUID=0 PID=4136882 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:32:54 UTC] USER=www-data EUID=0 PID=4136923 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:54 UTC] USER=www-data EUID=0 PID=4137004 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:32:54 UTC] USER=www-data EUID=0 PID=4137083 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt
[2026-02-05 06:32:54 UTC] USER=www-data EUID=0 PID=4137111 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:32:54 UTC] USER=www-data EUID=0 PID=4137162 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:32:55 UTC] USER=www-data EUID=0 PID=4137221 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:32:55 UTC] USER=www-data EUID=0 PID=4137307 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:32:55 UTC] USER=www-data EUID=0 PID=4137513 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:32:55 UTC] USER=www-data EUID=0 PID=4137533 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:32:55 UTC] USER=www-data EUID=0 PID=4137544 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:32:55 UTC] USER=www-data EUID=0 PID=4137555 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:32:56 UTC] USER=www-data EUID=0 PID=4137572 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:32:56 UTC] USER=www-data EUID=0 PID=4137582 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:32:56 UTC] USER=www-data EUID=0 PID=4137592 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:32:56 UTC] USER=www-data EUID=0 PID=4137601 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:32:56 UTC] USER=www-data EUID=0 PID=4137635 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: fastorder_admin_gd
Node: worker-01
FQDN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-worker-01.fastorder.com -U fastorder_admin_gd -d postgres
𧱠Connecting via Unix socket to create role and database...
Socket: /var/run/postgresql-web-universe-main-dev-worker-01:5432
π¦ Creating role fastorder_admin_gd...
β
Role fastorder_admin_gd created
βΉοΈ Database fastorder_web_universe_main_dev_db already exists, skipping creation
[2026-02-05 06:32:56 UTC] USER=www-data EUID=0 PID=4137710 ACTION=passthru ARGS=sudo -u postgres psql -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc
GRANT
β
Role and DB created via SSL
π Adding user to pg_hba.conf for SSL access...
βΉοΈ Using pg_hba.conf: /data/postgresql/17/web-universe-main-dev/worker-01/pg_hba.conf
β
Added fastorder_admin_gd to pg_hba.conf
π Reloading PostgreSQL configuration...
[2026-02-05 06:32:57 UTC] USER=www-data EUID=0 PID=4137769 ACTION=passthru ARGS=systemctl reload postgresql@web-universe-main-dev-worker-01.service
β
PostgreSQL configuration reloaded
π§ͺ Testing connection for user: fastorder_admin_gd
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[0;34m=== Pre-flight Checks ===[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;32mβ[0m AWS Secrets Manager accessible
[0;34m=== Retrieving Credentials from AWS ===[0m
βΉοΈ Retrieving PostgreSQL credentials for: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
βΉοΈ Fetching secret: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
β
Retrieved from cache: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
β
PostgreSQL credentials loaded for worker-01/fastorder_admin_gd: fastorder_admin_gd@db-web-universe-main-dev-postgresql-worker-01.fastorder.com:5432/fastorder_web_universe_main_dev_db
[0;32mβ[0m Credentials retrieved: fastorder_admin_gd@db-web-universe-main-dev-postgresql-worker-01.fastorder.com:5432/fastorder_web_universe_main_dev_db
[0;34mββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Test Suite (AWS Secrets MGR) β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34m=== PostgreSQL Authentication Test ===[0m
[0;31mβ[0m PostgreSQL authentication failed
---- Error Details ----
psql: error: connection to server at "db-web-universe-main-dev-postgresql-worker-01.fastorder.com" (10.100.1.243), port 5432 failed: root certificate file "/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd/root.crt" does not exist
Either provide the file, use the system's trusted roots with sslrootcert=system, or change sslmode to disable server certificate verification.
----------------------
β User authentication test failed
π Password stored securely in AWS Secrets Manager
π Secret path: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
π¦ End executing 03-create-role.sh
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[2026-02-05 06:33:05 UTC] USER=www-data EUID=0 PID=4139054 ACTION=fsop ARGS=test -f /data/postgresql/17/web-universe-main-dev/worker-01/standby.signal
ββ fast setup βββββββββββββββββββββββββββββββββββββββββββββ
NAME : web-universe-main-dev
IDENTIFIER : worker-01
PG HOST : db-web-universe-main-dev-postgresql-worker-01.fastorder.com:5432
ROLE : debezium_user
DB : fastorder_web_universe_main_dev_db
SCHEMA : web
AUTH MODE : scram (scram=password over TLS | cert=mTLS)
SUBNET ALLOW: 10.201.0.0/16
CONNECT /32 : 142.93.238.16
SSL DIR : /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
DNS β 10.100.1.243
CA : /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
π Setting password for user: debezium_user
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
β οΈ ~/.aws/credentials file not found
β οΈ Using environment-based AWS authentication
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Password Rotation via AWS Secrets Manager β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mEnvironment Configuration:[0m
[0;34m Service: web[0m
[0;34m Zone: universe[0m
[0;34m Environment: dev[0m
[0;34m Identifier: worker-01[0m
[0;34mAWS Secret: fastorder/db/web/universe/main/dev/postgresql/worker-01/debezium_user[0m
[0;34mConnection Info:[0m
[0;34m Socket Dir: /var/run/postgresql-web-universe-main-dev-worker-01[0m
[0;34m Port: 5432[0m
[0;34mTesting AWS Secrets Manager connectivity...[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;34mMethod 1 (PREFERRED): AWS Secrets Manager Rotation[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mThis method uses AWS Secrets Manager's built-in rotation:[0m
[0;34m β Zero-downtime (dual-password window)[0m
[0;34m β Automatic rollback on failure[0m
[0;34m β CloudTrail audit log[0m
[0;34m β CloudWatch metrics[0m
[0;34m β No secret exposure in scripts[0m
[0;34mNon-interactive mode: Proceeding with password rotation automatically[0m
[0;34mGenerating new secure password...[0m
[0;34mUser debezium_user does not exist yet - skipping ALTER, will be created by calling script[0m
[0;32mβ Password generated for new user: debezium_user[0m
[0;34mStoring password in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/worker-01/debezium_user[0m
βΉοΈ Setting PostgreSQL credentials in vault: fastorder/db/web/universe/main/dev/postgresql/worker-01/debezium_user
βΉοΈ Setting secret in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/worker-01/debezium_user
β
Secret updated: fastorder/db/web/universe/main/dev/postgresql/worker-01/debezium_user
β
PostgreSQL credentials set in vault: fastorder/db/web/universe/main/dev/postgresql/worker-01/debezium_user
[0;32mβ Password stored in AWS Secrets Manager[0m
[0;34mVerifying new credentials...[0m
[0;32mβ New credentials retrieved from AWS Secrets Manager[0m
[0;34mTesting PostgreSQL connection with new credentials...[0m
[0;32mβ PostgreSQL connection successful (socket authentication)[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;32mβ β Password Rotation Complete! β[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mSecret: fastorder/db/web/universe/main/dev/postgresql/worker-01/debezium_user[0m
[0;34mMethod: Direct Update (stored in AWS Secrets Manager)[0m
[0;34mStatus: Completed[0m
[0;34mTo retrieve credentials:[0m
[0;34m # Using Bash library[0m
[0;34m source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh[0m
[0;34m get_pg_credentials worker-01[0m
[0;34mAudit trail: AWS CloudTrail (for Secrets Manager operations)[0m
[0;32mβ Done![0m
π Retrieving password from vault with identifier: worker-01/debezium_user
β Retrieved password from secrets vault
password : (stored in AWS Secrets Manager)
π TLS chain check...
π§ Ensuring role and grantsβ¦
βΉοΈ Role debezium_user exists, updating
[2026-02-05 06:33:16 UTC] USER=www-data EUID=0 PID=4140220 ACTION=passthru ARGS=sudo -u postgres psql -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc
ALTER ROLE
βΉοΈ Database fastorder_web_universe_main_dev_db already exists
[2026-02-05 06:33:17 UTC] USER=www-data EUID=0 PID=4140385 ACTION=passthru ARGS=sudo -u postgres psql -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d fastorder_web_universe_main_dev_db --no-psqlrc
CREATE SCHEMA
GRANT
GRANT
GRANT
GRANT
ALTER DEFAULT PRIVILEGES
β
Role/DB/grants ensured.
β οΈ Could not find pg_hba.conf (skipping HBA edits): /data/postgresql/17/web-universe-main-dev/worker-01/pg_hba.conf
π§ͺ Testing ROLE connection (scram)...
β
SCRAM+TLS probe OK
π Done.
π Creating replicator role for worker-01...
[WARN] Deadlock prevention library not found: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/01-install/steps/role/lib/pg-deadlock-prevention.sh
π Configuring AWS credentials...
β
Using permanent AWS credentials from /var/www/.aws/credentials
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
ββ replicator setup βββββββββββββββββββββββββββββββββββββββ
NAME : web-universe-main-dev
IDENTIFIER : worker-01
PG HOST : db-web-universe-main-dev-postgresql-worker-01.fastorder.com:5432
ROLE : replicator
SSL DIR : /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
DNS β 10.100.1.243
CA : /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
π TLS chain check...
π§ Ensuring replicator roleβ¦
π Checking AWS Secrets Manager for replicator password...
β
Retrieved replicator password from AWS Secrets Manager
βΉοΈ Temporarily disabling synchronous_commit to prevent replication deadlock...
NOTICE: Creating role: replicator with password
SET
CREATE ROLE
β
Replicator role ensured with password authentication.
βΉοΈ Password stored in: AWS Secrets Manager
Secret name: fastorder/db/web/universe/main/dev/postgresql/replicator
π MIGRATION PATH: Password β Certificate Authentication
Current: SCRAM-SHA-256 password auth (production-ready)
Future: Certificate-based auth (requires CA automation)
To migrate: Update pg_hba.conf rules from 'scram-sha-256' to 'cert clientcert=verify-full'
and configure standby to use SSL certificates instead of password
π Done.
β
Replicator role created for worker-01
[DEBUG] Tracking substep start: steps/01-install/steps/05-setup-service (RUN_UUID=e39355e5-fb86-4b73-875a-81a7159dab1b)
[INFO] π¦ 05 setup service...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βΉοΈ Service-specific setup (web) is handled by parent script
β
Step 5 completed (service setup delegated to 01-install/run.sh)
π DEBUG_CHECKPOINT_01: Starting service-specific steps for SERVICE=web
π DEBUG_CHECKPOINT_02: Checking for service-specific run.sh: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/01-install/steps/web/run.sh
π DEBUG_CHECKPOINT_03: Found service-specific run.sh for: web
[DEBUG] Tracking substep start: steps/01-install/steps/web (RUN_UUID=e39355e5-fb86-4b73-875a-81a7159dab1b)
[INFO] πΈ Service: web (service-specific)
π DEBUG_CHECKPOINT_04: Executing service-specific: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/01-install/steps/web/run.sh
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Web Service Schema Provisioning
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Service: web
[INFO] Zone: universe
[INFO] Branch: main
[INFO] Environment: dev
[INFO] Identifier: coordinator
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] π¦ Running: 01-init-schema.sh...
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βββββββββββββββββββββββββββββββββββββββ
Initializing config schema
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Identifier: coordinator
Database: fastorder_web_universe_main_dev_db
Host: db-web-universe-main-dev-postgresql.fastorder.com:5432
βββββββββββββββββββββββββββββββββββββββ
[INFO] Checking if config schema exists...
[INFO] Config schema already exists - checking tables...
[OK] Config schema with 3 tables already exists - skipping
[OK] β 01-init-schema.sh completed
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[OK] Web service schema provisioning complete
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ[0m β
Worker worker-01 setup completed
Skipping standbys (PG_WORKERS_STANDBY_NUM=0)
[0;32mβ[0m β
PostgreSQL installation completed
[0;34m[INFO][0m Discovering additional setup steps...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Executing step: 02-pg-bouncer.sh
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Setting up PgBouncer connection pooling...
[2026-02-05 06:33:28 UTC] USER=www-data EUID=0 PID=4142118 ACTION=fsop ARGS=rm -f /tmp/pgbouncer-ip.service /tmp/pgbouncer.service
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[0;32mβ [SECRETS][0m Centralized Secrets Manager library loaded (Purpose-Engine Pattern)
[0;34m[SECRETS][0m Functions: PostgreSQL (build_pg_secret_name, get/set_pg_credentials_to_vault, rotate_pg_password)
[0;34m[SECRETS][0m Search (build_es_secret_name, get/set_es_credentials_to_vault)
[0;34m[SECRETS][0m Backups (build_backup_path)
[0;34m[SECRETS][0m Docs: /var/www/html/skeleton.dev.fastorder.com/docs/FASTCTL_USAGE_GUIDE.md
[0;34m[INFO][0m Checking for existing PgBouncer application environment in topology β¦
[0;32m[OK][0m Using existing PgBouncer environment:
[0;34m[INFO][0m IP: 10.100.1.244
[0;34m[INFO][0m FQDN: db-web-universe-main-dev-postgresql-bouncer.fastorder.com
[0;34m[INFO][0m Domain: db-web-universe-main-dev-postgresql-bouncer.fastorder.com
[0;34m[INFO][0m Ensuring /etc/hosts entry for db-web-universe-main-dev-postgresql-bouncer.fastorder.com β¦
[0;32m[OK][0m /etc/hosts already contains entry for db-web-universe-main-dev-postgresql-bouncer.fastorder.com
[1;33m[WARN][0m IP 10.100.1.244 is assigned to multiple interfaces:
inet 10.100.1.242/32 scope global lo
valid_lft forever preferred_lft forever
inet 10.100.1.244/32 scope global lo:pgbouncer
--
inet 10.100.1.243/32 scope global eth0
valid_lft forever preferred_lft forever
inet 10.100.1.244/32 scope global eth0:244
[1;33m[WARN][0m This may cause routing issues
[0;34m[INFO][0m Final verification of /etc/hosts entry for db-web-universe-main-dev-postgresql-bouncer.fastorder.com β¦
[0;32m[OK][0m /etc/hosts correctly maps db-web-universe-main-dev-postgresql-bouncer.fastorder.com to 10.100.1.244
[0;32m[OK][0m PgBouncer IP 10.100.1.244 already correctly bound to lo:pgbouncer
[2026-02-05 06:33:30 UTC] USER=www-data EUID=0 PID=4142350 ACTION=passthru ARGS=systemctl daemon-reload
[2026-02-05 06:33:32 UTC] USER=www-data EUID=0 PID=4142470 ACTION=passthru ARGS=systemctl restart pgbouncer-ip@web-universe-main-dev.service
Job for pgbouncer-ip@web-universe-main-dev.service failed because the control process exited with error code.
See "systemctl status pgbouncer-ip@web-universe-main-dev.service" and "journalctl -xeu pgbouncer-ip@web-universe-main-dev.service" for details.
[2026-02-05 06:33:32 UTC] USER=www-data EUID=0 PID=4142480 ACTION=passthru ARGS=systemctl is-active --quiet pgbouncer-ip@web-universe-main-dev.service
[1;33m[WARN][0m pgbouncer-ip@web-universe-main-dev.service is not active
[1;33m[WARN][0m Check status: command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl status pgbouncer-ip@web-universe-main-dev.service
[2026-02-05 06:33:32 UTC] USER=www-data EUID=0 PID=4142528 ACTION=fsop ARGS=mkdir -p /etc/pgbouncer/web-universe-main-dev
[2026-02-05 06:33:32 UTC] USER=www-data EUID=0 PID=4142538 ACTION=fsop ARGS=mkdir -p /run/pgbouncer/web-universe-main-dev
[2026-02-05 06:33:32 UTC] USER=www-data EUID=0 PID=4142547 ACTION=fsop ARGS=mkdir -p /var/log/pgbouncer/web-universe-main-dev
[2026-02-05 06:33:32 UTC] USER=www-data EUID=0 PID=4142556 ACTION=fsop ARGS=chmod 750 /etc/pgbouncer/web-universe-main-dev
[2026-02-05 06:33:32 UTC] USER=www-data EUID=0 PID=4142586 ACTION=fsop ARGS=chown root:postgres /etc/pgbouncer/web-universe-main-dev
[2026-02-05 06:33:32 UTC] USER=www-data EUID=0 PID=4142595 ACTION=fsop ARGS=chown postgres:postgres /run/pgbouncer/web-universe-main-dev
[2026-02-05 06:33:32 UTC] USER=www-data EUID=0 PID=4142605 ACTION=fsop ARGS=chown postgres:postgres /var/log/pgbouncer/web-universe-main-dev
[0;34m[INFO][0m Generating pgbouncer_admin client certificates...
[0;34m[INFO][0m β³ This may take 30-60 seconds...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: pgbouncer_admin
Identifier: pgbouncer
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: pgbouncer
User (CN): pgbouncer_admin
Hostname: db-web-universe-main-dev-postgresql-bouncer.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:33:33 UTC] USER=www-data EUID=0 PID=4142823 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-pgbouncer-pgbouncer_admin
[2026-02-05 06:33:33 UTC] USER=www-data EUID=0 PID=4142844 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-pgbouncer-pgbouncer_admin/ra_root.crt
[2026-02-05 06:33:33 UTC] USER=www-data EUID=0 PID=4142887 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-pgbouncer-pgbouncer_admin/ra_root.key
[2026-02-05 06:33:33 UTC] USER=www-data EUID=0 PID=4142911 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-pgbouncer-pgbouncer_admin/ra_root.crt
[2026-02-05 06:33:33 UTC] USER=www-data EUID=0 PID=4142938 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-pgbouncer-pgbouncer_admin/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = pgbouncer_admin
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:33 UTC] USER=www-data EUID=0 PID=4143064 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:33 UTC] USER=www-data EUID=0 PID=4143083 ACTION=fsop ARGS=cp -f /tmp/pg-client-pgbouncer-pgbouncer_admin/pgbouncer_admin.key /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[2026-02-05 06:33:34 UTC] USER=www-data EUID=0 PID=4143121 ACTION=fsop ARGS=cp -f /tmp/pg-client-pgbouncer-pgbouncer_admin/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt
[2026-02-05 06:33:34 UTC] USER=www-data EUID=0 PID=4143145 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/ca.crt
[2026-02-05 06:33:34 UTC] USER=www-data EUID=0 PID=4143174 ACTION=fsop ARGS=cp -f /tmp/pg-client-pgbouncer-pgbouncer_admin/pgbouncer_admin.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1
[2026-02-05 06:33:34 UTC] USER=www-data EUID=0 PID=4143195 ACTION=fsop ARGS=cp -f /tmp/pg-client-pgbouncer-pgbouncer_admin/pgbouncer_admin_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_der.key
[2026-02-05 06:33:34 UTC] USER=www-data EUID=0 PID=4143214 ACTION=fsop ARGS=cp -f /tmp/pg-client-pgbouncer-pgbouncer_admin/pgbouncer_admin_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der
[2026-02-05 06:33:34 UTC] USER=www-data EUID=0 PID=4143224 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[2026-02-05 06:33:34 UTC] USER=www-data EUID=0 PID=4143234 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1
[2026-02-05 06:33:34 UTC] USER=www-data EUID=0 PID=4143245 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_der.key
[2026-02-05 06:33:34 UTC] USER=www-data EUID=0 PID=4143256 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der
[2026-02-05 06:33:34 UTC] USER=www-data EUID=0 PID=4143265 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt
[2026-02-05 06:33:34 UTC] USER=www-data EUID=0 PID=4143274 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:34 UTC] USER=www-data EUID=0 PID=4143283 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[2026-02-05 06:33:34 UTC] USER=www-data EUID=0 PID=4143292 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1
[2026-02-05 06:33:34 UTC] USER=www-data EUID=0 PID=4143309 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der
[2026-02-05 06:33:34 UTC] USER=www-data EUID=0 PID=4143319 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:35 UTC] USER=www-data EUID=0 PID=4143363 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:35 UTC] USER=www-data EUID=0 PID=4143377 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:33:35 UTC] USER=www-data EUID=0 PID=4143386 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:33:35 UTC] USER=www-data EUID=0 PID=4143395 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:35 UTC] USER=www-data EUID=0 PID=4143406 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:35 UTC] USER=www-data EUID=0 PID=4143415 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[2026-02-05 06:33:35 UTC] USER=www-data EUID=0 PID=4143424 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt
[2026-02-05 06:33:35 UTC] USER=www-data EUID=0 PID=4143433 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt
[2026-02-05 06:33:35 UTC] USER=www-data EUID=0 PID=4143451 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1
[2026-02-05 06:33:35 UTC] USER=www-data EUID=0 PID=4143461 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin_der.key
[2026-02-05 06:33:35 UTC] USER=www-data EUID=0 PID=4143472 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der
[2026-02-05 06:33:35 UTC] USER=www-data EUID=0 PID=4143483 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer β /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143494 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143503 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143512 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143521 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143530 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143539 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143548 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143557 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143567 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/ca.crt
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143579 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143601 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143611 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer β /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143621 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143630 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143639 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:33:36 UTC] USER=www-data EUID=0 PID=4143648 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:37 UTC] USER=www-data EUID=0 PID=4143658 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:37 UTC] USER=www-data EUID=0 PID=4143667 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[2026-02-05 06:33:37 UTC] USER=www-data EUID=0 PID=4143677 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt
[2026-02-05 06:33:37 UTC] USER=www-data EUID=0 PID=4143686 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt
[2026-02-05 06:33:37 UTC] USER=www-data EUID=0 PID=4143695 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/ca.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/ca.crt
[2026-02-05 06:33:37 UTC] USER=www-data EUID=0 PID=4143704 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1
[2026-02-05 06:33:37 UTC] USER=www-data EUID=0 PID=4143713 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin_der.key
[2026-02-05 06:33:37 UTC] USER=www-data EUID=0 PID=4143726 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der
[2026-02-05 06:33:37 UTC] USER=www-data EUID=0 PID=4143736 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer β /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:37 UTC] USER=www-data EUID=0 PID=4143755 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:33:37 UTC] USER=www-data EUID=0 PID=4143765 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:33:37 UTC] USER=www-data EUID=0 PID=4143775 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:38 UTC] USER=www-data EUID=0 PID=4143791 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:33:38 UTC] USER=www-data EUID=0 PID=4143816 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[2026-02-05 06:33:38 UTC] USER=www-data EUID=0 PID=4143829 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt
[2026-02-05 06:33:38 UTC] USER=www-data EUID=0 PID=4143838 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt
[2026-02-05 06:33:38 UTC] USER=www-data EUID=0 PID=4143847 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/ca.crt
[2026-02-05 06:33:38 UTC] USER=www-data EUID=0 PID=4143857 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1
[2026-02-05 06:33:38 UTC] USER=www-data EUID=0 PID=4143878 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der
[2026-02-05 06:33:38 UTC] USER=www-data EUID=0 PID=4143894 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer β /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:33:38 UTC] USER=www-data EUID=0 PID=4143907 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:33:38 UTC] USER=www-data EUID=0 PID=4143918 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:33:38 UTC] USER=www-data EUID=0 PID=4143927 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4143937 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
β
Symlinked client-key.pem
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4143960 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4143981 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4143995 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4144015 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: pgbouncer_admin
Node: pgbouncer
FQDN: db-web-universe-main-dev-postgresql-bouncer.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-bouncer.fastorder.com -U pgbouncer_admin -d postgres
[0;32m[OK][0m mTLS client certificate present: /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt
[0;34m[INFO][0m Creating symlinks to canonical certificates in /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend...
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4144037 ACTION=fsop ARGS=mkdir -p /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4144055 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.crt
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4144069 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /etc/ssl/private/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.key
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4144078 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/root.crt
[0;34m[INFO][0m Creating coordinator CA symlink for PostgreSQL server verification...
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4144087 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/coordinator-ca.crt
[0;34m[INFO][0m Verifying canonical certificate permissions...
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4144096 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4144105 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4144114 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4144123 ACTION=fsop ARGS=chown root:www-data /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[0;32m[OK][0m Backend certificate symlinks created in /etc/ssl
[0;32m[OK][0m Coordinator CA symlink created for server verification
[0;32m[OK][0m Certificates already in canonical location - no symlinks needed
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4144140 ACTION=fsop ARGS=test -r /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/server.crt
[2026-02-05 06:33:39 UTC] USER=www-data EUID=0 PID=4144160 ACTION=fsop ARGS=test -r /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/server.key
[2026-02-05 06:33:40 UTC] USER=www-data EUID=0 PID=4144189 ACTION=fsop ARGS=test -r /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/ca.crt
[2026-02-05 06:33:40 UTC] USER=www-data EUID=0 PID=4144213 ACTION=fsop ARGS=test -r /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/coordinator-ca.crt
[0;34m[INFO][0m PgBouncer will use PostgreSQL coordinator CA: /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/coordinator-ca.crt
[0;32m[OK][0m PostgreSQL coordinator at db-web-universe-main-dev-postgresql-coordinator.fastorder.com:5432 is reachable
[0;34m[INFO][0m Dumping SCRAM secrets from coordinator for PgBouncer auth_file β¦
[2026-02-05 06:33:40 UTC] USER=www-data EUID=0 PID=4144341 ACTION=fsop ARGS=cp /tmp/tmp.0TRQg4FLBZ /etc/pgbouncer/web-universe-main-dev/userlist.txt
[2026-02-05 06:33:40 UTC] USER=www-data EUID=0 PID=4144412 ACTION=fsop ARGS=chown postgres:postgres /etc/pgbouncer/web-universe-main-dev/userlist.txt
[0;32m[OK][0m Auth file written: /etc/pgbouncer/web-universe-main-dev/userlist.txt
[0;34m[INFO][0m Retrieved password from vault for pgbouncer_admin
[0;34m[INFO][0m Ensuring PgBouncer admin role 'pgbouncer_admin' exists in Postgres (coordinator) β¦
[0;32m[OK][0m Role pgbouncer_admin created/updated successfully
[0;34m[SECRETS][0m Setting credentials in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator/pgbouncer_admin
[0;32mβ [SECRETS][0m Credentials updated in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator/pgbouncer_admin
[0;34m[INFO][0m β
PgBouncer admin password stored in centralized secrets vault
[0;34m[INFO][0m Re-fetching SCRAM secrets after role creation to ensure pgbouncer_admin is included β¦
[2026-02-05 06:33:48 UTC] USER=www-data EUID=0 PID=4144844 ACTION=fsop ARGS=cp /tmp/tmp.D2vENhI7Dg /etc/pgbouncer/web-universe-main-dev/userlist.txt
[2026-02-05 06:33:48 UTC] USER=www-data EUID=0 PID=4144872 ACTION=fsop ARGS=chmod 640 /etc/pgbouncer/web-universe-main-dev/userlist.txt
[2026-02-05 06:33:48 UTC] USER=www-data EUID=0 PID=4144892 ACTION=fsop ARGS=chown postgres:postgres /etc/pgbouncer/web-universe-main-dev/userlist.txt
[0;32m[OK][0m Auth file updated with pgbouncer_admin SCRAM hash
[0;34m[INFO][0m Auth file contains [2026-02-05 06:33:48 UTC] USER=www-data EUID=0 PID=4144911 ACTION=passthru ARGS=bash -c wc -l < '/etc/pgbouncer/web-universe-main-dev/userlist.txt'
4 user(s)
[0;32m[OK][0m Admin 'pgbouncer_admin' password generated and saved
[0;34m[INFO][0m Configuring PostgreSQL to prevent Citus metadata sync hangs...
ALTER ROLE
[0;32m[OK][0m Disabled Citus metadata sync for pgbouncer_admin
[0;34m[INFO][0m Verifying application database fastorder_web_universe_main_dev_db exists...
[0;32m[OK][0m β Database fastorder_web_universe_main_dev_db exists
[0;34m[INFO][0m Granting permissions to pgbouncer_admin on fastorder_web_universe_main_dev_db...
GRANT
[0;32m[OK][0m β Granted CONNECT on fastorder_web_universe_main_dev_db to pgbouncer_admin
GRANT
[0;32m[OK][0m β Granted USAGE on schema public to pgbouncer_admin
GRANT
[0;32m[OK][0m β Granted SELECT on all tables to pgbouncer_admin
ALTER DATABASE
[0;32m[OK][0m Set synchronous_commit=local for fastorder_web_universe_main_dev_db
[0;34m[INFO][0m Ensuring pg_hba.conf entry for pgbouncer_admin β¦
[0;34m[INFO][0m Adding pg_hba.conf entries for pgbouncer_admin with cert auth β¦
[0;32m[OK][0m pg_hba.conf updated and PostgreSQL configuration reloaded
[2026-02-05 06:33:49 UTC] USER=unknown EUID=33 PID=4144970 ACTION=-u ARGS=postgres bash
ERROR: Invalid or unauthorized action: -u
[1;33m[WARN][0m pg_hba.conf entry may not have loaded correctly
[0;34m[INFO][0m Writing /etc/pgbouncer/web-universe-main-dev/pgbouncer.ini β¦
[2026-02-05 06:33:50 UTC] USER=www-data EUID=0 PID=4145176 ACTION=fsop ARGS=cp /tmp/tmp.WBC3nbmkN4 /etc/pgbouncer/web-universe-main-dev/pgbouncer.ini
[2026-02-05 06:33:50 UTC] USER=www-data EUID=0 PID=4145185 ACTION=fsop ARGS=chmod 640 /etc/pgbouncer/web-universe-main-dev/pgbouncer.ini
[2026-02-05 06:33:51 UTC] USER=www-data EUID=0 PID=4145194 ACTION=fsop ARGS=chown postgres:postgres /etc/pgbouncer/web-universe-main-dev/pgbouncer.ini
[2026-02-05 06:33:51 UTC] USER=www-data EUID=0 PID=4145205 ACTION=fsop ARGS=chown -R postgres:postgres /etc/pgbouncer/web-universe-main-dev /run/pgbouncer/web-universe-main-dev /var/log/pgbouncer/web-universe-main-dev
[0;32m[OK][0m pgbouncer.ini ready
[0;34m[INFO][0m Verifying TLS settings in pgbouncer.ini:
[2026-02-05 06:33:51 UTC] USER=www-data EUID=0 PID=4145224 ACTION=fsop ARGS=grep -E (client_tls_sslmode|server_tls) /etc/pgbouncer/web-universe-main-dev/pgbouncer.ini
client_tls_sslmode = verify-full
server_tls_sslmode = verify-full
server_tls_ca_file = /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/coordinator-ca.crt
server_tls_cert_file = /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.crt
server_tls_key_file = /etc/ssl/private/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.key
[0;34m[INFO][0m Verifying PgBouncer server certificate files:
[2026-02-05 06:33:51 UTC] USER=www-data EUID=0 PID=4145233 ACTION=fsop ARGS=test -r /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.crt
[0;32m[OK][0m Server cert readable by postgres: /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.crt
[2026-02-05 06:33:51 UTC] USER=www-data EUID=0 PID=4145242 ACTION=fsop ARGS=test -r /etc/ssl/private/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.key
[0;32m[OK][0m Server key readable by postgres: /etc/ssl/private/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.key
[0;34m[INFO][0m Verifying coordinator CA certificate:
[0;32m[OK][0m Coordinator CA readable by postgres: /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/coordinator-ca.crt
[0;34m[INFO][0m Preflight: stopping any conflicting PgBouncer on 6432 β¦
[2026-02-05 06:33:51 UTC] USER=www-data EUID=0 PID=4145260 ACTION=passthru ARGS=systemctl is-active --quiet pgbouncer.service
[2026-02-05 06:33:51 UTC] USER=www-data EUID=0 PID=4145272 ACTION=passthru ARGS=systemctl stop pgbouncer@web-universe-main-dev.service
permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.47/containers/json?all=1": dial unix /var/run/docker.sock: connect: permission denied
[2026-02-05 06:33:53 UTC] USER=www-data EUID=0 PID=4145512 ACTION=passthru ARGS=systemctl daemon-reload
[0;32m[OK][0m systemd unit installed: pgbouncer@web-universe-main-dev.service
[0;34m[INFO][0m Running pre-flight IP conflict check for 10.100.1.244:6432 β¦
[1;33m[WARN][0m IP conflict checker not found at /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/lib/check-ip-conflicts.sh
[1;33m[WARN][0m Skipping pre-flight check - conflicts may occur
[0;34m[INFO][0m Starting PgBouncer (web-universe-main-dev) β¦
[2026-02-05 06:33:55 UTC] USER=www-data EUID=0 PID=4145621 ACTION=passthru ARGS=systemctl restart pgbouncer@web-universe-main-dev.service
[2026-02-05 06:33:55 UTC] USER=www-data EUID=0 PID=4145634 ACTION=passthru ARGS=systemctl is-active --quiet pgbouncer@web-universe-main-dev.service
[0;32m[OK][0m Service ACTIVE
[0;34m[INFO][0m Verifying auth_file before probing β¦
/opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/02-pg-bouncer.sh: line 1264: [[: [2026-02-0506:33:55UTC]USER=www-dataEUID=0PID=4145648ACTION=passthruARGS=bash-cwc-l<'/etc/pgbouncer/web-universe-main-dev/userlist.txt': syntax error: operand expected (error token is "[2026-02-0506:33:55UTC]USER=www-dataEUID=0PID=4145648ACTION=passthruARGS=bash-cwc-l<'/etc/pgbouncer/web-universe-main-dev/userlist.txt'")
[0;34m[INFO][0m Auth file contains [2026-02-0506:33:55UTC]USER=www-dataEUID=0PID=4145648ACTION=passthruARGS=bash-cwc-l<'/etc/pgbouncer/web-universe-main-dev/userlist.txt' user(s)
[1;33m[WARN][0m Auth file does NOT contain pgbouncer_admin entry - authentication will fail
[0;34m[INFO][0m Probing admin console via SSL (psql to database 'pgbouncer') β¦
[0;34m[INFO][0m Retrieved password from vault for admin console probe
[0;32m[OK][0m Admin console reachable (SHOW POOLS OK)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Running Comprehensive PgBouncer Verification Tests
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Password extracted: WO0D2C0d7Z... (using postgres user certificates)
[0;34m[INFO][0m Test 1/7: Admin Console - SHOW POOLS
database | user | cl_active | cl_waiting | cl_active_cancel_req | cl_waiting_cancel_req | sv_active | sv_active_cancel | sv_being_canceled | sv_idle | sv_used | sv_tested | sv_login | maxwait | maxwait_us | pool_mode | load_balance_hosts
-----------+-----------+-----------+------------+----------------------+-----------------------+-----------+------------------+-------------------+---------+---------+-----------+----------+---------+------------+-----------+--------------------
pgbouncer | pgbouncer | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | statement |
(1 row)
[0;32m[OK][0m β SHOW POOLS: SUCCESS
[0;34m[INFO][0m Test 2/7: Admin Console - SHOW VERSION
[0;32m[OK][0m β SHOW VERSION: PgBouncer 1.24.1
[0;34m[INFO][0m Test 3/7: Admin Console - SHOW STATS
database | total_server_assignment_count | total_xact_count | total_query_count | total_received | total_sent | total_xact_time | total_query_time | total_wait_time | total_client_parse_count | total_server_parse_count | total_bind_count | avg_server_assignment_count | avg_xact_count | avg_query_count | avg_recv | avg_sent | avg_xact_time | avg_query_time | avg_wait_time | avg_client_parse_count | avg_server_parse_count | avg_bind_count
-----------+-------------------------------+------------------+-------------------+----------------+------------+-----------------+------------------+-----------------+--------------------------+--------------------------+------------------+-----------------------------+----------------+-----------------+----------+----------+---------------+----------------+---------------+------------------------+------------------------+----------------
pgbouncer | 0 | 4 | 4 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0
(1 row)
[0;32m[OK][0m β SHOW STATS: SUCCESS
[0;34m[INFO][0m Test 4/7: Admin Console - SHOW DATABASES
name | host | port | database | force_user | pool_size | min_pool_size | reserve_pool_size | server_lifetime | pool_mode | load_balance_hosts | max_connections | current_connections | max_client_connections | current_client_connections | paused | disabled
---------------------------------------------+---------------------------------------------------------------+------+------------------------------------+------------+-----------+---------------+-------------------+-----------------+-----------+--------------------+-----------------+---------------------+------------------------+----------------------------+--------+----------
fastorder_web_universe_main_dev_db | db-web-universe-main-dev-postgresql-coordinator.fastorder.com | 5432 | fastorder_web_universe_main_dev_db | | 100 | 0 | 20 | 3600 | | | 0 | 0 | 0 | 0 | 0 | 0
fastorder_web_universe_main_dev_db_worker_1 | pg-worker-01-web-universe-main-dev.fastorder.com | 5432 | fastorder_web_universe_main_dev_db | | 100 | 0 | 20 | 3600 | | | 0 | 0 | 0 | 0 | 0 | 0
fastorder_web_universe_main_dev_db_worker_2 | pg-worker-01-standby-01-web-universe-main-dev.fastorder.com | 5432 | fastorder_web_universe_main_dev_db | | 100 | 0 | 20 | 3600 | | | 0 | 0 | 0 | 0 | 0 | 0
fastorder_web_universe_main_dev_db_worker_3 | pg-worker-01-standby-02-web-universe-main-dev.fastorder.com | 5432 | fastorder_web_universe_main_dev_db | | 100 | 0 | 20 | 3600 | | | 0 | 0 | 0 | 0 | 0 | 0
fastorder_web_universe_main_dev_db_worker_4 | pg-worker-01-standby-03-web-universe-main-dev.fastorder.com | 5432 | fastorder_web_universe_main_dev_db | | 100 | 0 | 20 | 3600 | | | 0 | 0 | 0 | 0 | 0 | 0
pgbouncer | | 6432 | pgbouncer | pgbouncer | 2 | 0 | 0 | 3600 | statement | | 0 | 0 | 0 | 1 | 0 | 0
(6 rows)
[0;32m[OK][0m β SHOW DATABASES: SUCCESS
[0;34m[INFO][0m Test 5/7: Admin Console - SHOW CONFIG
[0;32m[OK][0m β SHOW CONFIG: SUCCESS
[0;34m[INFO][0m Key settings:
[0;34m[INFO][0m client_tls_sslmode = verify-full|disable|yes
[0;34m[INFO][0m max_client_conn = 2048|100|yes
[0;34m[INFO][0m pool_mode = transaction|session|yes
[0;34m[INFO][0m server_tls_sslmode = verify-full|prefer|yes
psql "host=db-web-universe-main-dev-postgresql-bouncer.fastorder.com port=6432 dbname=fastorder_web_universe_main_dev_db user=pgbouncer_admin password=WO0D2C0d7ZbIdk65D10y9TaD connect_timeout=5 sslmode=verify-full sslrootcert=/etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt sslcert=/etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt sslkey=/etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key" --no-psqlrc -Atc 'SELECT version();'
[0;34m[INFO][0m Test 6/7: Application Database - SELECT version()
[1;33m[WARN][0m β Application database query: FAILED (timeout or connection issue)
[1;33m[WARN][0m If Citus is not set up yet, run: ./setup/05-db/engine/postgresql/steps/03-citus-setup.sh
[0;34m[INFO][0m Test 7/8: Application Database - Connection Details
[1;33m[WARN][0m β Connection details: FAILED (timeout or connection issue)
[1;33m[WARN][0m If Citus is not set up yet, run: ./setup/05-db/engine/postgresql/steps/03-citus-setup.sh
[0;34m[INFO][0m Test 8/8: End-to-End Application Routing - Pool Verification
[0;34m[INFO][0m Running actual queries through PgBouncer to verify routing and pooling...
[1;33m[WARN][0m β End-to-end routing verification: FAILED - All 3 queries failed
[1;33m[WARN][0m If Citus is not set up yet, run: ./setup/05-db/engine/postgresql/steps/03-citus-setup.sh
[1;33m[WARN][0m Otherwise check if database fastorder_web_universe_main_dev_db exists and user pgbouncer_admin has permissions
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Verification Complete - Tests 1-5 PASSED (Admin console verified)
[1;33m[WARN][0m Tests 6-8 FAILED - Application database not accessible
[1;33m[WARN][0m This is expected if Citus is not set up yet
[1;33m[WARN][0m Run: ./setup/05-db/engine/postgresql/steps/03-citus-setup.sh
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32m[OK][0m PgBouncer is up for web-universe-main-dev
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Connection Examples
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Password stored in: AWS Secrets Manager (fastorder/db/web/ksa/main/dev/postgresqlweb/universe/main/dev/coordinator-pgbouncer_admin)
Current password: WO0D2C0d7ZbIdk65D10y9TaD
1. Admin Console (using IP address to avoid DNS/SSL issues):
psql "host=10.100.1.244 port=6432 dbname=pgbouncer sslkey=/etc/ssl/private/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.key sslcert=/etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.crt user=pgbouncer_admin password=WO0D2C0d7ZbIdk65D10y9TaD sslmode=verify-full sslrootcert=/etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/root.crt" --no-psqlrc -v ON_ERROR_STOP=1 -c "SHOW POOLS;"
2. Admin Console (using hostname):
psql "host=db-web-universe-main-dev-postgresql-bouncer.fastorder.com port=6432 dbname=pgbouncer sslkey=/etc/ssl/private/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.key sslcert=/etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.crt user=pgbouncer_admin password=WO0D2C0d7ZbIdk65D10y9TaD sslmode=verify-full sslrootcert=/etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/root.crt" --no-psqlrc -v ON_ERROR_STOP=1 -c "SHOW POOLS;"
3. Application Database:
psql "host=db-web-universe-main-dev-postgresql-bouncer.fastorder.com port=6432 dbname=fastorder_web_universe_main_dev_db sslkey=/etc/ssl/private/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.key sslcert=/etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.crt user=pgbouncer_admin password=WO0D2C0d7ZbIdk65D10y9TaD sslmode=verify-full sslrootcert=/etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/root.crt" --no-psqlrc -v ON_ERROR_STOP=1 -c "SHOW POOLS;"
4. Using .pgpass file:
echo "db-web-universe-main-dev-postgresql-bouncer.fastorder.com:6432:*:pgbouncer_admin:WO0D2C0d7ZbIdk65D10y9TaD" >> ~/.pgpass
chmod 600 ~/.pgpass
psql -h db-web-universe-main-dev-postgresql-bouncer.fastorder.com -p 6432 -U pgbouncer_admin -d fastorder_web_universe_main_dev_db
5. Retrieve password from vault:
source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
PGPASSWORD="$(get_pg_credentials_from_vault 'coordinator-pgbouncer_admin' 'password')" \
psql -h 10.100.1.244 -p 6432 -U pgbouncer_admin -d pgbouncer -c "SHOW POOLS;"
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Architecture
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β’ Default db 'fastorder_web_universe_main_dev_db' β Citus coordinator (db-web-universe-main-dev-postgresql-coordinator.fastorder.com)
β’ Worker access: 'fastorder_web_universe_main_dev_db_worker_1', 'fastorder_web_universe_main_dev_db_worker_2', β¦ (if exist)
β’ Client TLS: require (password auth) / verify-full (mTLS with certs)
β’ Server TLS: verify-full (PgBouncer validates PostgreSQL certs)
β’ Auth: SCRAM-SHA-256 via /etc/pgbouncer/web-universe-main-dev/userlist.txt
β’ Pool mode: transaction (stateless connections)
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Management
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Service Status:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl status pgbouncer@web-universe-main-dev.service
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl status pgbouncer-ip@web-universe-main-dev.service
Logs:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru journalctl -u pgbouncer@web-universe-main-dev.service -f
/usr/local/bin/fastorder-provisioning-wrapper.sh tail -f /var/log/pgbouncer/web-universe-main-dev/pgbouncer.log
Reload Config:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl reload pgbouncer@web-universe-main-dev.service
Restart:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl restart pgbouncer@web-universe-main-dev.service
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Files
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Config: /etc/pgbouncer/web-universe-main-dev/pgbouncer.ini
Auth file: /etc/pgbouncer/web-universe-main-dev/userlist.txt
Server cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/server.crt
Server key: /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/server.key
CA cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/ca.crt
PG CA: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt
Logs: /var/log/pgbouncer/web-universe-main-dev/pgbouncer.log
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Troubleshooting
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
If "SASL authentication failed":
1. Check auth file: /usr/local/bin/fastorder-provisioning-wrapper.sh cat /etc/pgbouncer/web-universe-main-dev/userlist.txt
2. Verify pgbouncer_admin is present with SCRAM hash
3. Get password from vault:
source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
get_pg_credentials_from_vault 'coordinator-pgbouncer_admin' 'password'
4. Reload PgBouncer: command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl reload pgbouncer@web-universe-main-dev.service
If "no pg_hba.conf entry":
1. Check pg_hba.conf on coordinator
2. Add rule: hostssl all pgbouncer_admin 10.100.1.244/32 cert clientcert=verify-full
3. Reload PostgreSQL
To add users to PgBouncer:
1. Create user in PostgreSQL with password
2. Re-run SCRAM dump:
psql "host=db-web-universe-main-dev-postgresql-coordinator.fastorder.com port=5432 dbname=postgres user=postgres \
sslmode=verify-full sslrootcert=/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt \
sslcert=/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt sslkey=/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key" \
-Atc "SELECT '\"' || rolname || '\" \"' || rolpassword || '\"' \
FROM pg_authid WHERE rolpassword LIKE 'SCRAM-SHA-256%' \
AND rolcanlogin ORDER BY rolname;" | command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh fsop tee /etc/pgbouncer/web-universe-main-dev/userlist.txt
3. Reload: command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl reload pgbouncer@web-universe-main-dev.service
[0;34m[INFO][0m Registering PgBouncer node to observability API...
[INFO] Detected 4-part identifier format
[INFO] Registering node via API
[INFO] Application: PgBouncer
[INFO] Identifier: web-universe-main-dev-pgbouncer
[INFO] Identifier Parent: postgresql
[INFO] IP: 10.100.1.244
[INFO] Port: 6432
[INFO] FQDN: db-web-universe-main-dev-postgresql-bouncer.fastorder.com
[INFO] Status: running
[INFO] Environment: web-universe-main-dev (service=web, zone=universe, branch=main, env=dev)
[INFO] Calling registration API: https://skeleton.dev.fastorder.com/api/obs/register
[SUCCESS] =========================================
[SUCCESS] Node registered successfully via API!
[SUCCESS] =========================================
[SUCCESS] Node UUID: fdc70c5f-615d-432f-8161-a7acd56ea9ed
[SUCCESS] Environment UUID: b9b5805b-8033-4d13-b5de-5df5c0dd562b
[SUCCESS] Dashboard: https:\/\/skeleton.dev.fastorder.com\/dashboard\/monitoring\/environment\/b9b5805b-8033-4d13-b5de-5df5c0dd562b
[0;32m[OK][0m PgBouncer node registered to observability API
[0;32mβ[0m β
PgBouncer setup completed
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Executing step: 03-citus-setup.sh
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CITUS DISTRIBUTED CLUSTER SETUP
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Phase 1: Installing Citus extension on workers...
[0;34m[INFO][0m Phase 2: Setting up coordinator and registering workers...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m π¦ PHASE 1: Installing Citus extension on 1 worker(s)...
[0;34m[INFO][0m β Worker 1/1: Installing Citus on worker-01...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CITUS CLUSTER SETUP
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m π§ Setting up Citus Worker...
[0;34m[INFO][0m Temporarily disabling synchronous replication for extension installation...
t
[0;34m[INFO][0m Installing Citus extension on worker...
[0;32m[OK][0m Citus extension installed on worker
[0;34m[INFO][0m Restoring synchronous replication settings...
t
[0;34m[INFO][0m Worker Citus extension installed - registration will happen when coordinator setup runs
[0;32m[OK][0m Citus setup complete for worker-01
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ[0m β
Citus extension installed on worker-01
[0;32mβ[0m β
Phase 1 Complete: All 1 workers have Citus extension installed
[0;34m[INFO][0m π§ PHASE 2: Setting up Citus coordinator and registering workers...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CITUS CLUSTER SETUP
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m π§ Setting up Citus Coordinator...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m DIAGNOSTIC: Configuration Variables
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m PG_WORKERS_NUM: 1
[0;34m[INFO][0m ENV_ID: web-universe-main-dev
[0;34m[INFO][0m DOMAIN: fastorder.com
[0;34m[INFO][0m PORT: 5432
[0;34m[INFO][0m SOCKET_DIR: /var/run/postgresql-web-universe-main-dev-coordinator
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Ensuring postgres client certificates exist for coordinator...
[0;32m[OK][0m Postgres client certificates already exist for coordinator
[0;34m[INFO][0m Adding citus_cert_map to coordinator pg_ident.conf...
[0;32m[OK][0m pg_ident.conf updated for coordinator
[0;34m[INFO][0m Installing Citus extension on coordinator...
[0;32m[OK][0m Citus extension installed on coordinator (postgres database)
[0;34m[INFO][0m Installing Citus extension on application database: fastorder_web_universe_main_dev_db...
[0;32m[OK][0m Citus extension installed on application database: fastorder_web_universe_main_dev_db
[0;34m[INFO][0m Configuring Citus SSL connection parameters...
[2026-02-05 06:34:46 UTC] USER=www-data EUID=0 PID=4151105 ACTION=passthru ARGS=systemctl reload postgresql@web-universe-main-dev-coordinator.service
[0;32m[OK][0m β
Citus SSL connection parameters configured: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[1;33m[WARN][0m Node not identified as coordinator, initializing...
[0;34m[INFO][0m Checking coordinator configuration...
[0;34m[INFO][0m Persisting citus.local_hostname to postgresql.conf...
[2026-02-05 06:34:49 UTC] USER=www-data EUID=0 PID=4151207 ACTION=passthru ARGS=sudo -u postgres grep -q ^citus.local_hostname /data/postgresql/17/web-universe-main-dev/coordinator/postgresql.conf
[2026-02-05 06:34:50 UTC] USER=www-data EUID=0 PID=4151237 ACTION=passthru ARGS=systemctl reload postgresql@web-universe-main-dev-coordinator.service
[0;32m[OK][0m β
citus.local_hostname persisted to config and reloaded
[0;34m[INFO][0m Configuring coordinator hostname in postgres database: db-web-universe-main-dev-postgresql-coordinator.fastorder.com:5432
[0;32m[OK][0m β
Coordinator hostname set to db-web-universe-main-dev-postgresql-coordinator.fastorder.com:5432 in postgres database
[0;34m[INFO][0m Checking coordinator configuration in application database: fastorder_web_universe_main_dev_db...
[0;34m[INFO][0m Configuring coordinator hostname in application database: db-web-universe-main-dev-postgresql-coordinator.fastorder.com:5432
[0;32m[OK][0m β
Coordinator hostname set to db-web-universe-main-dev-postgresql-coordinator.fastorder.com:5432 in application database
[0;34m[INFO][0m Validating coordinator configuration before worker registration...
[0;32m[OK][0m β
Coordinator hostname validated: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
[0;32m[OK][0m β
citus_tables view is accessible
[0;34m[INFO][0m Checking coordinator self-registration...
[0;32m[OK][0m β
Coordinator is already self-registered
[0;34m[INFO][0m Configuring coordinator shard placement policy...
[0;32m[OK][0m β
Coordinator already configured in postgres database (shouldhaveshards = false)
[0;32m[OK][0m β
Coordinator already configured in application database (shouldhaveshards = false)
[0;34m[INFO][0m Registering 1 worker(s) to Citus cluster...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m PRE-FLIGHT: Checking worker availability...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Checking worker worker-01...
[0;34m[INFO][0m FQDN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[0;32m[OK][0m β
Worker worker-01 is reachable via SSL
[0;32m[OK][0m All workers are reachable - proceeding with registration
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Adding Citus worker: db-web-universe-main-dev-postgresql-worker-01.fastorder.com:5432
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Adding citus_cert_map to worker-01 pg_ident.conf...
[0;32m[OK][0m pg_ident.conf updated for worker-01
[0;34m[INFO][0m Configuring worker worker-01 HBA for coordinator (10.100.1.54) access...
[0;32m[OK][0m Worker worker-01 HBA configured for coordinator (10.100.1.54)
[0;34m[INFO][0m Adding replication rules for 3 standby(s)...
[0;32m[OK][0m Replication rules added for worker-01
[0;34m[INFO][0m Reloading worker worker-01 to apply HBA changes...
[2026-02-05 06:34:58 UTC] USER=www-data EUID=0 PID=4152037 ACTION=passthru ARGS=systemctl reload postgresql@web-universe-main-dev-worker-01.service
[0;34m[INFO][0m Configuring coordinator HBA for worker worker-01 (10.100.1.243) access...
[0;32m[OK][0m Coordinator HBA configured for worker worker-01 (10.100.1.243)
[0;34m[INFO][0m Reloading coordinator to apply HBA changes...
[2026-02-05 06:34:59 UTC] USER=www-data EUID=0 PID=4152089 ACTION=passthru ARGS=systemctl reload postgresql@web-universe-main-dev-coordinator.service
[0;34m[INFO][0m Ensuring postgres client certificates exist for worker-01...
[0;32m[OK][0m Postgres client certificates already exist for worker-01
[0;34m[INFO][0m Configuring citus.node_conninfo on worker-01...
[2026-02-05 06:35:00 UTC] USER=www-data EUID=0 PID=4152136 ACTION=passthru ARGS=systemctl reload postgresql@web-universe-main-dev-worker-01.service
[0;32m[OK][0m citus.node_conninfo configured on worker-01
[0;34m[INFO][0m Temporarily relaxing sync-rep on worker worker-01...
t
[0;32m[OK][0m Worker worker-01 sync-rep relaxed (was: sync_commit=on)
[0;34m[INFO][0m Ensuring Citus extension on worker databases...
CREATE EXTENSION
CREATE EXTENSION
[0;34m[INFO][0m Running citus_add_node with 180s timeout...
2
[0;34m[INFO][0m Restoring worker worker-01 sync-rep settings...
t
[0;32m[OK][0m Worker worker-01 sync-rep restored
[0;32m[OK][0m β
Worker db-web-universe-main-dev-postgresql-worker-01.fastorder.com successfully added to Citus cluster
[0;34m[INFO][0m Node ID: 2
[0;34m[INFO][0m Registered in: postgres, fastorder_web_universe_main_dev_db
[0;32m[OK][0m Worker worker-01 registration successful
[0;34m[INFO][0m Configuring worker worker-01 shard placement policy...
[0;32m[OK][0m β
Worker worker-01 configured to hold shards in all databases
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m POST-REGISTRATION: Verifying cluster state...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Expected workers: 1
[0;34m[INFO][0m Registered workers: 1
[0;32m[OK][0m β
All 1 workers successfully registered!
[0;34m[INFO][0m Citus cluster configuration:
db-web-universe-main-dev-postgresql-coordinator.fastorder.com 5432 0 t primary f
db-web-universe-main-dev-postgresql-worker-01.fastorder.com 5432 1 t primary t
[0;34m[INFO][0m Note: groupid=0 is the coordinator, groupid>0 are workers
[0;34m[INFO][0m shouldhaveshards: false=query router only, true=holds data shards
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m FINAL VALIDATION: Verifying configuration persistence...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:35:15 UTC] USER=www-data EUID=0 PID=4152963 ACTION=passthru ARGS=sudo -u postgres grep -q ^citus.local_hostname /data/postgresql/17/web-universe-main-dev/coordinator/postgresql.conf
[0;32m[OK][0m β
citus.local_hostname persisted in postgresql.conf
[0;32m[OK][0m β
All 1 worker(s) successfully registered and verified
[0;32m[OK][0m β
All validation checks passed
[0;32m[OK][0m Citus coordinator setup complete
[0;32m[OK][0m Citus setup complete for coordinator
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ[0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ[0m β
CITUS CLUSTER SETUP COMPLETED SUCCESSFULLY
[0;32mβ[0m Coordinator: Ready and accepting connections
[0;32mβ[0m Workers registered: 1
[0;32mβ[0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Executing step: 05-backup-setup.sh
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Setting up coordinator backup...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] π Configuring backups for web-universe-main-dev...
[INFO] 1οΈβ£ Installing pgBackRest...
[INFO] β
pgBackRest already installed
[INFO] Version: pgBackRest 2.56.0
[INFO] 2οΈβ£ Creating backup directories...
[2026-02-05 06:35:24 UTC] USER=www-data EUID=0 PID=4153680 ACTION=fsop ARGS=mkdir -p /var/lib/pgbackrest/archive/web-universe-main-dev
[2026-02-05 06:35:24 UTC] USER=www-data EUID=0 PID=4153695 ACTION=fsop ARGS=mkdir -p /var/lib/pgbackrest/backup/web-universe-main-dev
[2026-02-05 06:35:24 UTC] USER=www-data EUID=0 PID=4153742 ACTION=fsop ARGS=mkdir -p /etc/pgbackrest
[2026-02-05 06:35:25 UTC] USER=www-data EUID=0 PID=4153756 ACTION=fsop ARGS=mkdir -p /etc/pgbackrest/conf.d
[2026-02-05 06:35:25 UTC] USER=www-data EUID=0 PID=4153774 ACTION=fsop ARGS=chown -R postgres:postgres /var/lib/pgbackrest
[2026-02-05 06:35:51 UTC] USER=www-data EUID=0 PID=4155201 ACTION=fsop ARGS=chown -R postgres:postgres /var/log/pgbackrest
[2026-02-05 06:35:52 UTC] USER=www-data EUID=0 PID=4155213 ACTION=fsop ARGS=chown -R postgres:postgres /etc/pgbackrest
[2026-02-05 06:35:52 UTC] USER=www-data EUID=0 PID=4155263 ACTION=fsop ARGS=chmod 750 /var/lib/pgbackrest/archive/web-universe-main-dev
[2026-02-05 06:35:52 UTC] USER=www-data EUID=0 PID=4155280 ACTION=fsop ARGS=chmod 750 /var/lib/pgbackrest/backup/web-universe-main-dev
[INFO] β
Backup directories created
[INFO] 3οΈβ£ Configuring pgBackRest for coordinator...
[INFO] Using existing cipher key from /etc/pgbackrest/.cipher-key-web-universe-main-dev
[2026-02-05 06:35:53 UTC] USER=www-data EUID=0 PID=4155304 ACTION=fsop ARGS=chmod 640 /etc/pgbackrest/pgbackrest.conf
[2026-02-05 06:35:53 UTC] USER=www-data EUID=0 PID=4155314 ACTION=fsop ARGS=chown postgres:postgres /etc/pgbackrest/pgbackrest.conf
[INFO] β
pgBackRest configuration created with shared cipher key
[INFO] 3οΈβ£.5οΈβ£ Cleaning up data directory...
[INFO] Removing old .backup.* files...
[2026-02-05 06:35:53 UTC] USER=www-data EUID=0 PID=4155323 ACTION=fsop ARGS=find /data/postgresql/17/web-universe-main-dev/coordinator -name *.backup.* -type f -delete
[INFO] Ensuring correct ownership...
[2026-02-05 06:35:53 UTC] USER=www-data EUID=0 PID=4155337 ACTION=fsop ARGS=chown -R postgres:postgres /data/postgresql/17/web-universe-main-dev/coordinator
[INFO] β
Data directory cleaned and permissions fixed
[INFO] 4οΈβ£ Creating pgBackRest spool directory...
[2026-02-05 06:35:53 UTC] USER=www-data EUID=0 PID=4155354 ACTION=fsop ARGS=mkdir -p /var/spool/pgbackrest
[2026-02-05 06:35:53 UTC] USER=www-data EUID=0 PID=4155363 ACTION=fsop ARGS=chown postgres:postgres /var/spool/pgbackrest
[2026-02-05 06:35:53 UTC] USER=www-data EUID=0 PID=4155373 ACTION=fsop ARGS=chmod 750 /var/spool/pgbackrest
[INFO] β
Spool directory created
[INFO] 4οΈβ£.5οΈβ£ Ensuring PostgreSQL coordinator is running...
[2026-02-05 06:35:53 UTC] USER=www-data EUID=0 PID=4155386 ACTION=passthru ARGS=sudo -u postgres test -f /data/postgresql/17/web-universe-main-dev/coordinator/PG_VERSION
[2026-02-05 06:35:53 UTC] USER=www-data EUID=0 PID=4155407 ACTION=passthru ARGS=systemctl is-active --quiet postgresql@web-universe-main-dev-coordinator.service
[INFO] β
Coordinator is already running
[INFO] 5οΈβ£ Initializing pgBackRest stanza...
[INFO] Stanza exists - verifying system-id consistency...
[INFO] β
Coordinator stanza web-universe-main-dev-coordinator already initialized and verified
[INFO] 6οΈβ£ Configuring WAL archiving in PostgreSQL...
[INFO] Updating coordinator postgresql.conf...
ALTER SYSTEM
ALTER SYSTEM
ALTER SYSTEM
ALTER SYSTEM
pg_reload_conf
----------------
t
(1 row)
[INFO] β
WAL archiving configured for coordinator
[INFO] 7οΈβ£ Restarting PostgreSQL to enable archive_mode...
[INFO] Stopping PostgreSQL...
[2026-02-05 06:35:56 UTC] USER=www-data EUID=0 PID=4155650 ACTION=passthru ARGS=systemctl stop postgresql@web-universe-main-dev-coordinator.service
[INFO] Starting PostgreSQL with archive_mode enabled...
[2026-02-05 06:35:59 UTC] USER=www-data EUID=0 PID=4156475 ACTION=passthru ARGS=systemctl start postgresql@web-universe-main-dev-coordinator.service
[INFO] β
PostgreSQL restarted successfully
[INFO] β
archive_mode is now enabled
[INFO] Verifying pgBackRest stanza with archive_mode enabled...
[2026-02-05 06:36:05 UTC] USER=www-data EUID=0 PID=4156724 ACTION=passthru ARGS=sudo -u postgres pgbackrest --stanza=web-universe-main-dev-coordinator --log-level-console=info check
2026-02-05 06:36:05.353 P00 INFO: check command begin 2.56.0: --exec-id=4156751-46d10f1a --log-level-console=info --log-level-file=debug --pg1-path=/data/postgresql/17/web-universe-main-dev/coordinator --pg1-port=5432 --pg1-socket-path=/var/run/postgresql-web-universe-main-dev-coordinator --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/var/lib/pgbackrest/backup/web-universe-main-dev --stanza=web-universe-main-dev-coordinator
2026-02-05 06:36:05.411 P00 INFO: check repo1 configuration (primary)
2026-02-05 06:36:05.471 P00 ERROR: [028]: backup and archive info files exist but do not match the database
HINT: is this the correct stanza?
HINT: did an error occur during stanza-upgrade?
2026-02-05 06:36:05.471 P00 INFO: check command end: aborted with exception [028]
[WARN] β οΈ Stanza verification failed - this may be normal if WAL archiving hasn't started yet
[WARN] The backup system is configured and will work once WAL segments are generated
[INFO] 8οΈβ£ Creating backup automation scripts...
[2026-02-05 06:36:06 UTC] USER=www-data EUID=0 PID=4156806 ACTION=fsop ARGS=chmod 755 /usr/local/bin/pgbackrest-diff-backup-web-universe-main-dev.sh
[INFO] β
Backup scripts created
[INFO] 9οΈβ£ Setting up cron jobs for automated backups...
[2026-02-05 06:36:06 UTC] USER=www-data EUID=0 PID=4156829 ACTION=fsop ARGS=chmod 644 /etc/cron.d/pgbackrest-web-universe-main-dev
[INFO] β
Cron jobs configured
[INFO] Schedule:
[INFO] - Full backup: Sundays at 2:00 AM
[INFO] - Differential backup: Mon-Sat at 2:00 AM
[INFO] π Creating restore documentation...
[2026-02-05 06:36:06 UTC] USER=www-data EUID=0 PID=4156852 ACTION=fsop ARGS=sed -i s|__STANZA_NAME__|web-universe-main-dev-coordinator|g /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[2026-02-05 06:36:06 UTC] USER=www-data EUID=0 PID=4156862 ACTION=fsop ARGS=sed -i s|__ENV_ID__|web-universe-main-dev|g /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[2026-02-05 06:36:07 UTC] USER=www-data EUID=0 PID=4156888 ACTION=fsop ARGS=chmod 644 /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[INFO] β
Restore documentation created at: /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[INFO] 1οΈβ£1οΈβ£ Taking first full backup...
[INFO] Verifying PostgreSQL coordinator service is active...
[INFO] Waiting for PostgreSQL to be ready...
[INFO] PostgreSQL coordinator is ready
[INFO] Initializing pgbackrest stanza...
2026-02-05 06:36:07.775 P00 INFO: start command begin 2.56.0: --exec-id=4156990-0e56be0b --log-level-console=info --log-level-file=debug --stanza=web-universe-main-dev-coordinator
[INFO] Upgrading stanza to match current PostgreSQL system-id...
2026-02-05 06:36:08.054 P00 INFO: stanza-upgrade command begin 2.56.0: --exec-id=4157017-8ab09e1d --log-level-console=info --log-level-file=debug --no-online --pg1-path=/data/postgresql/17/web-universe-main-dev/coordinator --pg1-port=5432 --pg1-socket-path=/var/run/postgresql-web-universe-main-dev-coordinator --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/var/lib/pgbackrest/backup/web-universe-main-dev --stanza=web-universe-main-dev-coordinator
2026-02-05 06:36:08.087 P00 INFO: stanza-upgrade for stanza 'web-universe-main-dev-coordinator' on repo1
2026-02-05 06:36:08.104 P00 INFO: stanza-upgrade command end: completed successfully (53ms)
[INFO] This may take a few minutes depending on database size...
[2026-02-05 06:36:08 UTC] USER=www-data EUID=0 PID=4157032 ACTION=fsop ARGS=touch /var/log/pgbackrest/initial-backup-20260205-063608.log
[2026-02-05 06:36:08 UTC] USER=www-data EUID=0 PID=4157042 ACTION=fsop ARGS=chown postgres:postgres /var/log/pgbackrest/initial-backup-20260205-063608.log
[2026-02-05 06:36:08 UTC] USER=www-data EUID=0 PID=4157059 ACTION=fsop ARGS=chmod 644 /var/log/pgbackrest/initial-backup-20260205-063608.log
[INFO] Running backup (timeout: 10 minutes)...
[2026-02-05 06:36:24 UTC] USER=www-data EUID=0 PID=4158142 ACTION=fsop ARGS=cp /tmp/pgbackrest-backup-4153515.log /var/log/pgbackrest/initial-backup-20260205-063608.log
[INFO] β
Initial full backup completed successfully
[INFO] Log: /var/log/pgbackrest/initial-backup-20260205-063608.log
2026-02-05 06:36:23.992 P00 INFO: repo1: remove expired backup 20260205-051721F
2026-02-05 06:36:24.029 P00 INFO: repo1: 17-2 remove archive, start = 000000010000000000000003, stop = 000000010000000000000005
2026-02-05 06:36:24.029 P00 INFO: repo1: 17-3 no archive to remove
2026-02-05 06:36:24.029 P00 INFO: repo1: 17-4 remove archive, start = 000000010000000000000003, stop = 000000010000000000000003
2026-02-05 06:36:24.030 P00 INFO: expire command end: completed successfully (47ms)
[INFO] Current backups:
stanza: web-universe-main-dev-coordinator
status: ok
cipher: aes-256-cbc
db (prior)
wal archive min/max (17): 000000010000000000000006/00000001000000000000000C
full backup: 20260205-051746F
timestamp start/stop: 2026-02-05 05:17:46+00 / 2026-02-05 05:17:48+00
wal start/stop: 000000010000000000000006 / 000000010000000000000006
database size: 33.5MB, database backup size: 33.5MB
repo1: backup set size: 5.4MB, backup size: 5.4MB
db (prior)
wal archive min/max (17): 000000010000000000000003/000000010000000000000009
full backup: 20260205-054801F
timestamp start/stop: 2026-02-05 05:48:01+00 / 2026-02-05 05:48:10+00
wal start/stop: 000000010000000000000003 / 000000010000000000000003
database size: 33.5MB, database backup size: 33.5MB
repo1: backup set size: 5.4MB, backup size: 5.4MB
full backup: 20260205-054825F
timestamp start/stop: 2026-02-05 05:48:25+00 / 2026-02-05 05:48:33+00
wal start/stop: 000000010000000000000006 / 000000010000000000000006
database size: 33.5MB, database backup size: 33.5MB
repo1: backup set size: 5.4MB, backup size: 5.4MB
db (current)
wal archive min/max (17): none present
full backup: 20260205-063608F
timestamp start/stop: 2026-02-05 06:36:08+00 / 2026-02-05 06:36:23+00
wal start/stop: 000000010000000000000004 / 000000010000000000000004
database size: 33.5MB, database backup size: 33.5MB
repo1: backup set size: 5.4MB, backup size: 5.4MB
[INFO] π Checking for worker configurations...
[INFO] βΉοΈ No worker identifier provided - skipping worker backup setup
[INFO] (Run with 'worker-01', 'worker-02', etc. to configure worker backups)
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] β
Backup setup complete!
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] β
Completed steps:
[INFO] 1. pgBackRest installed and configured
[INFO] 2. WAL archiving enabled (archive_mode=on)
[INFO] 3. PostgreSQL restarted with new settings
[INFO] 4. pgBackRest stanza initialized and verified
[INFO] 5. Initial full backup completed
[INFO] 6. Automated backup cron jobs configured
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Configuration Details:
[INFO] Coordinator:
[INFO] Stanza: web-universe-main-dev-coordinator
[INFO] Schedule: Full: Sun 2AM, Diff: Mon-Sat 2AM
[INFO] Common:
[INFO] Backup dir: /var/lib/pgbackrest/backup/web-universe-main-dev
[INFO] Archive dir: /var/lib/pgbackrest/archive/web-universe-main-dev
[INFO] Config: /etc/pgbackrest/pgbackrest.conf
[INFO] Restore guide: /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[INFO] Retention:
[INFO] Full backups: 4 (keep last 4 full backups)
[INFO] Differential: 4 (keep last 4 diff per full)
[INFO] Archive WAL: Auto-managed by pgBackRest
[INFO] Manual commands:
[INFO] Coordinator: sudo -u postgres pgbackrest --stanza=web-universe-main-dev-coordinator backup
[INFO] List all backups: sudo -u postgres pgbackrest info
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Setting up worker backups for 1 worker(s)...
[0;34m[INFO][0m Setting up backup for: worker-01
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] π Configuring backups for web-universe-main-dev...
[INFO] 1οΈβ£ Installing pgBackRest...
[INFO] β
pgBackRest already installed
[INFO] Version: pgBackRest 2.56.0
[INFO] 2οΈβ£ Creating backup directories...
[2026-02-05 06:36:24 UTC] USER=www-data EUID=0 PID=4158199 ACTION=fsop ARGS=mkdir -p /var/lib/pgbackrest/archive/web-universe-main-dev
[2026-02-05 06:36:24 UTC] USER=www-data EUID=0 PID=4158211 ACTION=fsop ARGS=mkdir -p /var/lib/pgbackrest/backup/web-universe-main-dev
[2026-02-05 06:36:24 UTC] USER=www-data EUID=0 PID=4158220 ACTION=fsop ARGS=mkdir -p /var/log/pgbackrest
[2026-02-05 06:36:24 UTC] USER=www-data EUID=0 PID=4158229 ACTION=fsop ARGS=mkdir -p /etc/pgbackrest
[2026-02-05 06:36:24 UTC] USER=www-data EUID=0 PID=4158238 ACTION=fsop ARGS=mkdir -p /etc/pgbackrest/conf.d
[2026-02-05 06:36:24 UTC] USER=www-data EUID=0 PID=4158247 ACTION=fsop ARGS=chown -R postgres:postgres /var/lib/pgbackrest
[2026-02-05 06:36:26 UTC] USER=www-data EUID=0 PID=4158357 ACTION=fsop ARGS=chown -R postgres:postgres /var/log/pgbackrest
[2026-02-05 06:36:26 UTC] USER=www-data EUID=0 PID=4158367 ACTION=fsop ARGS=chown -R postgres:postgres /etc/pgbackrest
[2026-02-05 06:36:26 UTC] USER=www-data EUID=0 PID=4158388 ACTION=fsop ARGS=chmod 750 /var/lib/pgbackrest/archive/web-universe-main-dev
[2026-02-05 06:36:26 UTC] USER=www-data EUID=0 PID=4158398 ACTION=fsop ARGS=chmod 750 /var/lib/pgbackrest/backup/web-universe-main-dev
[INFO] β
Backup directories created
[INFO] 3οΈβ£ Configuring pgBackRest for coordinator...
[INFO] Using existing cipher key from /etc/pgbackrest/.cipher-key-web-universe-main-dev
[2026-02-05 06:36:26 UTC] USER=www-data EUID=0 PID=4158419 ACTION=fsop ARGS=chmod 640 /etc/pgbackrest/pgbackrest.conf
[2026-02-05 06:36:26 UTC] USER=www-data EUID=0 PID=4158428 ACTION=fsop ARGS=chown postgres:postgres /etc/pgbackrest/pgbackrest.conf
[INFO] β
pgBackRest configuration created with shared cipher key
[INFO] 3οΈβ£.5οΈβ£ Cleaning up data directory...
[INFO] Removing old .backup.* files...
[2026-02-05 06:36:27 UTC] USER=www-data EUID=0 PID=4158437 ACTION=fsop ARGS=find /data/postgresql/17/web-universe-main-dev/coordinator -name *.backup.* -type f -delete
[INFO] Ensuring correct ownership...
[2026-02-05 06:36:27 UTC] USER=www-data EUID=0 PID=4158448 ACTION=fsop ARGS=chown -R postgres:postgres /data/postgresql/17/web-universe-main-dev/coordinator
[INFO] β
Data directory cleaned and permissions fixed
[INFO] 4οΈβ£ Creating pgBackRest spool directory...
[2026-02-05 06:36:27 UTC] USER=www-data EUID=0 PID=4158457 ACTION=fsop ARGS=mkdir -p /var/spool/pgbackrest
[2026-02-05 06:36:27 UTC] USER=www-data EUID=0 PID=4158480 ACTION=fsop ARGS=chmod 750 /var/spool/pgbackrest
[INFO] β
Spool directory created
[INFO] 4οΈβ£.5οΈβ£ Ensuring PostgreSQL coordinator is running...
[2026-02-05 06:36:27 UTC] USER=www-data EUID=0 PID=4158489 ACTION=passthru ARGS=sudo -u postgres test -f /data/postgresql/17/web-universe-main-dev/coordinator/PG_VERSION
[2026-02-05 06:36:27 UTC] USER=www-data EUID=0 PID=4158501 ACTION=passthru ARGS=systemctl is-active --quiet postgresql@web-universe-main-dev-coordinator.service
[INFO] β
Coordinator is already running
[INFO] 5οΈβ£ Initializing pgBackRest stanza...
[INFO] Stanza exists - verifying system-id consistency...
[INFO] β
Coordinator stanza web-universe-main-dev-coordinator already initialized and verified
[INFO] 6οΈβ£ Configuring WAL archiving in PostgreSQL...
[INFO] Updating coordinator postgresql.conf...
ALTER SYSTEM
ALTER SYSTEM
ALTER SYSTEM
ALTER SYSTEM
[INFO] β
WAL archiving configured for coordinator
[INFO] 7οΈβ£ Restarting PostgreSQL to enable archive_mode...
[INFO] Stopping PostgreSQL...
[2026-02-05 06:36:28 UTC] USER=www-data EUID=0 PID=4158635 ACTION=passthru ARGS=systemctl stop postgresql@web-universe-main-dev-coordinator.service
[INFO] Starting PostgreSQL with archive_mode enabled...
[2026-02-05 06:36:30 UTC] USER=www-data EUID=0 PID=4158731 ACTION=passthru ARGS=systemctl start postgresql@web-universe-main-dev-coordinator.service
[2026-02-05 06:36:34 UTC] USER=www-data EUID=0 PID=4159069 ACTION=passthru ARGS=systemctl is-active --quiet postgresql@web-universe-main-dev-coordinator.service
[INFO] β
PostgreSQL restarted successfully
[INFO] β
archive_mode is now enabled
[INFO] Verifying pgBackRest stanza with archive_mode enabled...
[2026-02-05 06:36:34 UTC] USER=www-data EUID=0 PID=4159104 ACTION=passthru ARGS=sudo -u postgres pgbackrest --stanza=web-universe-main-dev-coordinator --log-level-console=info check
2026-02-05 06:36:34.899 P00 INFO: check command begin 2.56.0: --exec-id=4159112-c4b23a2f --log-level-console=info --log-level-file=debug --pg1-path=/data/postgresql/17/web-universe-main-dev/coordinator --pg1-port=5432 --pg1-socket-path=/var/run/postgresql-web-universe-main-dev-coordinator --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/var/lib/pgbackrest/backup/web-universe-main-dev --stanza=web-universe-main-dev-coordinator
2026-02-05 06:36:34.959 P00 INFO: check repo1 configuration (primary)
2026-02-05 06:36:35.033 P00 INFO: check repo1 archive for WAL (primary)
2026-02-05 06:36:35.635 P00 INFO: WAL segment 000000010000000000000006 successfully archived to '/var/lib/pgbackrest/backup/web-universe-main-dev/archive/web-universe-main-dev-coordinator/17-4/0000000100000000/000000010000000000000006-c59b754a78ecbd245ab85c791037b762da78cea5.lz4' on repo1
2026-02-05 06:36:35.643 P00 INFO: check command end: completed successfully (759ms)
[INFO] β
Stanza verification passed
[INFO] 8οΈβ£ Creating backup automation scripts...
[2026-02-05 06:36:35 UTC] USER=www-data EUID=0 PID=4159182 ACTION=fsop ARGS=sed -i s|__STANZA_NAME__|web-universe-main-dev-coordinator|g /usr/local/bin/pgbackrest-full-backup-web-universe-main-dev.sh
[2026-02-05 06:36:35 UTC] USER=www-data EUID=0 PID=4159213 ACTION=fsop ARGS=chmod 755 /usr/local/bin/pgbackrest-full-backup-web-universe-main-dev.sh
[2026-02-05 06:36:36 UTC] USER=www-data EUID=0 PID=4159240 ACTION=fsop ARGS=sed -i s|__STANZA_NAME__|web-universe-main-dev-coordinator|g /usr/local/bin/pgbackrest-diff-backup-web-universe-main-dev.sh
[2026-02-05 06:36:36 UTC] USER=www-data EUID=0 PID=4159250 ACTION=fsop ARGS=chmod 755 /usr/local/bin/pgbackrest-diff-backup-web-universe-main-dev.sh
[INFO] β
Backup scripts created
[INFO] 9οΈβ£ Setting up cron jobs for automated backups...
[INFO] β
Cron jobs configured
[INFO] Schedule:
[INFO] - Full backup: Sundays at 2:00 AM
[INFO] - Differential backup: Mon-Sat at 2:00 AM
[INFO] π Creating restore documentation...
[2026-02-05 06:36:36 UTC] USER=www-data EUID=0 PID=4159290 ACTION=fsop ARGS=sed -i s|__STANZA_NAME__|web-universe-main-dev-coordinator|g /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[2026-02-05 06:36:36 UTC] USER=www-data EUID=0 PID=4159308 ACTION=fsop ARGS=sed -i s|__DATA_DIR__|/data/postgresql/17/web-universe-main-dev/coordinator|g /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[2026-02-05 06:36:36 UTC] USER=www-data EUID=0 PID=4159325 ACTION=fsop ARGS=chmod 644 /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[2026-02-05 06:36:36 UTC] USER=www-data EUID=0 PID=4159334 ACTION=fsop ARGS=chown postgres:postgres /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[INFO] β
Restore documentation created at: /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[INFO] 1οΈβ£1οΈβ£ Taking first full backup...
[INFO] Verifying PostgreSQL coordinator service is active...
[INFO] Waiting for PostgreSQL to be ready...
[INFO] PostgreSQL coordinator is ready
[INFO] Initializing pgbackrest stanza...
2026-02-05 06:36:37.017 P00 INFO: start command begin 2.56.0: --exec-id=4159366-e69bd95d --log-level-console=info --log-level-file=debug --stanza=web-universe-main-dev-coordinator
2026-02-05 06:36:37.018 P00 WARN: stop file does not exist for stanza web-universe-main-dev-coordinator
2026-02-05 06:36:37.018 P00 INFO: start command end: completed successfully (9ms)
[INFO] Upgrading stanza to match current PostgreSQL system-id...
2026-02-05 06:36:37.244 P00 INFO: stanza-upgrade command begin 2.56.0: --exec-id=4159396-ea57b616 --log-level-console=info --log-level-file=debug --no-online --pg1-path=/data/postgresql/17/web-universe-main-dev/coordinator --pg1-port=5432 --pg1-socket-path=/var/run/postgresql-web-universe-main-dev-coordinator --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/var/lib/pgbackrest/backup/web-universe-main-dev --stanza=web-universe-main-dev-coordinator
2026-02-05 06:36:37.245 P00 INFO: stanza-upgrade for stanza 'web-universe-main-dev-coordinator' on repo1
2026-02-05 06:36:37.246 P00 INFO: stanza 'web-universe-main-dev-coordinator' on repo1 is already up to date
2026-02-05 06:36:37.246 P00 INFO: stanza-upgrade command end: completed successfully (5ms)
[INFO] This may take a few minutes depending on database size...
[2026-02-05 06:36:37 UTC] USER=www-data EUID=0 PID=4159405 ACTION=fsop ARGS=touch /var/log/pgbackrest/initial-backup-20260205-063637.log
[2026-02-05 06:36:37 UTC] USER=www-data EUID=0 PID=4159425 ACTION=fsop ARGS=chown postgres:postgres /var/log/pgbackrest/initial-backup-20260205-063637.log
[2026-02-05 06:36:37 UTC] USER=www-data EUID=0 PID=4159434 ACTION=fsop ARGS=chmod 644 /var/log/pgbackrest/initial-backup-20260205-063637.log
[INFO] Running backup (timeout: 10 minutes)...
[2026-02-05 06:36:40 UTC] USER=www-data EUID=0 PID=4159611 ACTION=fsop ARGS=cp /tmp/pgbackrest-backup-4158167.log /var/log/pgbackrest/initial-backup-20260205-063637.log
[INFO] β
Initial full backup completed successfully
[INFO] Log: /var/log/pgbackrest/initial-backup-20260205-063637.log
2026-02-05 06:36:40.606 P00 INFO: repo1: remove expired backup 20260205-051746F
2026-02-05 06:36:40.662 P00 INFO: repo1: remove archive path /var/lib/pgbackrest/backup/web-universe-main-dev/archive/web-universe-main-dev-coordinator/17-2
2026-02-05 06:36:40.664 P00 INFO: repo1: 17-3 no archive to remove
2026-02-05 06:36:40.665 P00 INFO: repo1: 17-4 no archive to remove
2026-02-05 06:36:40.665 P00 INFO: expire command end: completed successfully (66ms)
[INFO] Current backups:
stanza: web-universe-main-dev-coordinator
status: ok
cipher: aes-256-cbc
db (prior)
wal archive min/max (17): 000000010000000000000003/000000010000000000000009
full backup: 20260205-054801F
timestamp start/stop: 2026-02-05 05:48:01+00 / 2026-02-05 05:48:10+00
wal start/stop: 000000010000000000000003 / 000000010000000000000003
database size: 33.5MB, database backup size: 33.5MB
repo1: backup set size: 5.4MB, backup size: 5.4MB
full backup: 20260205-054825F
timestamp start/stop: 2026-02-05 05:48:25+00 / 2026-02-05 05:48:33+00
wal start/stop: 000000010000000000000006 / 000000010000000000000006
database size: 33.5MB, database backup size: 33.5MB
repo1: backup set size: 5.4MB, backup size: 5.4MB
db (current)
wal archive min/max (17): 000000010000000000000004/000000010000000000000007
full backup: 20260205-063608F
timestamp start/stop: 2026-02-05 06:36:08+00 / 2026-02-05 06:36:23+00
wal start/stop: 000000010000000000000004 / 000000010000000000000004
database size: 33.5MB, database backup size: 33.5MB
repo1: backup set size: 5.4MB, backup size: 5.4MB
full backup: 20260205-063637F
timestamp start/stop: 2026-02-05 06:36:37+00 / 2026-02-05 06:36:40+00
wal start/stop: 000000010000000000000007 / 000000010000000000000007
database size: 33.5MB, database backup size: 33.5MB
repo1: backup set size: 5.4MB, backup size: 5.4MB
[INFO] π Checking for worker configurations...
[INFO] βΉοΈ No worker identifier provided - skipping worker backup setup
[INFO] (Run with 'worker-01', 'worker-02', etc. to configure worker backups)
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] β
Backup setup complete!
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] β
Completed steps:
[INFO] 1. pgBackRest installed and configured
[INFO] 2. WAL archiving enabled (archive_mode=on)
[INFO] 3. PostgreSQL restarted with new settings
[INFO] 4. pgBackRest stanza initialized and verified
[INFO] 5. Initial full backup completed
[INFO] 6. Automated backup cron jobs configured
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Configuration Details:
[INFO] Coordinator:
[INFO] Stanza: web-universe-main-dev-coordinator
[INFO] Schedule: Full: Sun 2AM, Diff: Mon-Sat 2AM
[INFO] Common:
[INFO] Backup dir: /var/lib/pgbackrest/backup/web-universe-main-dev
[INFO] Archive dir: /var/lib/pgbackrest/archive/web-universe-main-dev
[INFO] Config: /etc/pgbackrest/pgbackrest.conf
[INFO] Restore guide: /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[INFO] Retention:
[INFO] Full backups: 4 (keep last 4 full backups)
[INFO] Differential: 4 (keep last 4 diff per full)
[INFO] Archive WAL: Auto-managed by pgBackRest
[INFO] Manual commands:
[INFO] Coordinator: sudo -u postgres pgbackrest --stanza=web-universe-main-dev-coordinator backup
[INFO] List all backups: sudo -u postgres pgbackrest info
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ[0m β
Backup setup completed for coordinator and all workers
[0;34m[INFO][0m Skipping 06-distribute-tables-canary.sh (test script - set RUN_TESTS=true to enable)
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Executing step: 07-distribute-tables.sh
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:36:42 UTC] USER=unknown EUID=33 PID=4159719 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/metrics
[2026-02-05 06:36:43 UTC] USER=unknown EUID=33 PID=4159728 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/metrics
[2026-02-05 06:36:43 UTC] USER=unknown EUID=33 PID=4159736 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/audit
[2026-02-05 06:36:43 UTC] USER=unknown EUID=33 PID=4159743 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/audit
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CITUS TABLE DISTRIBUTION
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m π Secure connection established
[0;34m[INFO][0m Host: db-web-universe-main-dev-postgresql-coordinator.fastorder.com:5432
[0;34m[INFO][0m Database: fastorder_web_universe_main_dev_db
[0;34m[INFO][0m SSL: verify-full (TLS 1.2+)
[0;34m[INFO][0m Timeouts: statement=120s, idle_tx=300s
[0;34m[INFO][0m π Running preflight checks...
[0;34m[INFO][0m Testing database connectivity...
[0;32m[OK][0m β
Database connection successful
[0;32m[OK][0m β
Connected to correct database: fastorder_web_universe_main_dev_db
[0;34m[INFO][0m Checking Citus extension in database fastorder_web_universe_main_dev_db...
[0;32m[OK][0m Citus version: 13.2-1
[0;34m[INFO][0m Checking worker registration...
[0;32m[OK][0m Registered workers: 1
[0;34m[INFO][0m Worker nodes:
[0;34m[INFO][0m nodename | nodeport | isactive | noderole
[0;34m[INFO][0m -------------------------------------------------------------+----------+----------+----------
[0;34m[INFO][0m db-web-universe-main-dev-postgresql-worker-01.fastorder.com | 5432 | t | primary
[0;34m[INFO][0m (1 row)
[0;34m[INFO][0m
[0;34m[INFO][0m π Starting table distribution...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Distributing: auth.login_account
[0;34m[INFO][0m Description: User authentication table - distributed by region for tenant isolation
[0;34m[INFO][0m Shard key: region_hint
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m βοΈ Table does not exist, skipping
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32m[OK][0m β
All tables distributed successfully!
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m π Citus Cluster Summary:
[0;34m[INFO][0m Distributed tables:
[0;34m[INFO][0m table | type | shard_key | shards | size
[0;34m[INFO][0m -------+------+-----------+--------+------
[0;34m[INFO][0m (0 rows)
[0;34m[INFO][0m
[0;34m[INFO][0m Worker capacity:
[0;34m[INFO][0m worker | total_shards | total_size
[0;34m[INFO][0m --------+--------------+------------
[0;34m[INFO][0m (0 rows)
[0;34m[INFO][0m
[0;32m[OK][0m Citus table distribution complete
[0;34m[INFO][0m Skipping 08-distribute-tables-rollback.sh (rollback script - run manually only)
[0;34m[INFO][0m Skipping 09-distribute-tables-test.sh (test script - set RUN_TESTS=true to enable)
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Executing step: 10-setup-cdc.sh
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CDC PIPELINE SETUP (Debezium + Elasticsearch Sink)
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Log file: /var/log/fastorder/cdc/10-setup-cdc-*.log
[0;34m[INFO][0m Running CDC setup for identifier: coordinator
[2026-02-05 06:36:53] ==========================================
[2026-02-05 06:36:53] CDC SETUP SCRIPT STARTED
[2026-02-05 06:36:53] Log file: /var/log/fastorder/cdc/10-setup-cdc-20260205_063653.log
[2026-02-05 06:36:53] ==========================================
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[2026-02-05 06:36:55] βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:36:55] CDC Pipeline Setup (Debezium + ES Sink)
[2026-02-05 06:36:55] βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:36:55] Environment: web-universe-main-dev
[2026-02-05 06:36:55] Identifier: coordinator
[2026-02-05 06:36:55] Service: web
[2026-02-05 06:36:55] βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:36:55] π CDC_BASE_DIR exists: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/10-setup-cdc
[2026-02-05 06:36:55] Looking for service folder: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/10-setup-cdc/web
[2026-02-05 06:36:55]
[2026-02-05 06:36:55] π Found CDC configuration for service: web
[2026-02-05 06:36:55] Scanning for subservice directories in: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/10-setup-cdc/web
[2026-02-05 06:36:55] Found subservice: config, checking for steps at: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/10-setup-cdc/web/config/steps
[2026-02-05 06:36:55]
[2026-02-05 06:36:55] βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:36:55] Setting up CDC for: web/config
[2026-02-05 06:36:55] βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:36:55] Found 3 step script(s) in /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/10-setup-cdc/web/config/steps
[2026-02-05 06:36:55]
[2026-02-05 06:36:55] π§ Running: 01-setup-config-cdc.sh
[2026-02-05 06:36:55] Full path: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/10-setup-cdc/web/config/steps/01-setup-config-cdc.sh
[2026-02-05 06:36:55] Executing directly (script is executable)
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Config CDC Setup - Automatic Role Detection
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Service: web
[INFO] Zone: universe
[INFO] Branch: main
[INFO] Environment: dev
[INFO] Identifier: coordinator
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Service 'web' requires config.* schema
[INFO] CDC Role for web in zone universe: master
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] CONTROL PLANE MASTER (zone=universe)
[INFO] Setting up Debezium CDC Publisher
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Executing Debezium config setup...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Debezium Config CDC Master Setup
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Environment: web-universe-main-dev
[INFO] PostgreSQL Host: db-web-universe-main-dev-postgresql.fastorder.com
[INFO] Database: fastorder_web_universe_main_dev_db
[INFO] Connector: debezium-web-universe-main-dev-config
[INFO] Kafka Connect: eventbus-web-universe-main-dev-kafka-connect.fastorder.com:8083
[INFO] SSL Cert Dir: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator (on Kafka Connect host)
[INFO] SSL Key File: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der
[INFO] Topic Prefix: cdc.web_universe_main_dev
[INFO] Replication Slot: dbz_web_universe_main_dev_config
[INFO] Tables: config.public_defaults,config.feature_flags,config.config_version
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Step 1: Creating PostgreSQL publication for config tables...
[INFO] Creating publication: cdc_pub_web_config
CREATE PUBLICATION
[INFO] Setting REPLICA IDENTITY FULL for config tables...
ALTER TABLE
ALTER TABLE
ALTER TABLE
[INFO] Step 2: Creating replication slot...
[INFO] Creating replication slot: dbz_web_universe_main_dev_config
(dbz_web_universe_main_dev_config,0/800F3A8)
[INFO] Step 3: Registering Debezium connector with Kafka Connect...
[INFO] Creating new connector: debezium-web-universe-main-dev-config
[INFO] Sending connector configuration to Kafka Connect...
[ERROR] Failed to register Debezium connector
[ERROR] Response: {"error_code":400,"message":"Connector configuration is invalid and contains the following 1 error(s):\nError while validating connector config: FATAL: password authentication failed for user \"debezium_user\"\nYou can also find the above list of errors at the endpoint `/connector-plugins/{connectorType}/config/validate`"}
[ OK ] Debezium config CDC master setup complete
[INFO] No topology.json found at /opt/fastorder/state/web-universe-main-dev/topology.json - skipping merge
[INFO]
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Config CDC Setup Complete
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Service Capabilities: web-universe-main-dev
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Service: web
Zone: universe
Branch: main
Environment: dev
Config Schema: β
YES
Redis Cache: β
YES
CDC Role: master
CDC Master Configuration:
Debezium: debezium-web-universe-main-dev-config
Topic Prefix: cdc.web_universe_main_dev
Repl Slot: dbz_web_universe_main_dev_config
Tables: config.public_defaults,config.feature_flags,config.config_version
Required Schemas: config tenant dashboard environment resource service item company communication ai
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO]
[INFO] Log file: /var/log/fastorder/cdc/config-cdc-20260205_063655.log
[ OK ] Config CDC setup finished successfully
[2026-02-05 06:37:25] β
Completed: 01-setup-config-cdc.sh
[2026-02-05 06:37:25]
[2026-02-05 06:37:25] π§ Running: 02-setup-debezium-config.sh
[2026-02-05 06:37:25] Full path: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/10-setup-cdc/web/config/steps/02-setup-debezium-config.sh
[2026-02-05 06:37:25] Executing directly (script is executable)
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Debezium Config CDC Master Setup
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Environment: web-universe-main-dev
[INFO] PostgreSQL Host: db-web-universe-main-dev-postgresql.fastorder.com
[INFO] Database: fastorder_web_universe_main_dev_db
[INFO] Connector: debezium-web-universe-main-dev-config
[INFO] Kafka Connect: eventbus-web-universe-main-dev-kafka-connect.fastorder.com:8083
[INFO] SSL Cert Dir: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator (on Kafka Connect host)
[INFO] SSL Key File: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der
[INFO] Topic Prefix: cdc.web_universe_main_dev
[INFO] Replication Slot: dbz_web_universe_main_dev_config
[INFO] Tables: config.public_defaults,config.feature_flags,config.config_version
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Step 1: Creating PostgreSQL publication for config tables...
[INFO] Publication cdc_pub_web_config already exists
[INFO] Setting REPLICA IDENTITY FULL for config tables...
ALTER TABLE
ALTER TABLE
ALTER TABLE
[INFO] Step 2: Creating replication slot...
[INFO] Replication slot dbz_web_universe_main_dev_config already exists
[INFO] Step 3: Registering Debezium connector with Kafka Connect...
[INFO] Creating new connector: debezium-web-universe-main-dev-config
[INFO] Sending connector configuration to Kafka Connect...
[ERROR] Failed to register Debezium connector
[ERROR] Response: {"error_code":400,"message":"Connector configuration is invalid and contains the following 1 error(s):\nError while validating connector config: FATAL: password authentication failed for user \"debezium_user\"\nYou can also find the above list of errors at the endpoint `/connector-plugins/{connectorType}/config/validate`"}
[2026-02-05 06:37:48] β FAILED: 02-setup-debezium-config.sh (exit code: 1)
[2026-02-05 06:37:48] β CRITICAL: This is a required step for CDC pipeline. Aborting.
[0;31m[ERROR][0m β Database infrastructure (postgresql) setup failed with exit code: 1
β³ This step is pending and will execute after the previous steps complete successfully.
Loading logs...