Environment: Web Universe Main Dev on web-03
"{\"env\": \"dev\", \"zone\": \"universe\", \"branch\": \"main\", \"db_app\": \"postgresql\", \"service\": \"web\", \"db_enabled\": true, \"pg_standby\": 0, \"pg_workers\": 1, \"description\": \"\", \"iam_enabled\": false, \"worker_1_ip\": \"\", \"eventbus_app\": \"kafka\", \"worker_1_fqdn\": \"db-web-universe-main-dev-postgresql-worker-01.fastorder.com\", \"search_enabled\": false, \"eventbus_enabled\": true, \"postgresql_enabled\": true, \"postgresql_run_verification\": true}"
This job encountered an error. You can restart from the failed step.
This job has been restarted. You are viewing an older attempt. The logs and status shown below are from the latest retry.
This job failed at one of the steps below. You can resume from where it failed to save time and avoid re-running successful steps.
β³ This step is pending and will execute after the previous steps complete successfully.
Loading logs...β³ This step is pending and will execute after the previous steps complete successfully.
Loading logs...β³ This step is pending and will execute after the previous steps complete successfully.
Loading logs...β³ This step is pending and will execute after the previous steps complete successfully.
Loading logs...β³ This step is pending and will execute after the previous steps complete successfully.
Loading logs...β³ This step is pending and will execute after the previous steps complete successfully.
Loading logs...[0;34m[INFO][0m Using eventbus engine from EVENTBUS_ENGINE environment variable: kafka
[0;34m[INFO][0m Cleaning up any existing locks...
[0;32m[1mStarting eventbus engine: kafka[0m
[1;33mβββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34m[INFO][0m Using environment from web interface: web-universe-main-dev
[0;32m[2026-02-05 06:44:21][0m Using web-provided environment: web-universe-main-dev
[0;32m[2026-02-05 06:44:21][0m Service: web, Zone: universe, Branch: main, Env: dev
[0;32mβ[0m Environment initialized successfully (mode: general)
[0;34m[INFO][0m Starting Kafka setup process...
[0;34m[INFO][0m Steps directory: /opt/fastorder/bash/scripts/env_app_setup/setup/04-eventbus/engine/kafka/steps
[0;34m[INFO][0m Environment: web-universe-main-dev
[0;34m[INFO][0m Found 13 step(s) to execute
[0;34m[INFO][0m π¦ Step 1/13: install debezium connector...
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Fetching latest versions from Maven Central...
Installing Debezium PostgreSQL Connector
Debezium version: 3.4.1.Final
pgjdbc version: 42.7.9
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[OK] Debezium 3.4.1.Final with pgjdbc 42.7.9 already installed
[0;32m[OK][0m β
Step 1 completed: 00-install-debezium-connector.sh
[0;34m[INFO][0m π¦ Step 2/13: kafka setup...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
π Configuring AWS credentials for secrets vault...
β
Using permanent AWS credentials from /home/ab/.aws/credentials
π§Ή Checking for orphaned Kafka processes on ports 9092, 9093, 8083...
β οΈ Found process on port 9092 (PIDs: [2026-02-05 06:44:22 UTC] USER=www-data EUID=0 PID=2780 ACTION=passthru ARGS=bash -c lsof -ti tcp:9092 2>/dev/null || true
4146626
4147841
4147842
4147843
4147844
4152126
4152738
4163713), killing...
[2026-02-05 06:44:23 UTC] USER=www-data EUID=0 PID=2797 ACTION=passthru ARGS=bash -c kill -9 [2026-02-05 06:44:22 UTC] USER=www-data EUID=0 PID=2780 ACTION=passthru ARGS=bash -c lsof -ti tcp:9092 2>/dev/null || true
4146626
4147841
4147842
4147843
4147844
4152126
4152738
4163713 2>/dev/null || true
/usr/bin/bash: line 2: 4146626: command not found
/usr/bin/bash: line 3: 4147841: command not found
/usr/bin/bash: line 4: 4147842: command not found
/usr/bin/bash: line 5: 4147843: command not found
/usr/bin/bash: line 6: 4147844: command not found
/usr/bin/bash: line 7: 4152126: command not found
/usr/bin/bash: line 8: 4152738: command not found
β οΈ Found process on port 9093 (PIDs: [2026-02-05 06:44:24 UTC] USER=www-data EUID=0 PID=2851 ACTION=passthru ARGS=bash -c lsof -ti tcp:9093 2>/dev/null || true
4147687
4147841
4147843
4163713), killing...
[2026-02-05 06:44:24 UTC] USER=www-data EUID=0 PID=2863 ACTION=passthru ARGS=bash -c kill -9 [2026-02-05 06:44:24 UTC] USER=www-data EUID=0 PID=2851 ACTION=passthru ARGS=bash -c lsof -ti tcp:9093 2>/dev/null || true
4147687
4147841
4147843
4163713 2>/dev/null || true
/usr/bin/bash: line 2: 4147687: command not found
/usr/bin/bash: line 3: 4147841: command not found
/usr/bin/bash: line 4: 4147843: command not found
β οΈ Found process on port 8083 (PIDs: [2026-02-05 06:44:25 UTC] USER=www-data EUID=0 PID=2918 ACTION=passthru ARGS=bash -c lsof -ti tcp:8083 2>/dev/null || true
4146626
4147842
4147844), killing...
[2026-02-05 06:44:25 UTC] USER=www-data EUID=0 PID=2930 ACTION=passthru ARGS=bash -c kill -9 [2026-02-05 06:44:25 UTC] USER=www-data EUID=0 PID=2918 ACTION=passthru ARGS=bash -c lsof -ti tcp:8083 2>/dev/null || true
4146626
4147842
4147844 2>/dev/null || true
/usr/bin/bash: line 2: 4146626: command not found
/usr/bin/bash: line 3: 4147842: command not found
β
Port cleanup completed
Ensuring KAFKA application environment for coordinator...
[0;34m[INFO][0m Using existing KAFKA environment: eventbus-web-universe-main-dev-kafka-connect.fastorder.com (10.100.1.75)
Ensuring KAFKA_BROKER_IP application environment for coordinator...
[0;34m[INFO][0m Using existing KAFKA BROKER environment: eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com (10.100.1.225)
[0;34m[INFO][0m Kafka Broker IP: 10.100.1.225
[0;34m[INFO][0m Kafka Connect IP: 10.100.1.75
[0;34m[INFO][0m Registered /etc/hosts: eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com -> 10.100.1.225
[0;34m[INFO][0m Registered /etc/hosts: eventbus-web-universe-main-dev-kafka-connect.fastorder.com -> 10.100.1.75
π Initializing keystore passwords...
[0;34m[INFO][0m π Checking secrets backend (provider: aws)...
[0;32mβ
Retrieved passwords from remote backend[0m
[0;34m[INFO][0m β
Using existing passwords from backend
β
Keystore passwords initialized
- Keystore password: HGvJkWmj... (32 chars)
- Truststore password: sZRdI2nT... (32 chars)
[0;34m[INFO][0m π Vaulting kafka passwords to remote backend...
[0;32mβ
Passwords vaulted to remote backend[0m
β
Kafka keystore passwords saved to AWS Secrets Manager
[INFO] Generating for: web-universe-main-dev (host=eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com ip=10.100.1.225)
[2026-02-05 06:44:32 UTC] USER=www-data EUID=0 PID=3246 ACTION=fsop ARGS=rm -rf /opt/kafka/secrets/web-universe-main-dev/coordinator /data/kafka/web-universe-main-dev/coordinator
[2026-02-05 06:44:32 UTC] USER=www-data EUID=0 PID=3261 ACTION=fsop ARGS=mkdir -p /opt/kafka/secrets/web-universe-main-dev/coordinator /opt/kafka/config/web-universe-main-dev/coordinator /opt/kafka/secrets/web-universe-main-dev/coordinator/pem /data/kafka/web-universe-main-dev_coordinator-data
[2026-02-05 06:44:32 UTC] USER=www-data EUID=0 PID=3291 ACTION=fsop ARGS=chown -R kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator
[2026-02-05 06:44:32 UTC] USER=www-data EUID=0 PID=3313 ACTION=fsop ARGS=chown -R kafka:kafka /opt/kafka/config/web-universe-main-dev/coordinator /data/kafka/web-universe-main-dev_coordinator-data
[2026-02-05 06:44:32 UTC] USER=www-data EUID=0 PID=3391 ACTION=fsop ARGS=chmod 770 /opt/kafka/config/web-universe-main-dev/coordinator /data/kafka/web-universe-main-dev_coordinator-data
[2026-02-05 06:44:32 UTC] USER=www-data EUID=0 PID=3400 ACTION=fsop ARGS=chmod 750 /opt/kafka/secrets/web-universe-main-dev/coordinator
[2026-02-05 06:44:32 UTC] USER=www-data EUID=0 PID=3410 ACTION=fsop ARGS=chmod 750 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
[2026-02-05 06:44:32 UTC] USER=www-data EUID=0 PID=3420 ACTION=fsop ARGS=chmod 700 /tmp/fo-tls.UcXAEW
[2026-02-05 06:44:32 UTC] USER=www-data EUID=0 PID=3429 ACTION=fsop ARGS=chmod 755 /tmp/fo-tls.UcXAEW
[2026-02-05 06:44:32 UTC] USER=www-data EUID=0 PID=3438 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/fo-tls.UcXAEW/ra_root.crt
[2026-02-05 06:44:32 UTC] USER=www-data EUID=0 PID=3447 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/fo-tls.UcXAEW/ra_root.key
[2026-02-05 06:44:32 UTC] USER=www-data EUID=0 PID=3456 ACTION=fsop ARGS=chmod 644 /tmp/fo-tls.UcXAEW/ra_root.crt
[2026-02-05 06:44:32 UTC] USER=www-data EUID=0 PID=3466 ACTION=fsop ARGS=chmod 644 /tmp/fo-tls.UcXAEW/ra_root.key
Certificate was added to keystore
[2026-02-05 06:44:33 UTC] USER=www-data EUID=0 PID=3503 ACTION=fsop ARGS=mv /tmp/fo-tls.UcXAEW/truststore.jks /opt/kafka/secrets/web-universe-main-dev/coordinator/truststore.jks
[2026-02-05 06:44:33 UTC] USER=www-data EUID=0 PID=3517 ACTION=fsop ARGS=chown kafka:kafka /opt/kafka/secrets/web-universe-main-dev/coordinator/truststore.jks
[2026-02-05 06:44:33 UTC] USER=www-data EUID=0 PID=3526 ACTION=fsop ARGS=chmod 0640 /opt/kafka/secrets/web-universe-main-dev/coordinator/truststore.jks
Generating 4,096 bit RSA key pair and self-signed certificate (SHA384withRSA) with a validity of 825 days
for: CN=eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com, OU=Kafka Broker, O=FastOrder, C=AE
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /tmp/fo-tls.UcXAEW/kafka.server.keystore.jks -destkeystore /tmp/fo-tls.UcXAEW/kafka.server.keystore.jks -deststoretype pkcs12".
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /tmp/fo-tls.UcXAEW/kafka.server.keystore.jks -destkeystore /tmp/fo-tls.UcXAEW/kafka.server.keystore.jks -deststoretype pkcs12".
Certificate request self-signature ok
subject=C = AE, O = FastOrder, OU = Kafka Broker, CN = eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com
Certificate was added to keystore
Warning:
Certificate reply was installed in keystore
Warning:
[2026-02-05 06:44:36 UTC] USER=www-data EUID=0 PID=3706 ACTION=fsop ARGS=mv /tmp/fo-tls.UcXAEW/kafka.server.keystore.jks /opt/kafka/secrets/web-universe-main-dev/coordinator/kafka.server.keystore.jks
[2026-02-05 06:44:36 UTC] USER=www-data EUID=0 PID=3715 ACTION=fsop ARGS=chown kafka:kafka /opt/kafka/secrets/web-universe-main-dev/coordinator/kafka.server.keystore.jks
[2026-02-05 06:44:36 UTC] USER=www-data EUID=0 PID=3724 ACTION=fsop ARGS=chmod 0640 /opt/kafka/secrets/web-universe-main-dev/coordinator/kafka.server.keystore.jks
Generating 4,096 bit RSA key pair and self-signed certificate (SHA384withRSA) with a validity of 825 days
for: CN=eventbus-web-universe-main-dev-kafka-connect.fastorder.com, OU=Kafka Connect REST, O=FastOrder, C=AE
Certificate request self-signature ok
subject=C = AE, O = FastOrder, OU = Kafka Connect REST, CN = eventbus-web-universe-main-dev-kafka-connect.fastorder.com
Certificate was added to keystore
Certificate reply was installed in keystore
[2026-02-05 06:44:40 UTC] USER=www-data EUID=0 PID=3974 ACTION=fsop ARGS=mv /tmp/fo-tls.UcXAEW/connect-rest.keystore.p12 /opt/kafka/secrets/web-universe-main-dev/coordinator/connect-rest.keystore.p12
[2026-02-05 06:44:40 UTC] USER=www-data EUID=0 PID=3985 ACTION=fsop ARGS=chown kafka:kafka /opt/kafka/secrets/web-universe-main-dev/coordinator/connect-rest.keystore.p12
Certificate request self-signature ok
subject=CN = kafka-client-web-universe-main-dev, OU = Kafka Client, O = FastOrder, C = AE
[2026-02-05 06:44:41 UTC] USER=www-data EUID=0 PID=4077 ACTION=fsop ARGS=cp /tmp/fo-tls.UcXAEW/ra_root.crt /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem
[2026-02-05 06:44:41 UTC] USER=www-data EUID=0 PID=4086 ACTION=fsop ARGS=cp /tmp/fo-tls.UcXAEW/client-key.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:44:41 UTC] USER=www-data EUID=0 PID=4095 ACTION=fsop ARGS=cp /tmp/fo-tls.UcXAEW/client-cert.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
[2026-02-05 06:44:41 UTC] USER=www-data EUID=0 PID=4114 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
[2026-02-05 06:44:41 UTC] USER=www-data EUID=0 PID=4126 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:44:41 UTC] USER=www-data EUID=0 PID=4145 ACTION=fsop ARGS=chown kafka:kafka /opt/kafka/secrets/web-universe-main-dev/coordinator/kafka.client.keystore.p12
[2026-02-05 06:44:41 UTC] USER=www-data EUID=0 PID=4155 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/kafka.client.keystore.p12
π Ensuring kafka user has access to PostgreSQL certificates...
β
kafka is already in postgres group
π§Ή Cleaning up conflicting services and processes on Kafka ports on 10.100.1.225...
πͺ Killing processes on 10.100.1.225:8083: [2026-02-05 06:44:41 UTC] USER=www-data EUID=0 PID=4206 ACTION=passthru ARGS=bash -c lsof -ti tcp:8083 -sTCP:LISTEN 2>/dev/null | xargs -I {} lsof -p {} -a -i @10.100.1.225:8083 -t 2>/dev/null || true
[2026-02-05 06:44:42 UTC] USER=www-data EUID=0 PID=4253 ACTION=passthru ARGS=bash -c kill -9 [2026-02-05 06:44:41 UTC] USER=www-data EUID=0 PID=4206 ACTION=passthru ARGS=bash -c lsof -ti tcp:8083 -sTCP:LISTEN 2>/dev/null | xargs -I {} lsof -p {} -a -i @10.100.1.225:8083 -t 2>/dev/null || true
πͺ Killing processes on 10.100.1.225:9092: [2026-02-05 06:44:42 UTC] USER=www-data EUID=0 PID=4267 ACTION=passthru ARGS=bash -c lsof -ti tcp:9092 -sTCP:LISTEN 2>/dev/null | xargs -I {} lsof -p {} -a -i @10.100.1.225:9092 -t 2>/dev/null || true
4163713
[2026-02-05 06:44:43 UTC] USER=www-data EUID=0 PID=4391 ACTION=passthru ARGS=bash -c kill -9 [2026-02-05 06:44:42 UTC] USER=www-data EUID=0 PID=4267 ACTION=passthru ARGS=bash -c lsof -ti tcp:9092 -sTCP:LISTEN 2>/dev/null | xargs -I {} lsof -p {} -a -i @10.100.1.225:9092 -t 2>/dev/null || true
4163713
/usr/bin/bash: line 2: 4163713: command not found
πͺ Killing processes on 10.100.1.225:9093: [2026-02-05 06:44:43 UTC] USER=www-data EUID=0 PID=4410 ACTION=passthru ARGS=bash -c lsof -ti tcp:9093 -sTCP:LISTEN 2>/dev/null | xargs -I {} lsof -p {} -a -i @10.100.1.225:9093 -t 2>/dev/null || true
4163713
[2026-02-05 06:44:44 UTC] USER=www-data EUID=0 PID=4551 ACTION=passthru ARGS=bash -c kill -9 [2026-02-05 06:44:43 UTC] USER=www-data EUID=0 PID=4410 ACTION=passthru ARGS=bash -c lsof -ti tcp:9093 -sTCP:LISTEN 2>/dev/null | xargs -I {} lsof -p {} -a -i @10.100.1.225:9093 -t 2>/dev/null || true
4163713
β
Port cleanup completed
π§ Checking for Kafka Connect internal topics with incorrect cleanup policy...
π Kafka broker is running, checking topic cleanup policies...
β
Topic cleanup policy fix completed
π§ Creating environment-specific systemd units...
π§ Writing client properties to /etc/kafka/client-web-universe-main-dev-coordinator.properties ...
[2026-02-05 06:45:00 UTC] USER=www-data EUID=0 PID=6318 ACTION=fsop ARGS=chown root:kafka /etc/kafka/client-web-universe-main-dev-coordinator.properties
[2026-02-05 06:45:00 UTC] USER=www-data EUID=0 PID=6332 ACTION=fsop ARGS=chmod 0644 /etc/kafka/client-web-universe-main-dev-coordinator.properties
π§ Creating PEM certificates for PHP mTLS access...
[2026-02-05 06:45:00 UTC] USER=www-data EUID=0 PID=6344 ACTION=passthru ARGS=bash -c openssl pkcs12 -in '/opt/kafka/secrets/web-universe-main-dev/coordinator/kafka.client.keystore.p12' -clcerts -nokeys -passin pass:'HGvJkWmjjIaZzWVQzIjopYiQoGhZCsRH' -out '/opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client.crt' 2>/dev/null
[2026-02-05 06:45:00 UTC] USER=www-data EUID=0 PID=6356 ACTION=passthru ARGS=bash -c openssl pkcs12 -in '/opt/kafka/secrets/web-universe-main-dev/coordinator/kafka.client.keystore.p12' -nocerts -nodes -passin pass:'HGvJkWmjjIaZzWVQzIjopYiQoGhZCsRH' -out '/opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client.key' 2>/dev/null
[2026-02-05 06:45:00 UTC] USER=www-data EUID=0 PID=6366 ACTION=passthru ARGS=bash -c keytool -exportcert -alias fastorder-ra-root -keystore '/opt/kafka/secrets/web-universe-main-dev/coordinator/truststore.jks' -storepass 'sZRdI2nTnX4yhzopYtu0ttl9GtAWGH7c' -rfc -file '/opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.crt' 2>/dev/null
[2026-02-05 06:45:02 UTC] USER=www-data EUID=0 PID=6676 ACTION=fsop ARGS=chown root:kafka /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client.crt /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client.key /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.crt
[2026-02-05 06:45:02 UTC] USER=www-data EUID=0 PID=6747 ACTION=fsop ARGS=chmod 0644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client.crt /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.crt
[2026-02-05 06:45:03 UTC] USER=www-data EUID=0 PID=6858 ACTION=fsop ARGS=chmod 0640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client.key
π Creating connector secrets file for FileConfigProvider...
[2026-02-05 06:45:03 UTC] USER=www-data EUID=0 PID=7104 ACTION=fsop ARGS=chown kafka:kafka /opt/kafka/secrets/web-universe-main-dev/coordinator/connector-secrets.properties
β
Connector secrets file created: /opt/kafka/secrets/web-universe-main-dev/coordinator/connector-secrets.properties
FileConfigProvider syntax: ${file:/opt/kafka/secrets/web-universe-main-dev/coordinator/connector-secrets.properties:key_name}
π§ Creating Canary Event timer for pipeline verification...
[2026-02-05 06:45:03 UTC] USER=www-data EUID=0 PID=7347 ACTION=passthru ARGS=systemctl daemon-reload
[2026-02-05 06:45:05 UTC] USER=www-data EUID=0 PID=7744 ACTION=passthru ARGS=systemctl enable kafka-canary-web-universe-main-dev.timer
[2026-02-05 06:45:05 UTC] USER=www-data EUID=0 PID=8011 ACTION=passthru ARGS=systemctl start kafka-canary-web-universe-main-dev.timer
β
Canary timer installed: kafka-canary-web-universe-main-dev.timer (every 5 minutes)
[2026-02-05 06:45:06 UTC] USER=www-data EUID=0 PID=8091 ACTION=passthru ARGS=systemctl daemon-reload
[2026-02-05 06:45:12 UTC] USER=www-data EUID=0 PID=9426 ACTION=passthru ARGS=systemctl mask kafka-server
Failed to print table: Broken pipe
π Adjusting group ownership and permissions ...
[2026-02-05 06:45:16 UTC] USER=www-data EUID=0 PID=10358 ACTION=fsop ARGS=chown :kafka /opt/kafka/secrets/web-universe-main-dev/coordinator/truststore.jks /opt/kafka/secrets/web-universe-main-dev/coordinator/kafka.server.keystore.jks
[2026-02-05 06:45:16 UTC] USER=www-data EUID=0 PID=10425 ACTION=fsop ARGS=chown root:kafka /etc/kafka/client-web-universe-main-dev-coordinator.properties
[2026-02-05 06:45:16 UTC] USER=www-data EUID=0 PID=10503 ACTION=fsop ARGS=chmod 0644 /etc/kafka/client-web-universe-main-dev-coordinator.properties
β
Kafka configuration complete for web-universe-main-dev_coordinator
Broker ID : 89
Broker keystore : /opt/kafka/secrets/web-universe-main-dev/coordinator/kafka.server.keystore.jks
REST keystore : /opt/kafka/secrets/web-universe-main-dev/coordinator/connect-rest.keystore.p12
Truststore : /opt/kafka/secrets/web-universe-main-dev/coordinator/truststore.jks
Client PKCS12 : /opt/kafka/secrets/web-universe-main-dev/coordinator/kafka.client.keystore.p12
Data directory : /data/kafka/web-universe-main-dev_coordinator-data
Server config : /opt/kafka/config/web-universe-main-dev/coordinator/server.properties
Connect config : /opt/kafka/config/web-universe-main-dev/coordinator/connect-distributed.properties
CLI client config : /etc/kafka/client-web-universe-main-dev-coordinator.properties
π― Next step: Run 03-restart-kafka-related-services.sh to start services
[0;32m[OK][0m β
Step 2 completed: 01-kafka-setup.sh
[0;34m[INFO][0m π¦ Step 3/13: metadata...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] π― Kafka metadata mode: kraft
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Kafka Metadata Layer Setup β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Environment : web-universe-main-dev
Service : web
Zone : universe
Branch : main
Environment : dev
VM IP : 142.93.238.16
Metadata Mode : kraft
π KRaft Mode (Modern)
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
No ZooKeeper dependency
β
Faster metadata operations
β
Simplified architecture
β
Recommended for new deployments
β οΈ Requires Kafka 3.3+ in production
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] π Executing KRaft setup script...
[INFO] Script: /opt/fastorder/bash/scripts/env_app_setup/setup/04-eventbus/engine/kafka/steps/metadata/kraft.sh
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[2026-02-05 06:45:17 UTC] USER=www-data EUID=0 PID=11329 ACTION=fsop ARGS=mkdir -p /data/kafka/web-universe-main-dev_coordinator-meta /opt/kafka/config/web-universe-main-dev/coordinator /data/kafka/web-universe-main-dev_coordinator-data
[2026-02-05 06:45:17 UTC] USER=www-data EUID=0 PID=11379 ACTION=fsop ARGS=chown -R kafka:kafka /data/kafka/web-universe-main-dev_coordinator-meta /opt/kafka/config/web-universe-main-dev/coordinator /data/kafka/web-universe-main-dev_coordinator-data
[2026-02-05 06:45:17 UTC] USER=www-data EUID=0 PID=11424 ACTION=fsop ARGS=chmod 770 /data/kafka/web-universe-main-dev_coordinator-meta /opt/kafka/config/web-universe-main-dev/coordinator /data/kafka/web-universe-main-dev_coordinator-data
[INFO] Adding eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com to /etc/hosts -> 10.100.1.225
[INFO] Adding eventbus-web-universe-main-dev-kafka-connect.fastorder.com to /etc/hosts -> 10.100.1.75
[INFO] Setting up KRaft for: web-universe-main-dev (host=eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com ip=10.100.1.225)
[2026-02-05 06:45:18 UTC] USER=www-data EUID=0 PID=11649 ACTION=fsop ARGS=mkdir -p /opt/fastorder/bash/scripts/env_app_setup/state/web-universe-main-dev
[INFO] Using existing cluster.id from state
π§ Configuring Kafka for KRaft mode...
[2026-02-05 06:45:18 UTC] USER=www-data EUID=0 PID=11901 ACTION=fsop ARGS=test -r /opt/kafka/config/web-universe-main-dev/coordinator/server.properties
[2026-02-05 06:45:18 UTC] USER=www-data EUID=0 PID=11946 ACTION=fsop ARGS=sed -i /^zookeeper\.connect=/d /opt/kafka/config/web-universe-main-dev/coordinator/server.properties
[2026-02-05 06:45:18 UTC] USER=www-data EUID=0 PID=12010 ACTION=passthru ARGS=bash -c grep -q '^process.roles=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties'
[2026-02-05 06:45:19 UTC] USER=www-data EUID=0 PID=12103 ACTION=passthru ARGS=bash -c grep -q '^node.id=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties'
[2026-02-05 06:45:19 UTC] USER=www-data EUID=0 PID=12163 ACTION=passthru ARGS=bash -c grep -q '^broker.id=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties'
[2026-02-05 06:45:19 UTC] USER=www-data EUID=0 PID=12189 ACTION=fsop ARGS=sed -i s|^broker.id=.*|broker.id=1| /opt/kafka/config/web-universe-main-dev/coordinator/server.properties
[2026-02-05 06:45:19 UTC] USER=www-data EUID=0 PID=12207 ACTION=passthru ARGS=bash -c grep -q '^controller.listener.names=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties'
[2026-02-05 06:45:19 UTC] USER=www-data EUID=0 PID=12295 ACTION=passthru ARGS=bash -c grep -q '^controller.quorum.voters=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties'
[2026-02-05 06:45:19 UTC] USER=www-data EUID=0 PID=12406 ACTION=passthru ARGS=bash -c grep -q '^metadata.log.dir=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties'
[2026-02-05 06:45:20 UTC] USER=www-data EUID=0 PID=12530 ACTION=passthru ARGS=bash -c grep -q '^log.dirs=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties'
[2026-02-05 06:45:20 UTC] USER=www-data EUID=0 PID=12557 ACTION=fsop ARGS=sed -i s|^log.dirs=.*|log.dirs=/data/kafka/web-universe-main-dev_coordinator-data| /opt/kafka/config/web-universe-main-dev/coordinator/server.properties
[2026-02-05 06:45:20 UTC] USER=www-data EUID=0 PID=12571 ACTION=passthru ARGS=bash -c grep -q '^listeners=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties'
[2026-02-05 06:45:20 UTC] USER=www-data EUID=0 PID=12634 ACTION=fsop ARGS=sed -i s|^listeners=.*|listeners=SSL://10.100.1.225:9092,CONTROLLER://10.100.1.225:9093| /opt/kafka/config/web-universe-main-dev/coordinator/server.properties
[2026-02-05 06:45:20 UTC] USER=www-data EUID=0 PID=12664 ACTION=passthru ARGS=bash -c grep -q '^advertised.listeners=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties'
[2026-02-05 06:45:20 UTC] USER=www-data EUID=0 PID=12685 ACTION=fsop ARGS=sed -i s|^advertised.listeners=.*|advertised.listeners=SSL://eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com:9092| /opt/kafka/config/web-universe-main-dev/coordinator/server.properties
[2026-02-05 06:45:20 UTC] USER=www-data EUID=0 PID=12738 ACTION=fsop ARGS=sed -i s|^listener.security.protocol.map=.*|listener.security.protocol.map=SSL:SSL,CONTROLLER:PLAINTEXT| /opt/kafka/config/web-universe-main-dev/coordinator/server.properties
[2026-02-05 06:45:20 UTC] USER=www-data EUID=0 PID=12762 ACTION=passthru ARGS=bash -c grep -q '^inter.broker.listener.name=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties'
[2026-02-05 06:45:20 UTC] USER=www-data EUID=0 PID=12780 ACTION=fsop ARGS=sed -i s|^inter.broker.listener.name=.*|inter.broker.listener.name=SSL| /opt/kafka/config/web-universe-main-dev/coordinator/server.properties
[2026-02-05 06:45:21 UTC] USER=www-data EUID=0 PID=12820 ACTION=fsop ARGS=sed -i s|^offsets.topic.replication.factor=.*|offsets.topic.replication.factor=1| /opt/kafka/config/web-universe-main-dev/coordinator/server.properties
[2026-02-05 06:45:21 UTC] USER=www-data EUID=0 PID=12838 ACTION=passthru ARGS=bash -c grep -q '^transaction.state.log.replication.factor=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties'
[2026-02-05 06:45:21 UTC] USER=www-data EUID=0 PID=12861 ACTION=fsop ARGS=sed -i s|^transaction.state.log.replication.factor=.*|transaction.state.log.replication.factor=1| /opt/kafka/config/web-universe-main-dev/coordinator/server.properties
[2026-02-05 06:45:21 UTC] USER=www-data EUID=0 PID=12878 ACTION=passthru ARGS=bash -c grep -q '^transaction.state.log.min.isr=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties'
[2026-02-05 06:45:21 UTC] USER=www-data EUID=0 PID=12923 ACTION=passthru ARGS=bash -c grep -q '^min.insync.replicas=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties'
β
KRaft configuration applied to server.properties
[2026-02-05 06:45:21 UTC] USER=www-data EUID=0 PID=12975 ACTION=fsop ARGS=test -f /data/kafka/web-universe-main-dev_coordinator-meta/meta.properties
[2026-02-05 06:45:21 UTC] USER=www-data EUID=0 PID=13008 ACTION=fsop ARGS=test -f /data/kafka/web-universe-main-dev_coordinator-data/meta.properties
[INFO] Already formatted: both /data/kafka/web-universe-main-dev_coordinator-meta and /data/kafka/web-universe-main-dev_coordinator-data have meta.properties
π§ Creating/refreshing KRaft systemd unit...
[2026-02-05 06:45:21 UTC] USER=www-data EUID=0 PID=13030 ACTION=fsop ARGS=sed -i s|\\$MAINPID|$MAINPID|g /etc/systemd/system/confluent-kraft-web-universe-main-dev_coordinator.service
[2026-02-05 06:45:21 UTC] USER=www-data EUID=0 PID=13039 ACTION=passthru ARGS=systemctl daemon-reload
β
Ensured confluent-kraft-web-universe-main-dev_coordinator.service
π Stopping legacy ZooKeeper-mode services and current KRaft instance...
π Stopping current: confluent-kraft-web-universe-main-dev_coordinator.service
[2026-02-05 06:45:22 UTC] USER=www-data EUID=0 PID=13092 ACTION=passthru ARGS=systemctl stop confluent-kraft-web-universe-main-dev_coordinator.service
π§Ή Cleaning up rogue Kafka processes...
π§Ή Killing any processes holding Kafka ports 9092, 9093...
πͺ Killing processes on port 9092: 4147841
4147842
4147843
4147844
4152126
4152738
[2026-02-05 06:45:26 UTC] USER=www-data EUID=0 PID=13260 ACTION=passthru ARGS=bash -c kill -9 4147841
[2026-02-05 06:45:26 UTC] USER=www-data EUID=0 PID=13274 ACTION=passthru ARGS=bash -c kill -9 4147842
[2026-02-05 06:45:26 UTC] USER=www-data EUID=0 PID=13285 ACTION=passthru ARGS=bash -c kill -9 4147843
[2026-02-05 06:45:26 UTC] USER=www-data EUID=0 PID=13302 ACTION=passthru ARGS=bash -c kill -9 4147844
πͺ Killing processes on port 9093: 4147687
πͺ Killing processes on port 8083: 4146626
[2026-02-05 06:45:31 UTC] USER=www-data EUID=0 PID=13482 ACTION=passthru ARGS=bash -c kill -9 4146626
β
Legacy services stopped and rogue processes cleaned
π Removing stale lock files...
[2026-02-05 06:45:36 UTC] USER=www-data EUID=0 PID=13800 ACTION=fsop ARGS=test -f /data/kafka/web-universe-main-dev_coordinator-meta/.lock
[2026-02-05 06:45:36 UTC] USER=www-data EUID=0 PID=13811 ACTION=fsop ARGS=test -f /data/kafka/web-universe-main-dev_coordinator-data/.lock
β
Lock file check complete
π Starting confluent-kraft-web-universe-main-dev_coordinator.service ...
[2026-02-05 06:45:36 UTC] USER=www-data EUID=0 PID=13822 ACTION=passthru ARGS=systemctl enable confluent-kraft-web-universe-main-dev_coordinator.service
[2026-02-05 06:45:37 UTC] USER=www-data EUID=0 PID=13872 ACTION=passthru ARGS=systemctl restart confluent-kraft-web-universe-main-dev_coordinator.service
π§ Patching shared Connect unit to follow KRaft broker...
[2026-02-05 06:45:40 UTC] USER=www-data EUID=0 PID=14445 ACTION=fsop ARGS=sed -i -e s|${FULL_ENV}|web-universe-main-dev|g -e s|${IDENTIFIER}|coordinator|g -e s|${CONFIG_DIR}|/opt/kafka/config/web-universe-main-dev/coordinator|g /etc/systemd/system/confluent-connect-web-universe-main-dev_coordinator.service
[2026-02-05 06:45:40 UTC] USER=www-data EUID=0 PID=14456 ACTION=fsop ARGS=sed -i s|\\$MAINPID|$MAINPID|g /etc/systemd/system/confluent-connect-web-universe-main-dev_coordinator.service
[2026-02-05 06:45:40 UTC] USER=www-data EUID=0 PID=14471 ACTION=fsop ARGS=sed -i s|^After=.*|After=network-online.target confluent-kraft-web-universe-main-dev_coordinator.service| /etc/systemd/system/confluent-connect-web-universe-main-dev_coordinator.service
[2026-02-05 06:45:40 UTC] USER=www-data EUID=0 PID=14488 ACTION=fsop ARGS=sed -i s|^Wants=.*|Wants=confluent-kraft-web-universe-main-dev_coordinator.service| /etc/systemd/system/confluent-connect-web-universe-main-dev_coordinator.service
[2026-02-05 06:45:40 UTC] USER=www-data EUID=0 PID=14507 ACTION=fsop ARGS=sed -i s|^ExecStart=.*|ExecStart=/opt/kafka/bin/connect-distributed.sh /opt/kafka/config/web-universe-main-dev/coordinator/connect-distributed.properties| /etc/systemd/system/confluent-connect-web-universe-main-dev_coordinator.service
[2026-02-05 06:45:40 UTC] USER=www-data EUID=0 PID=14519 ACTION=passthru ARGS=systemctl daemon-reload
β
Connect unit patched
[2026-02-05 06:45:41 UTC] USER=www-data EUID=0 PID=14579 ACTION=fsop ARGS=test -f /opt/kafka/config/web-universe-main-dev/coordinator/connect-distributed.properties
[2026-02-05 06:45:41 UTC] USER=www-data EUID=0 PID=14588 ACTION=fsop ARGS=ln -sf /opt/kafka/config/web-universe-main-dev/coordinator/connect-distributed.properties /opt/kafka/config/connect-distributed.properties
β³ Waiting for broker coordinator on SSL://eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com:9092 ...
β³ Waiting for KRaft broker... (attempt 1, 0s/600s)
Debug: Last error was: [2026-02-05 06:45:41 UTC] USER=www-data EUID=0 PID=14600 ACTION=passthru ARGS=bash -c timeout 5 sudo -u kafka /opt/kafka/bin/kafka-metadata-quorum.sh --bootstrap-server 'eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com:9092' --command-config '/etc/kafka/client-web-universe-main-dev-coordinator.properties' describe --status
β³ Still waiting... (attempt 10, 58s/600s)
β³ Still waiting... (attempt 20, 124s/600s)
β
coordinator responded after 136s (attempt 22)
---- server.properties (key lines) ----
[2026-02-05 06:48:25 UTC] USER=www-data EUID=0 PID=33633 ACTION=passthru ARGS=bash -c grep -E '^(listeners|advertised\.listeners|process\.roles|controller\.quorum\.voters|controller\.listener\.names|inter\.broker\.listener\.name|log\.dirs|metadata\.log\.dir)=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties'
listeners=SSL://10.100.1.225:9092,CONTROLLER://10.100.1.225:9093
advertised.listeners=SSL://eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com:9092
inter.broker.listener.name=SSL
log.dirs=/data/kafka/web-universe-main-dev_coordinator-data
process.roles=broker,controller
controller.listener.names=CONTROLLER
controller.quorum.voters=1@10.100.1.225:9093
metadata.log.dir=/data/kafka/web-universe-main-dev_coordinator-meta
---------------------------------------
β
KRaft setup complete for web-universe-main-dev_coordinator
server.properties : /opt/kafka/config/web-universe-main-dev/coordinator/server.properties
data dir : /data/kafka/web-universe-main-dev_coordinator-data
meta dir : /data/kafka/web-universe-main-dev_coordinator-meta
systemd unit : confluent-kraft-web-universe-main-dev_coordinator.service
π§ Kafka Configuration Modified:
β process.roles, node.id, controller.quorum.voters, controller.listener.names
β listeners (SSL + CONTROLLER) and advertised.listeners (FQDN fallback to IP)
β listener.security.protocol.map, inter.broker.listener.name
β log.dirs -> /data/kafka/web-universe-main-dev_coordinator-data, metadata.log.dir -> /data/kafka/web-universe-main-dev_coordinator-meta
β removed zookeeper.connect (if present)
β created/refreshed dedicated KRaft systemd unit
β patched shared Connect unit to follow KRaft broker
β symlinked /opt/kafka/config/web-universe-main-dev/coordinator/connect-distributed.properties -> /opt/kafka/config/connect-distributed.properties (compat)
π Check quorum:
/opt/kafka/bin/kafka-metadata-quorum.sh --bootstrap-server eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com:9092 --command-config /etc/kafka/client-web-universe-main-dev-coordinator.properties describe --status
π Next steps:
1) Review KRaft config: sudo grep -E 'process.roles|node.id|controller|listeners|advertised.listeners|log.dirs|metadata.log.dir' /opt/kafka/config/web-universe-main-dev/coordinator/server.properties
2) Verify topics: /opt/kafka/bin/kafka-topics.sh --bootstrap-server eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com:9092 --command-config /etc/kafka/client-web-universe-main-dev-coordinator.properties --list
β
KRaft metadata layer setup completed successfully
Next steps:
1. Verify KRaft quorum status
2. Create Kafka topics
3. Configure Kafka Connect
[2026-02-05 06:48:25 UTC] USER=www-data EUID=0 PID=33643 ACTION=fsop ARGS=mkdir -p /opt/fastorder/bash/scripts/env_app_setup/state/web-universe-main-dev
[INFO] Saved metadata mode to: /opt/fastorder/bash/scripts/env_app_setup/state/web-universe-main-dev/kafka_metadata_mode
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
Kafka Metadata Layer Setup Complete
Mode : kraft
Environment : web-universe-main-dev
State saved : /opt/fastorder/bash/scripts/env_app_setup/state/web-universe-main-dev/kafka_metadata_mode
KRaft cluster.id: uBayQf0-RSyd3l5SczIXzA
Verify quorum:
kafka-metadata-quorum.sh --bootstrap-server ... describe
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32m[OK][0m β
Step 3 completed: 02-metadata.sh
[0;34m[INFO][0m π¦ Step 4/13: restart kafka related services...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[2026-02-05 06:48:26 UTC] USER=www-data EUID=0 PID=33723 ACTION=passthru ARGS=bash -c grep -E '^[[:space:]]*process\.roles=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties' | grep -Eq '(broker|controller)'
[INFO] π Detected mode from server.properties: kraft
[2026-02-05 06:48:26 UTC] USER=www-data EUID=0 PID=33806 ACTION=passthru ARGS=systemctl stop confluent-connect-web-universe-main-dev_coordinator.service
[2026-02-05 06:48:28 UTC] USER=www-data EUID=0 PID=34001 ACTION=passthru ARGS=systemctl stop confluent-kafka-zk-web-universe-main-dev_coordinator.service
[2026-02-05 06:48:29 UTC] USER=www-data EUID=0 PID=34069 ACTION=passthru ARGS=systemctl stop confluent-zookeeper-web-universe-main-dev_coordinator.service
[INFO] π§Ή Removing stale Kafka lock files...
[2026-02-05 06:48:32 UTC] USER=www-data EUID=0 PID=34155 ACTION=fsop ARGS=rm -f /var/lib/kafka/web-universe-main-dev_coordinator-meta/.lock
[2026-02-05 06:48:32 UTC] USER=www-data EUID=0 PID=34166 ACTION=fsop ARGS=rm -f /var/lib/kafka/web-universe-main-dev_coordinator-data/.lock
[INFO] π§Ή Cleaning up orphaned processes on Kafka ports...
[2026-02-05 06:48:32 UTC] USER=www-data EUID=0 PID=34175 ACTION=passthru ARGS=bash -c
for port in 9092 9093 8083 2181; do
pids=$(lsof -ti tcp:$port 2>/dev/null || true)
if [[ -n "$pids" ]]; then
echo " Killing orphaned processes on port $port: $pids"
kill -9 $pids 2>/dev/null || true
sleep 1
fi
done
Killing orphaned processes on port 9092: 13890
14695
14841
14844
15159
21181
23086
Killing orphaned processes on port 9093: 14416
π Restarting Kafka componentsβ¦
[INFO] π starting confluent-kraft-web-universe-main-dev_coordinator.serviceβ¦
[2026-02-05 06:48:37 UTC] USER=www-data EUID=0 PID=34502 ACTION=passthru ARGS=systemctl restart confluent-kraft-web-universe-main-dev_coordinator.service
[INFO] π starting confluent-connect-web-universe-main-dev_coordinator.serviceβ¦
[2026-02-05 06:48:38 UTC] USER=www-data EUID=0 PID=35046 ACTION=passthru ARGS=systemctl restart confluent-connect-web-universe-main-dev_coordinator.service
[INFO] β³ Waiting for Kafka broker readiness (FQDN: eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com, IP: 10.100.1.225) ...
[OK] β
Broker ready (attempt 1)
[OK] β
Port 9092 listening (Kafka Broker)
[INFO] β³ waiting for Kafka Connect REST port 8083 β¦ (1/40)
[INFO] β³ waiting for Kafka Connect REST port 8083 β¦ (2/40)
[INFO] β³ waiting for Kafka Connect REST port 8083 β¦ (3/40)
[INFO] β³ waiting for Kafka Connect REST port 8083 β¦ (4/40)
[INFO] β³ waiting for Kafka Connect REST port 8083 β¦ (5/40)
[INFO] β³ waiting for Kafka Connect REST port 8083 β¦ (6/40)
[INFO] β³ waiting for Kafka Connect REST port 8083 β¦ (7/40)
[INFO] β³ waiting for Kafka Connect REST port 8083 β¦ (8/40)
[INFO] β³ waiting for Kafka Connect REST port 8083 β¦ (9/40)
[INFO] β³ waiting for Kafka Connect REST port 8083 β¦ (10/40)
[OK] β
Port 8083 listening (Kafka Connect REST)
[INFO] β³ Waiting for Connect REST at https://eventbus-web-universe-main-dev-kafka-connect.fastorder.com:8083 β¦
[OK] β
Connect REST is up (attempt 1)
π Reconciling Connect internal topicsβ¦
[ok] connect-configs exists
[ok] connect-offsets exists
[ok] connect-status exists
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
KAFKA SUMMARY
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Env: web-universe-main-dev Identifier: coordinator Mode: kraft
Broker Unit : confluent-kraft-web-universe-main-dev_coordinator.service (status: active)
Connect Unit: confluent-connect-web-universe-main-dev_coordinator.service (status: active)
Bootstrap : eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com:9092
Connect URL : https://eventbus-web-universe-main-dev-kafka-connect.fastorder.com:8083
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[OK] β
All required services are up.
[0;32m[OK][0m β
Step 4 completed: 03-restart-kafka-related-services.sh
[0;34m[INFO][0m π¦ Step 5/13: checking services...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[2026-02-05 06:50:13 UTC] USER=www-data EUID=0 PID=42431 ACTION=passthru ARGS=bash -c grep -E '^[[:space:]]*process\.roles=' '/opt/kafka/config/web-universe-main-dev/coordinator/server.properties' | grep -Eq '(broker|controller)'
[INFO] Detected mode from server.properties: kraft
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
Step 1: Service status
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
[OK] confluent-kraft-web-universe-main-dev_coordinator.service status: active
[WARN] confluent-kafka-zk-web-universe-main-dev_coordinator.service present but should be stopped in KRaft
[WARN] confluent-zookeeper-web-universe-main-dev_coordinator.service present but not required in KRaft
[OK] confluent-connect-web-universe-main-dev_coordinator.service status: active
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
Step 2: Port checks
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
[OK] β
Port 9092 listening (Kafka Broker)
[OK] β
Port 8083 listening (Kafka Connect REST)
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
Step 3: Broker readiness
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
[OK] Broker API responding (attempt 1)
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
Step 4: Kafka Connect REST
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
[OK] Connect REST responding (attempt 1)
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
Kafka Services Summary
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
Environment : web-universe-main-dev
Identifier : coordinator
Mode : kraft
Broker Unit : confluent-kraft-web-universe-main-dev_coordinator.service (status: active)
Connect Unit: confluent-connect-web-universe-main-dev_coordinator.service (status: active)
Broker FQDN : eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com:9092
Broker IP : eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com:9092
Connect URL : https://eventbus-web-universe-main-dev-kafka-connect.fastorder.com:8083
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
[OK] β
All required services are reachable.
[INFO] Creating ACLs for Kafka Connect consumer groups...
Error while executing ACL command: Failed to create new KafkaAdminClient
org.apache.kafka.common.KafkaException: Failed to create new KafkaAdminClient
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:519)
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:474)
at org.apache.kafka.clients.admin.Admin.create(Admin.java:134)
at kafka.admin.AclCommand$AdminClientService.addAcls(AclCommand.scala:100)
at kafka.admin.AclCommand$.main(AclCommand.scala:73)
at kafka.admin.AclCommand.main(AclCommand.scala)
Caused by: org.apache.kafka.common.config.ConfigException: No resolvable bootstrap urls given in bootstrap.servers
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:101)
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:60)
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:56)
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:492)
... 5 more
[INFO] Creating ACLs for Connect internal topics...
Error while executing ACL command: Failed to create new KafkaAdminClient
org.apache.kafka.common.KafkaException: Failed to create new KafkaAdminClient
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:519)
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:474)
at org.apache.kafka.clients.admin.Admin.create(Admin.java:134)
at kafka.admin.AclCommand$AdminClientService.addAcls(AclCommand.scala:100)
at kafka.admin.AclCommand$.main(AclCommand.scala:73)
at kafka.admin.AclCommand.main(AclCommand.scala)
Caused by: org.apache.kafka.common.config.ConfigException: No resolvable bootstrap urls given in bootstrap.servers
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:101)
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:60)
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:56)
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:492)
... 5 more
Error while executing ACL command: Failed to create new KafkaAdminClient
org.apache.kafka.common.KafkaException: Failed to create new KafkaAdminClient
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:519)
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:474)
at org.apache.kafka.clients.admin.Admin.create(Admin.java:134)
at kafka.admin.AclCommand$AdminClientService.addAcls(AclCommand.scala:100)
at kafka.admin.AclCommand$.main(AclCommand.scala:73)
at kafka.admin.AclCommand.main(AclCommand.scala)
Caused by: org.apache.kafka.common.config.ConfigException: No resolvable bootstrap urls given in bootstrap.servers
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:101)
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:60)
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:56)
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:492)
... 5 more
Error while executing ACL command: Failed to create new KafkaAdminClient
org.apache.kafka.common.KafkaException: Failed to create new KafkaAdminClient
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:519)
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:474)
at org.apache.kafka.clients.admin.Admin.create(Admin.java:134)
at kafka.admin.AclCommand$AdminClientService.addAcls(AclCommand.scala:100)
at kafka.admin.AclCommand$.main(AclCommand.scala:73)
at kafka.admin.AclCommand.main(AclCommand.scala)
Caused by: org.apache.kafka.common.config.ConfigException: No resolvable bootstrap urls given in bootstrap.servers
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:101)
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:60)
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:56)
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:492)
... 5 more
Error while executing ACL command: Failed to create new KafkaAdminClient
org.apache.kafka.common.KafkaException: Failed to create new KafkaAdminClient
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:519)
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:474)
at org.apache.kafka.clients.admin.Admin.create(Admin.java:134)
at kafka.admin.AclCommand$AdminClientService.addAcls(AclCommand.scala:100)
at kafka.admin.AclCommand$.main(AclCommand.scala:73)
at kafka.admin.AclCommand.main(AclCommand.scala)
Caused by: org.apache.kafka.common.config.ConfigException: No resolvable bootstrap urls given in bootstrap.servers
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:101)
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:60)
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:56)
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:492)
... 5 more
Error while executing ACL command: Failed to create new KafkaAdminClient
org.apache.kafka.common.KafkaException: Failed to create new KafkaAdminClient
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:519)
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:474)
at org.apache.kafka.clients.admin.Admin.create(Admin.java:134)
at kafka.admin.AclCommand$AdminClientService.addAcls(AclCommand.scala:100)
at kafka.admin.AclCommand$.main(AclCommand.scala:73)
at kafka.admin.AclCommand.main(AclCommand.scala)
Caused by: org.apache.kafka.common.config.ConfigException: No resolvable bootstrap urls given in bootstrap.servers
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:101)
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:60)
at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:56)
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:492)
... 5 more
[OK] β
Kafka Connect ACLs configured (deny-by-default mode)
[0;32m[OK][0m β
Step 5 completed: 04-checking-services.sh
[0;34m[INFO][0m π¦ Step 6/13: create audit topic...
π Configuring AWS credentials...
β
Using permanent AWS credentials from /home/ab/.aws/credentials
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Creating Kafka Audit Topics
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Environment: web-universe-main-dev
[0;34m[INFO][0m Replication Factor: 1
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m π AUDIT READINESS GATE - Preflight Checks
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m [Gate 1/5] Verifying DNS resolution...
[0;32m[OK][0m β
Broker DNS: eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com -> 10.100.1.225
[0;32m[OK][0m β
Connect DNS: eventbus-web-universe-main-dev-kafka-connect.fastorder.com -> 10.100.1.75
[0;34m[INFO][0m [Gate 2/5] Verifying TLS handshake...
[0;32m[OK][0m β
TLS handshake: Broker certificate verified
[0;34m[INFO][0m [Gate 3/5] Verifying Kafka Connect REST API...
[0;32m[OK][0m β
Kafka Connect REST: Cluster ID = [2026-02-05 03:44:00 UTC] USER=www-data EUID=0 PID=3571696 ACTION=passthru ARGS=bash -c cat /opt/fastorder/bash/scripts/env_app_setup/state/web-universe-main-dev/kafka_kraft_cluster_id
uBayQf0-RSyd3l5SczIXzA
[0;34m[INFO][0m [Gate 4/5] Verifying required internal topics...
[0;32m[OK][0m β
Topic exists: connect-configs
[0;32m[OK][0m β
Topic exists: connect-offsets
[0;32m[OK][0m β
Topic exists: connect-status
[0;34m[INFO][0m [Gate 5/5] Verifying broker metadata access...
[0;32m[OK][0m β
Broker metadata: API versions accessible
[0;32m[OK][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32m[OK][0m β
AUDIT READINESS GATE: ALL CHECKS PASSED
[0;32m[OK][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Waiting for Kafka to be ready...
[0;32m[OK][0m β
Kafka is ready
[0;34m[INFO][0m Creating audit topic: audit.events.web.universe.main.dev
WARNING: Due to limitations in metric names, topics with a period ('.') or underscore ('_') could collide. To avoid issues it is best to use either, but not both.
Error while executing topic command : Topic 'audit.events.web.universe.main.dev' already exists.
[2026-02-05 06:51:17,808] ERROR org.apache.kafka.common.errors.TopicExistsException: Topic 'audit.events.web.universe.main.dev' already exists.
(kafka.admin.TopicCommand$)
[0;32m[OK][0m β
Audit topic already exists: audit.events.web.universe.main.dev
[0;32m[OK][0m β
Topic verified: audit.events.web.universe.main.dev
Topic: audit.events.web.universe.main.dev TopicId: _h9pJC4FSPSnOavETTJe4Q PartitionCount: 3 ReplicationFactor: 1 Configs: compression.type=lz4,min.insync.replicas=1,cleanup.policy=delete,segment.bytes=1073741824,retention.ms=7776000000,message.timestamp.type=LogAppendTime,segment.ms=604800000
Topic: audit.events.web.universe.main.dev Partition: 0 Leader: 1 Replicas: 1 Isr: 1
Topic: audit.events.web.universe.main.dev Partition: 1 Leader: 1 Replicas: 1 Isr: 1
Topic: audit.events.web.universe.main.dev Partition: 2 Leader: 1 Replicas: 1 Isr: 1
[0;34m[INFO][0m Creating audit producer credentials...
Completed updating config for user audit-producer-web-universe-main-dev.
[0;32m[OK][0m β
Audit producer user created: audit-producer-web-universe-main-dev
[0;34m[INFO][0m Creating ACLs for audit producer...
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=audit.events.web.universe.main.dev, patternType=LITERAL)`:
(principal=User:audit-producer-web-universe-main-dev, host=*, operation=WRITE, permissionType=ALLOW)
Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=audit.events.web.universe.main.dev, patternType=LITERAL)`:
(principal=User:*, host=*, operation=ALTER, permissionType=DENY)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=READ, permissionType=ALLOW)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=DESCRIBE_CONFIGS, permissionType=ALLOW)
(principal=User:*, host=*, operation=DELETE, permissionType=DENY)
(principal=User:audit-producer-web-universe-main-dev, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:audit-producer-web-universe-main-dev, host=*, operation=WRITE, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=READ, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=DESCRIBE_CONFIGS, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=DESCRIBE, permissionType=ALLOW)
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=audit.events.web.universe.main.dev, patternType=LITERAL)`:
(principal=User:audit-producer-web-universe-main-dev, host=*, operation=DESCRIBE, permissionType=ALLOW)
Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=audit.events.web.universe.main.dev, patternType=LITERAL)`:
(principal=User:*, host=*, operation=ALTER, permissionType=DENY)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=READ, permissionType=ALLOW)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=DESCRIBE_CONFIGS, permissionType=ALLOW)
(principal=User:*, host=*, operation=DELETE, permissionType=DENY)
(principal=User:audit-producer-web-universe-main-dev, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:audit-producer-web-universe-main-dev, host=*, operation=WRITE, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=READ, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=DESCRIBE_CONFIGS, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=DESCRIBE, permissionType=ALLOW)
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=audit.events.web.universe.main.dev, patternType=LITERAL)`:
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=READ, permissionType=ALLOW)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=DESCRIBE, permissionType=ALLOW)
Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=audit.events.web.universe.main.dev, patternType=LITERAL)`:
(principal=User:*, host=*, operation=ALTER, permissionType=DENY)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=READ, permissionType=ALLOW)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=DESCRIBE_CONFIGS, permissionType=ALLOW)
(principal=User:*, host=*, operation=DELETE, permissionType=DENY)
(principal=User:audit-producer-web-universe-main-dev, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:audit-producer-web-universe-main-dev, host=*, operation=WRITE, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=READ, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=DESCRIBE_CONFIGS, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=DESCRIBE, permissionType=ALLOW)
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=audit.events.web.universe.main.dev, patternType=LITERAL)`:
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=READ, permissionType=ALLOW)
Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=audit.events.web.universe.main.dev, patternType=LITERAL)`:
(principal=User:*, host=*, operation=ALTER, permissionType=DENY)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=READ, permissionType=ALLOW)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=DESCRIBE_CONFIGS, permissionType=ALLOW)
(principal=User:*, host=*, operation=DELETE, permissionType=DENY)
(principal=User:audit-producer-web-universe-main-dev, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:audit-producer-web-universe-main-dev, host=*, operation=WRITE, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=READ, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=DESCRIBE_CONFIGS, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=DESCRIBE, permissionType=ALLOW)
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=audit.events.web.universe.main.dev, patternType=LITERAL)`:
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=DESCRIBE_CONFIGS, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=DESCRIBE_CONFIGS, permissionType=ALLOW)
Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=audit.events.web.universe.main.dev, patternType=LITERAL)`:
(principal=User:*, host=*, operation=ALTER, permissionType=DENY)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=READ, permissionType=ALLOW)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=DESCRIBE_CONFIGS, permissionType=ALLOW)
(principal=User:*, host=*, operation=DELETE, permissionType=DENY)
(principal=User:audit-producer-web-universe-main-dev, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:audit-producer-web-universe-main-dev, host=*, operation=WRITE, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=READ, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=DESCRIBE_CONFIGS, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=DESCRIBE, permissionType=ALLOW)
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=audit.events.web.universe.main.dev, patternType=LITERAL)`:
(principal=User:*, host=*, operation=DELETE, permissionType=DENY)
(principal=User:*, host=*, operation=ALTER, permissionType=DENY)
Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=audit.events.web.universe.main.dev, patternType=LITERAL)`:
(principal=User:*, host=*, operation=ALTER, permissionType=DENY)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=READ, permissionType=ALLOW)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:CN=kafka-client-web-universe-main-dev,OU=Kafka Client,O=FastOrder,C=AE, host=*, operation=DESCRIBE_CONFIGS, permissionType=ALLOW)
(principal=User:*, host=*, operation=DELETE, permissionType=DENY)
(principal=User:audit-producer-web-universe-main-dev, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:audit-producer-web-universe-main-dev, host=*, operation=WRITE, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=READ, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=DESCRIBE_CONFIGS, permissionType=ALLOW)
(principal=User:C=AE,O=FastOrder,OU=Kafka Client,CN=kafka-client-web-universe-main-dev, host=*, operation=DESCRIBE, permissionType=ALLOW)
[0;32m[OK][0m β
ACLs configured (producer: write-only, sinks: read-only, immutability: protected)
[0;34m[INFO][0m Storing audit producer credentials in AWS Secrets Manager...
{
"ARN": "arn:aws:secretsmanager:me-central-1:464621692046:secret:fastorder/eventbus/web/universe/main/dev/kafka/audit/producer-X3Fpzs",
"Name": "fastorder/eventbus/web/universe/main/dev/kafka/audit/producer",
"VersionId": "4fdb9c67-c79a-47cc-b861-6433da65f6ef"
}
[0;32m[OK][0m β
Credentials stored in: fastorder/eventbus/web/universe/main/dev/kafka/audit/producer
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Configuring S3 Sink for Audit Cold Storage
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
PRE audit/
[0;34m[INFO][0m S3 staging bucket exists: fastorder-audit-staging
[0;34m[INFO][0m Data flow: Kafka β fastorder-audit-staging β (replication) β fastorder-audit-immutable
[0;34m[INFO][0m Updating existing S3 sink connector...
{"name":"audit-s3-sink-web_universe_main_dev","config":{"connector.class":"io.confluent.connect.s3.S3SinkConnector","tasks.max":"1","topics":"audit.events.web.universe.main.dev","topics.dir":"audit/web-universe-main-dev","s3.bucket.name":"fastorder-audit-staging","s3.region":"me-central-1","s3.part.size":"5242880","flush.size":"1000","rotate.interval.ms":"3600000","rotate.schedule.interval.ms":"86400000","storage.class":"io.confluent.connect.s3.storage.S3Storage","format.class":"io.confluent.connect.s3.format.json.JsonFormat","partitioner.class":"io.confluent.connect.storage.partitioner.TimeBasedPartitioner","path.format":"'year'=YYYY/'month'=MM/'day'=dd/'hour'=HH","partition.duration.ms":"3600000","locale":"en-US","timezone":"UTC","timestamp.extractor":"Record","key.converter":"org.apache.kafka.connect.json.JsonConverter","value.converter":"org.apache.kafka.connect.json.JsonConverter","key.converter.schemas.enable":"false","value.converter.schemas.enable":"false","behavior.on.null.values":"ignore","errors.tolerance":"all","errors.log.enable":"true","errors.log.include.messages":"true","name":"audit-s3-sink-web_universe_main_dev"},"tasks":[{"connector":"audit-s3-sink-web_universe_main_dev","task":0}],"type":"sink"}[0;32m[OK][0m β
S3 Sink connector configured for audit cold storage
[0;34m[INFO][0m Staging Bucket: fastorder-audit-staging (Kafka Connect writes here)
[0;34m[INFO][0m Immutable Bucket: fastorder-audit-immutable (via S3 Replication)
[0;34m[INFO][0m Path: audit/web-universe-main-dev/
[0;34m[INFO][0m Final Retention: WORM-enabled (Object Lock COMPLIANCE mode, 1-year)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32m[OK][0m β
Kafka Audit Topic Created Successfully
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Topic: audit.events.web.universe.main.dev
[0;34m[INFO][0m Partitions: 3
[0;34m[INFO][0m Replication Factor: 1
[0;34m[INFO][0m Retention: 90 days
[0;34m[INFO][0m Producer: audit-producer-web-universe-main-dev (write-only)
[0;34m[INFO][0m Application Integration:
[0;34m[INFO][0m - Use credentials from: fastorder/eventbus/web/universe/main/dev/kafka/audit/producer
[0;34m[INFO][0m - Connect to: eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com:9092
[0;34m[INFO][0m - Produce to: audit.events.web.universe.main.dev
[0;34m[INFO][0m - Security: SASL_SSL (SCRAM-SHA-512)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m π PCI-DSS Compliance Status
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m
[0;34m[INFO][0m β
Kafka Hot Storage: 90 days (meets PCI-DSS 3-month immediate access)
[0;34m[INFO][0m β
ACL Authorization: deny-by-default (allow.everyone.if.no.acl.found=false)
[0;34m[INFO][0m β
Immutability: DENY DELETE/ALTER on audit topic
[0;34m[INFO][0m β
S3 Cold Storage: fastorder-audit-immutable (Object Lock COMPLIANCE, 1-year)
[0;34m[INFO][0m
[0;34m[INFO][0m S3 Audit Storage:
[0;34m[INFO][0m Bucket: s3://fastorder-audit-staging
[0;34m[INFO][0m Path: audit/web-universe-main-dev/
[0;34m[INFO][0m Object Lock: COMPLIANCE mode, 1-year retention
[0;34m[INFO][0m Immutability: Objects cannot be deleted or modified for 1 year
[0;34m[INFO][0m
[0;34m[INFO][0m Verify compliance with:
[0;34m[INFO][0m bash 04-eventbus/engine/kafka/steps/11-audit-compliance-check.sh
[0;34m[INFO][0m
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m π AWS Roles Anywhere - Credential Refresh Setup
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m
[0;34m[INFO][0m For S3 sink to write to S3, Kafka Connect needs AWS credentials.
[0;34m[INFO][0m Use IAM Roles Anywhere with systemd timer for automatic refresh.
[0;34m[INFO][0m
[0;34m[INFO][0m Required files:
[0;34m[INFO][0m Certificate: /etc/fastorder/rolesanywhere/client-bundle.crt
[0;34m[INFO][0m Private Key: /etc/fastorder/rolesanywhere/client.key
[0;34m[INFO][0m Helper: /usr/local/bin/aws_signing_helper
[0;34m[INFO][0m
[0;34m[INFO][0m Systemd timer: kafka-aws-credential-refresh.timer
[0;34m[INFO][0m Runs every 30 minutes to refresh credentials to /var/lib/kafka/.aws/credentials
[0;34m[INFO][0m
[0;34m[INFO][0m Verify timer is active:
[0;34m[INFO][0m systemctl status kafka-aws-credential-refresh.timer
[0;34m[INFO][0m
[0;34m[INFO][0m Documentation: https://docs.aws.amazon.com/rolesanywhere/latest/userguide/
[0;32m[OK][0m β
Step 6 completed: 05-create-audit-topic.sh
[0;34m[INFO][0m π¦ Step 7/13: setup backups...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Kafka Backup Configuration
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Environment: web-universe-main-dev
π Configuring AWS credentials...
β
Using permanent AWS credentials from /home/ab/.aws/credentials
[0;34m[INFO][0m 1οΈβ£ Creating S3 bucket for Kafka backups...
make_bucket failed: s3://fastorder-kafka-backups-web-universe-main-dev An error occurred (AccessDenied) when calling the CreateBucket operation: User: arn:aws:iam::464621692046:user/fo-dev is not authorized to perform: s3:CreateBucket on resource: "arn:aws:s3:::fastorder-kafka-backups-web-universe-main-dev" because no identity-based policy allows the s3:CreateBucket action
An error occurred (NoSuchBucket) when calling the PutBucketVersioning operation: The specified bucket does not exist
Parameter validation failed:
Unknown parameter in LifecycleConfiguration.Rules[0]: "Id", must be one of: Expiration, ID, Prefix, Filter, Status, Transitions, NoncurrentVersionTransitions, NoncurrentVersionExpiration, AbortIncompleteMultipartUpload
[0;32m[OK][0m β
S3 bucket created: fastorder-kafka-backups-web-universe-main-dev
[0;34m[INFO][0m 2οΈβ£ Creating local backup directory...
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48358 ACTION=fsop ARGS=mkdir -p /var/backups/kafka/web-universe-main-dev
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48367 ACTION=fsop ARGS=mkdir -p /var/backups/kafka/web-universe-main-dev/topics
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48378 ACTION=fsop ARGS=mkdir -p /var/backups/kafka/web-universe-main-dev/metadata
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48387 ACTION=fsop ARGS=mkdir -p /var/log/kafka/backups
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48397 ACTION=fsop ARGS=chown -R kafka:kafka /var/backups/kafka/web-universe-main-dev
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48419 ACTION=fsop ARGS=chmod 750 /var/backups/kafka/web-universe-main-dev
[0;32m[OK][0m β
Local backup directory created
[0;34m[INFO][0m 3οΈβ£ Creating topic backup script...
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48437 ACTION=fsop ARGS=sed -i s|__ENV_ID__|web-universe-main-dev|g /usr/local/bin/kafka-backup-web-universe-main-dev.sh
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48446 ACTION=fsop ARGS=sed -i s|__KAFKA_BROKER__|eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com:9092|g /usr/local/bin/kafka-backup-web-universe-main-dev.sh
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48455 ACTION=fsop ARGS=sed -i s|__BACKUP_DIR__|/var/backups/kafka/web-universe-main-dev|g /usr/local/bin/kafka-backup-web-universe-main-dev.sh
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48464 ACTION=fsop ARGS=sed -i s|__S3_BUCKET__|fastorder-kafka-backups-web-universe-main-dev|g /usr/local/bin/kafka-backup-web-universe-main-dev.sh
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48473 ACTION=fsop ARGS=sed -i s|__S3_REGION__|me-central-1|g /usr/local/bin/kafka-backup-web-universe-main-dev.sh
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48482 ACTION=fsop ARGS=chmod 750 /usr/local/bin/kafka-backup-web-universe-main-dev.sh
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48491 ACTION=fsop ARGS=chown root:kafka /usr/local/bin/kafka-backup-web-universe-main-dev.sh
[0;32m[OK][0m β
Backup script created: /usr/local/bin/kafka-backup-web-universe-main-dev.sh
[0;34m[INFO][0m 4οΈβ£ Setting up cron jobs for automated backups...
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48509 ACTION=fsop ARGS=chmod 644 /etc/cron.d/kafka-backups-web-universe-main-dev
[0;32m[OK][0m β
Cron job configured: Daily backups at 2:00 AM
[0;34m[INFO][0m 5οΈβ£ Creating restore documentation...
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48530 ACTION=fsop ARGS=sed -i s|__S3_BUCKET__|fastorder-kafka-backups-web-universe-main-dev|g /var/backups/kafka/web-universe-main-dev/RESTORE_INSTRUCTIONS.md
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48539 ACTION=fsop ARGS=sed -i s|__S3_REGION__|me-central-1|g /var/backups/kafka/web-universe-main-dev/RESTORE_INSTRUCTIONS.md
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48548 ACTION=fsop ARGS=sed -i s|__KAFKA_BROKER__|eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com|g /var/backups/kafka/web-universe-main-dev/RESTORE_INSTRUCTIONS.md
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48557 ACTION=fsop ARGS=chmod 644 /var/backups/kafka/web-universe-main-dev/RESTORE_INSTRUCTIONS.md
[2026-02-05 06:52:09 UTC] USER=www-data EUID=0 PID=48568 ACTION=fsop ARGS=chown kafka:kafka /var/backups/kafka/web-universe-main-dev/RESTORE_INSTRUCTIONS.md
[0;32m[OK][0m β
Restore documentation created: /var/backups/kafka/web-universe-main-dev/RESTORE_INSTRUCTIONS.md
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32m[OK][0m β
Kafka Backup Configured
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m S3 Bucket: fastorder-kafka-backups-web-universe-main-dev
[0;34m[INFO][0m Region: me-central-1
[0;34m[INFO][0m Local backup dir: /var/backups/kafka/web-universe-main-dev
[0;34m[INFO][0m Schedule: Daily at 2:00 AM
[0;34m[INFO][0m Script: /usr/local/bin/kafka-backup-web-universe-main-dev.sh
[0;34m[INFO][0m Restore docs: /var/backups/kafka/web-universe-main-dev/RESTORE_INSTRUCTIONS.md
[1;33m[WARN][0m β οΈ Note: This backs up Kafka metadata only (topics, configs, offsets)
[1;33m[WARN][0m For full message data backup, configure Kafka Connect S3 Sink
[0;32m[OK][0m β
Step 7 completed: 06-setup-backups.sh
[0;34m[INFO][0m π¦ Step 8/13: monitoring setup...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] π Kafka Monitoring Integration for web-universe-main-dev
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] 1οΈβ£ Checking observability cell readiness...
[INFO] Checking observability cell readiness: obs-web-universe-main-dev
[1;32m[OK][0m Observability cell endpoints registered for web-universe-main-dev
[1;32m[OK][0m β Observability cell is ready
[INFO] 2οΈβ£ Setting up Kafka JMX exporter integration...
[INFO] JMX Exporter port calculated for web-universe-main-dev: 9362 (offset: 54)
[INFO] Checking observability cell readiness: obs-web-universe-main-dev
[1;32m[OK][0m Observability cell endpoints registered for web-universe-main-dev
[INFO] Setting up Kafka JMX exporter for web-universe-main-dev
[INFO] JMX Prometheus Java Agent already exists at /opt/kafka/libs/jmx_prometheus_javaagent.jar
[2026-02-05 06:52:10 UTC] USER=www-data EUID=0 PID=48613 ACTION=passthru ARGS=mv /tmp/jmx_exporter.yml /opt/kafka/config/jmx_exporter.yml
[2026-02-05 06:52:10 UTC] USER=www-data EUID=0 PID=48630 ACTION=passthru ARGS=chmod 644 /opt/kafka/config/jmx_exporter.yml
[1;32m[OK][0m JMX exporter configuration created at /opt/kafka/config/jmx_exporter.yml
[1;32m[OK][0m JMX exporter configuration created
[INFO] Configuring Kafka systemd services to use JMX exporter...
[2026-02-05 06:52:10 UTC] USER=www-data EUID=0 PID=48660 ACTION=fsop ARGS=test -f /etc/systemd/system/[2026-02-05
[INFO] All Kafka services already configured with JMX exporter
[1;32m[OK][0m Kafka JMX exporter integration complete
[INFO] Metrics endpoint: http://142.93.238.16:9362/metrics
[INFO] Prometheus will automatically scrape: https://metrics-web-universe-main-dev.fastorder.com:9090
[INFO] View dashboards at: https://dashboards-web-universe-main-dev.fastorder.com
[1;32m[OK][0m β Kafka JMX exporter integration complete
[INFO] Configuring KAFKA_OPTS environment variable for kafka user...
[2026-02-05 06:52:10 UTC] USER=www-data EUID=0 PID=48704 ACTION=passthru ARGS=sed -i /export KAFKA_OPTS=.*jmx_prometheus_javaagent/d /home/kafka/.bashrc
[ERROR] No passwordless sudo and wrapper does not allow 'bash'. Run as root or extend wrapper.
[1;32m[OK][0m β KAFKA_OPTS configured in /home/kafka/.bashrc (port 9362)
[INFO] 2.5οΈβ£ Enabling JMX exporter in Kafka systemd service...
[2026-02-05 06:52:10 UTC] USER=www-data EUID=0 PID=48738 ACTION=passthru ARGS=grep -q javaagent.*jmx_prometheus_javaagent /etc/systemd/system/confluent-kraft-web-universe-main-dev_coordinator.service
[INFO] Updating confluent-kraft-web-universe-main-dev_coordinator.service to enable JMX exporter...
[2026-02-05 06:52:11 UTC] USER=www-data EUID=0 PID=48759 ACTION=passthru ARGS=sed -i s|^Environment=KAFKA_OPTS=.*|Environment=KAFKA_OPTS=-javaagent:/opt/kafka/libs/jmx_prometheus_javaagent.jar=9362:/opt/kafka/config/jmx_exporter.yml| /etc/systemd/system/confluent-kraft-web-universe-main-dev_coordinator.service
[1;32m[OK][0m β Updated confluent-kraft-web-universe-main-dev_coordinator.service
[INFO] Reloading systemd daemon and restarting Kafka services...
[2026-02-05 06:52:11 UTC] USER=www-data EUID=0 PID=48780 ACTION=passthru ARGS=systemctl daemon-reload
[2026-02-05 06:52:11 UTC] USER=www-data EUID=0 PID=48862 ACTION=passthru ARGS=systemctl is-active --quiet confluent-kraft-web-universe-main-dev_coordinator
[INFO] Restarting confluent-kraft-web-universe-main-dev_coordinator...
[2026-02-05 06:52:11 UTC] USER=www-data EUID=0 PID=48897 ACTION=passthru ARGS=systemctl restart confluent-kraft-web-universe-main-dev_coordinator
[1;32m[OK][0m β confluent-kraft-web-universe-main-dev_coordinator restarted successfully
[1;32m[OK][0m β JMX exporter enabled in Kafka systemd services
[INFO] 2.6οΈβ£ Configuring Prometheus to scrape Kafka metrics...
[2026-02-05 06:52:17 UTC] USER=www-data EUID=0 PID=49546 ACTION=passthru ARGS=grep -q job_name: 'kafka' /etc/prometheus/obs-web-universe-main-dev/prometheus.yml
[INFO] Adding Kafka scrape target to Prometheus configuration...
[ERROR] No passwordless sudo and wrapper does not allow 'bash'. Run as root or extend wrapper.
[2026-02-05 06:52:17 UTC] USER=www-data EUID=0 PID=49580 ACTION=passthru ARGS=sed -i /# Prometheus self-monitoring/r /tmp/prometheus_kafka_add.yml /etc/prometheus/obs-web-universe-main-dev/prometheus.yml
[ERROR] Invalid Prometheus configuration - rolling back
[2026-02-05 06:52:17 UTC] USER=www-data EUID=0 PID=49628 ACTION=passthru ARGS=sed -i /job_name: 'kafka'/,+6d /etc/prometheus/obs-web-universe-main-dev/prometheus.yml
[2026-02-05 06:52:17 UTC] USER=www-data EUID=0 PID=49657 ACTION=fsop ARGS=rm -f /tmp/prometheus_kafka_add.yml
[INFO] 3οΈβ£ Registering Kafka nodes to monitoring database...
[INFO] Detected Kafka version: 3.9.1
[INFO] Registering Kafka Broker to monitoring dashboard...
[INFO] Detected 4-part identifier format
[INFO] Registering node via API
[INFO] Application: Kafka Broker
[INFO] Identifier: web-universe-main-dev-broker-01
[INFO] Identifier Parent: cluster
[INFO] IP: 142.93.238.16
[INFO] Port: 9092
[INFO] FQDN: eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com
[INFO] Status: running
[INFO] Environment: web-universe-main-dev (service=web, zone=universe, branch=main, env=dev)
[INFO] Calling registration API: https://skeleton.dev.fastorder.com/api/obs/register
[SUCCESS] =========================================
[SUCCESS] Node registered successfully via API!
[SUCCESS] =========================================
[SUCCESS] Node UUID: 0fe22eef-a876-408e-9099-f79ee8d192b7
[SUCCESS] Environment UUID: b9b5805b-8033-4d13-b5de-5df5c0dd562b
[SUCCESS] Dashboard: https:\/\/skeleton.dev.fastorder.com\/dashboard\/monitoring\/environment\/b9b5805b-8033-4d13-b5de-5df5c0dd562b
[1;32m[OK][0m β Kafka broker registered
[INFO] Registering Kafka Connect to monitoring dashboard...
[INFO] Detected 4-part identifier format
[INFO] Registering node via API
[INFO] Application: Kafka Connect
[INFO] Identifier: web-universe-main-dev-connect-01
[INFO] Identifier Parent: cluster
[INFO] IP: 142.93.238.16
[INFO] Port: 8083
[INFO] FQDN: eventbus-web-universe-main-dev-kafka-connect.fastorder.com
[INFO] Status: running
[INFO] Environment: web-universe-main-dev (service=web, zone=universe, branch=main, env=dev)
[INFO] Calling registration API: https://skeleton.dev.fastorder.com/api/obs/register
[SUCCESS] =========================================
[SUCCESS] Node registered successfully via API!
[SUCCESS] =========================================
[SUCCESS] Node UUID: 269c6f12-e045-4268-8bc4-73c5e936d212
[SUCCESS] Environment UUID: b9b5805b-8033-4d13-b5de-5df5c0dd562b
[SUCCESS] Dashboard: https:\/\/skeleton.dev.fastorder.com\/dashboard\/monitoring\/environment\/b9b5805b-8033-4d13-b5de-5df5c0dd562b
[1;32m[OK][0m β Kafka Connect registered
[INFO] Schema Registry not running, skipping registration
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] β
Kafka Monitoring Setup Complete
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Metrics: http://localhost:9362/metrics
[INFO] Prometheus: https://metrics-web-universe-main-dev.fastorder.com:9090
[INFO] Grafana: https://dashboards-web-universe-main-dev.fastorder.com
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32m[OK][0m β
Step 8 completed: 10-monitoring-setup.sh
[0;34m[INFO][0m π¦ Step 9/13: audit compliance check...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[1mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[1m KAFKA AUDIT COMPLIANCE DASHBOARD - PCI-DSS Verification[0m
[1m Environment: web-universe-main-dev[0m
[1m Timestamp: 2026-02-05 06:52:24 UTC[0m
[1mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[1m[1/5] Kafka Deny-by-Default ACL Posture[0m
Requirement: allow.everyone.if.no.acl.found=false
[0;32mPASS[0m Deny-by-default is ENABLED (allow.everyone.if.no.acl.found=false)
[1m[2/5] Audit Topic Hot Retention (90 days)[0m
Requirement: retention.ms >= 7776000000 (90 days)
[0;32mPASS[0m Retention is 90 days (7776000000 ms)
[1m[3/5] Kafka Connect S3 Sink Status[0m
Requirement: Connector and all tasks RUNNING
[0;31mFAIL[0m Connector RUNNING but tasks FAILED: FAILED
[1m[4/5] S3 Freshness Evidence[0m
Requirement: Newest object < 120 minutes old
[1;33mWARN[0m No objects found in s3://fastorder-audit-immutable/audit/web-universe-main-dev/
This may be normal if no audit events have been generated yet
[1m[5/5] S3 Object Lock Immutability[0m
Requirement: COMPLIANCE mode with 1-year retention
[0;31mFAIL[0m Cannot verify Object Lock configuration - access denied
[1mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[1m COMPLIANCE SUMMARY[0m
[1mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;31m[1mCOMPLIANCE ISSUES DETECTED[0m
Passed: 2/5
Failed: 3/5
Review failed checks above and remediate.
[1mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;32m[OK][0m β
Step 9 completed: 11-audit-compliance-check.sh
[0;34m[INFO][0m π¦ Step 10/13: audit canary test...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[1mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[1m KAFKA AUDIT CANARY TEST - End-to-End Verification[0m
[1m Environment: web-universe-main-dev[0m
[1m Canary ID: canary-1770274357-51294[0m
[1mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[1m[Step 1/4] Producing canary audit event to Kafka[0m
Topic: audit.events.web.universe.main.dev
Event: canary-1770274357-51294
[0;31mFailed to produce event[0m
[1;33m(Topic may not exist yet - normal during initial setup)[0m
[0;32m[OK][0m β
Step 10 completed: 12-audit-canary-test.sh
[0;34m[INFO][0m π¦ Step 11/13: setup audit s3 staging...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Kafka Audit S3 Staging + Replication Setup
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Staging Bucket: fastorder-audit-staging
Immutable Bucket: fastorder-audit-immutable
Region: me-central-1
Environment: --auto
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] 1οΈβ£ Checking AWS credentials...
[WARN] No AWS credentials found - skipping S3 staging setup
To configure S3 audit storage later, add credentials to /home/ab/.aws/credentials:
[admin]
aws_access_key_id = AKIA...
aws_secret_access_key = ...
Then run: AWS_PROFILE=admin /opt/fastorder/bash/scripts/env_app_setup/setup/04-eventbus/engine/kafka/steps/13-setup-audit-s3-staging.sh --auto
[0;32m[OK][0m β
Step 11 completed: 13-setup-audit-s3-staging.sh
[0;34m[INFO][0m π¦ Step 12/13: install ksqldb...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βββββββββββββββββββββββββββββββββββββββ
ksqlDB Installation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Identifier: --auto
βββββββββββββββββββββββββββββββββββββββ
VM_IP: 10.100.1.242
FQDN: eventbus-web-universe-main-dev-ksqldb---auto.fastorder.com
π¦ Step 1: Checking Confluent Platform installation...
β
ksqlDB already installed (version: )
π Step 2: Creating directories...
[2026-02-05 06:52:47 UTC] USER=www-data EUID=0 PID=52090 ACTION=fsop ARGS=mkdir -p /var/lib/ksqldb/web-universe-main-dev/--auto
[2026-02-05 06:52:47 UTC] USER=www-data EUID=0 PID=52111 ACTION=fsop ARGS=mkdir -p /var/log/ksqldb/web-universe-main-dev/--auto
[2026-02-05 06:52:47 UTC] USER=www-data EUID=0 PID=52132 ACTION=fsop ARGS=mkdir -p /etc/ksqldb/web-universe-main-dev/--auto
[2026-02-05 06:52:47 UTC] USER=www-data EUID=0 PID=52169 ACTION=fsop ARGS=chown -R kafka:kafka /var/lib/ksqldb/web-universe-main-dev/--auto /var/log/ksqldb/web-universe-main-dev/--auto /etc/ksqldb/web-universe-main-dev/--auto
β
Directories created
βοΈ Step 3: Generating ksqlDB configuration...
[2026-02-05 06:52:47 UTC] USER=www-data EUID=0 PID=52193 ACTION=fsop ARGS=mv /tmp/ksql-server-web-universe-main-dev.properties /etc/ksqldb/web-universe-main-dev/--auto/ksql-server.properties
[2026-02-05 06:52:47 UTC] USER=www-data EUID=0 PID=52214 ACTION=fsop ARGS=chown kafka:kafka /etc/ksqldb/web-universe-main-dev/--auto/ksql-server.properties
[2026-02-05 06:52:47 UTC] USER=www-data EUID=0 PID=52236 ACTION=fsop ARGS=chmod 640 /etc/ksqldb/web-universe-main-dev/--auto/ksql-server.properties
β
Configuration generated: /etc/ksqldb/web-universe-main-dev/--auto/ksql-server.properties
π§ Step 4: Creating systemd service...
[2026-02-05 06:52:48 UTC] USER=www-data EUID=0 PID=52258 ACTION=fsop ARGS=mv /tmp/ksqldb-web-universe-main-dev---auto.service /etc/systemd/system/ksqldb-web-universe-main-dev---auto.service
[2026-02-05 06:52:48 UTC] USER=www-data EUID=0 PID=52279 ACTION=passthru ARGS=systemctl daemon-reload
[2026-02-05 06:52:48 UTC] USER=www-data EUID=0 PID=52340 ACTION=passthru ARGS=systemctl enable ksqldb-web-universe-main-dev---auto.service
β
Systemd service created: ksqldb-web-universe-main-dev---auto.service
π Step 5: Starting ksqlDB service...
π Checking Kafka broker connectivity...
β
Kafka broker is accessible
[2026-02-05 06:52:49 UTC] USER=www-data EUID=0 PID=52424 ACTION=passthru ARGS=systemctl start ksqldb-web-universe-main-dev---auto.service
β
ksqlDB service started
β³ Waiting for ksqlDB to be ready...
..............................
π Step 6: Verifying installation...
π Service Status:
[2026-02-05 06:53:52 UTC] USER=www-data EUID=0 PID=54613 ACTION=passthru ARGS=systemctl status ksqldb-web-universe-main-dev---auto.service --no-pager -l
β ksqldb-web-universe-main-dev---auto.service - ksqlDB Server (web-universe-main-dev --auto)
Loaded: loaded (/etc/systemd/system/ksqldb-web-universe-main-dev---auto.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2026-02-05 06:53:49 UTC; 3s ago
Docs: https://docs.ksqldb.io/
Main PID: 54483 (java)
Tasks: 25 (limit: 19051)
Memory: 229.6M
CPU: 4.950s
CGroup: /system.slice/ksqldb-web-universe-main-dev---auto.service
ββ54483 java -cp "/usr/share/java/ksqldb/*:/usr/share/java/rest-utils/*:/usr/share/java/confluent-common/*:" -Xms256m -Xmx512m -server -XX:+UseG1GC -XX:+ExplicitGCInvokesConcurrent -XX:NewRatio=1 -Djava.awt.headless=true -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dksql.log.dir=/var/log/ksqldb/web-universe-main-dev/--auto -Dlog4j.configuration=file:/etc/ksqldb/log4j.properties -Dksql.server.install.dir=/usr "-Xlog:gc*:file=/var/log/ksqldb/web-universe-main-dev/--auto/ksql-server-gc.log:time,tags:filecount=10,filesize=102400" io.confluent.ksql.rest.server.KsqlServerMain /etc/ksqldb/web-universe-main-dev/--auto/ksql-server.properties
Feb 05 06:53:52 web-03 ksql-server-start[54483]: [2026-02-05 06:53:52,679] INFO Adding function len for method public java.lang.Integer io.confluent.ksql.function.udf.string.Len.len(java.lang.String) (io.confluent.ksql.function.UdfLoader:147)
Feb 05 06:53:52 web-03 ksql-server-start[54483]: [2026-02-05 06:53:52,679] INFO Adding function len for method public java.lang.Integer io.confluent.ksql.function.udf.string.Len.len(java.nio.ByteBuffer) (io.confluent.ksql.function.UdfLoader:147)
Feb 05 06:53:52 web-03 ksql-server-start[54483]: [2026-02-05 06:53:52,679] INFO Adding function md5 for method public java.lang.String io.confluent.ksql.function.udf.string.MD5.md5(java.lang.String) (io.confluent.ksql.function.UdfLoader:147)
π ksqlDB Info:
β οΈ ksqlDB not responding yet (may still be starting)
π‘ Step 7: Registering ksqlDB to Observability API...
π Registering ksqlDB node to observability dashboard...
[INFO] Detected 4-part identifier format
[INFO] Registering node via API
[INFO] Application: ksqlDB
[INFO] Identifier: web-universe-main-dev-ksqldb---auto
[INFO] Identifier Parent: eventbus
[INFO] IP: 10.100.1.242
[INFO] Port: 8088
[INFO] FQDN: eventbus-web-universe-main-dev-ksqldb---auto.fastorder.com
[INFO] Status: starting
[INFO] Environment: web-universe-main-dev (service=web, zone=universe, branch=main, env=dev)
[INFO] Calling registration API: https://skeleton.dev.fastorder.com/api/obs/register
[SUCCESS] =========================================
[SUCCESS] Node registered successfully via API!
[SUCCESS] =========================================
[SUCCESS] Node UUID: 959bfeea-5527-4a0f-84cb-9c8e8a9d7811
[SUCCESS] Environment UUID: b9b5805b-8033-4d13-b5de-5df5c0dd562b
[SUCCESS] Dashboard: https:\/\/skeleton.dev.fastorder.com\/dashboard\/monitoring\/environment\/b9b5805b-8033-4d13-b5de-5df5c0dd562b
β
ksqlDB registered successfully
βββββββββββββββββββββββββββββββββββββββ
ksqlDB Installation Complete
βββββββββββββββββββββββββββββββββββββββ
Service: ksqldb-web-universe-main-dev---auto
VM_IP: 10.100.1.242
FQDN: eventbus-web-universe-main-dev-ksqldb---auto.fastorder.com
Port: 8088
Config: /etc/ksqldb/web-universe-main-dev/--auto/ksql-server.properties
Data: /var/lib/ksqldb/web-universe-main-dev/--auto
Logs: /var/log/ksqldb/web-universe-main-dev/--auto
Dashboard:
https://skeleton.dev.fastorder.com/dashboard/monitoring/environment2/<env-id>/service/ksqldb
CLI Access (with SSL):
ksql --ssl https://eventbus-web-universe-main-dev-ksqldb---auto.fastorder.com:8088
REST API (HTTPS):
curl -k https://eventbus-web-universe-main-dev-ksqldb---auto.fastorder.com:8088/info
curl -k https://eventbus-web-universe-main-dev-ksqldb---auto.fastorder.com:8088/ksql -H 'Content-Type: application/vnd.ksql.v1+json' -d '{"ksql": "SHOW STREAMS;"}'
βββββββββββββββββββββββββββββββββββββββ
[0;32m[OK][0m β
Step 12 completed: 20-install-ksqldb.sh
[0;34m[INFO][0m π¦ Step 13/13: update www data certs...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
π Post-Kafka Setup: Updating www-data Kafka certificates...
Environment: web-universe-main-dev
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
β Kafka certificates found
β www-data user exists
[2026-02-05 06:53:53 UTC] USER=www-data EUID=0 PID=54707 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:53:53 UTC] USER=www-data EUID=0 PID=54716 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:53:53 UTC] USER=www-data EUID=0 PID=54725 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:53:53 UTC] USER=www-data EUID=0 PID=54734 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:53:53 UTC] USER=www-data EUID=0 PID=54744 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:53:53 UTC] USER=www-data EUID=0 PID=54757 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:53:54 UTC] USER=www-data EUID=0 PID=54769 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:53:54 UTC] USER=www-data EUID=0 PID=54778 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
β
Kafka certificate symlinks created for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β Post-Kafka setup complete
[0;32m[OK][0m β
Step 13 completed: 99-update-www-data-certs.sh
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32m[OK][0m β
Kafka setup completed successfully!
[0;32m[OK][0m Executed all 13 steps
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Environment: web-universe-main-dev
[0;34m[INFO][0m Service: web
[0;34m[INFO][0m Zone: universe
[0;34m[INFO][0m Branch: main
[0;34m[INFO][0m Env: dev
[0;34m[INFO][0m Registering Kafka nodes via API...
[INFO] Detected 4-part identifier format
[INFO] Registering node via API
[INFO] Application: Kafka
[INFO] Identifier: web-universe-main-dev_coordinator
[INFO] Identifier Parent: coordinator
[INFO] IP: 10.100.1.225
[INFO] Port: 9092
[INFO] FQDN: eventbus-web-universe-main-dev-kafka-broker-01.fastorder.com
[INFO] Status: running
[INFO] Environment: web-universe-main-dev (service=web, zone=universe, branch=main, env=dev)
[INFO] Calling registration API: https://skeleton.dev.fastorder.com/api/obs/register
[SUCCESS] =========================================
[SUCCESS] Node registered successfully via API!
[SUCCESS] =========================================
[SUCCESS] Node UUID: 556513cd-577f-4835-837d-7f8a97c24183
[SUCCESS] Environment UUID: b9b5805b-8033-4d13-b5de-5df5c0dd562b
[SUCCESS] Dashboard: https:\/\/skeleton.dev.fastorder.com\/dashboard\/monitoring\/environment\/b9b5805b-8033-4d13-b5de-5df5c0dd562b
[INFO] Detected 4-part identifier format
[INFO] Registering node via API
[INFO] Application: Kafka Connect
[INFO] Identifier: web-universe-main-dev_coordinator
[INFO] Identifier Parent: coordinator
[INFO] IP: 10.100.1.75
[INFO] Port: 8083
[INFO] FQDN: eventbus-web-universe-main-dev-kafka-connect.fastorder.com
[INFO] Status: running
[INFO] Environment: web-universe-main-dev (service=web, zone=universe, branch=main, env=dev)
[INFO] Calling registration API: https://skeleton.dev.fastorder.com/api/obs/register
[SUCCESS] =========================================
[SUCCESS] Node registered successfully via API!
[SUCCESS] =========================================
[SUCCESS] Node UUID: 832e2b3d-94f8-4caf-9464-57bb9914f0a8
[SUCCESS] Environment UUID: b9b5805b-8033-4d13-b5de-5df5c0dd562b
[SUCCESS] Dashboard: https:\/\/skeleton.dev.fastorder.com\/dashboard\/monitoring\/environment\/b9b5805b-8033-4d13-b5de-5df5c0dd562b
[0;32m[OK][0m β Kafka node registration completed
[0;34m[INFO][0m Setting up Kafka observability integration...
[0;34m[INFO][0m Checking observability cell readiness: obs-web-universe-main-dev
[0;32m[OK][0m Observability cell endpoints registered for web-universe-main-dev
[0;34m[INFO][0m Observability cell verified for web-universe-main-dev
[0;34m[INFO][0m Monitoring will be configured after Kafka deployment (step 10-monitoring-setup.sh)
[0;34m[INFO][0m Cleaning up temporary files...
[INFO] Starting cleanup of temporary files...
[INFO] Cleaning up SSL temp files for web-universe-main-dev...
[INFO] Cleaning up old provisioning logs...
[INFO] Cleaning up old configuration backups...
[0;32m[OK][0m β Cleanup completed
[0;32mβ[0m β
Event bus infrastructure (kafka) setup completed successfully
[0;34m[INFO][0m Using database engine from DB_ENGINE environment variable: postgresql
[0;34m[INFO][0m Cleaning up any existing locks...
[0;32m[1mStarting database engine: postgresql[0m
[1;33mβββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34m[INFO][0m Using environment from web interface: web-universe-main-dev
[0;32m[2026-02-05 06:53:55][0m Using web-provided environment: web-universe-main-dev
[0;32m[2026-02-05 06:53:55][0m Service: web, Zone: universe, Branch: main, Env: dev
[0;32mβ[0m Environment initialized successfully (mode: general)
[0;34m[INFO][0m Checking observability cell readiness: obs-web-universe-main-dev
[1;32m[OK][0m Observability cell endpoints registered for web-universe-main-dev
[0;34m[INFO][0m Observability cell verified for web-universe-main-dev
[0;34m[INFO][0m Monitoring will be configured after PostgreSQL deployment (step 10-monitoring-setup.sh)
[0;34m[INFO][0m Citus mode ENABLED
[0;34m[INFO][0m β Coordinator + 1 worker(s) + 0 standby node(s) per worker
ββββββββββββββββββββββββββββββββββββββββββββββββββ
Setting up coordinator (Citus control plane)β¦
ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] π Initializing log directories...
[2026-02-05 06:53:56 UTC] USER=unknown EUID=33 PID=55023 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/metrics
[2026-02-05 06:53:56 UTC] USER=unknown EUID=33 PID=55029 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/audit
[2026-02-05 06:53:56 UTC] USER=unknown EUID=33 PID=55056 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/provisioning
[2026-02-05 06:53:56 UTC] USER=unknown EUID=33 PID=55067 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/metrics
[2026-02-05 06:53:56 UTC] USER=unknown EUID=33 PID=55075 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/audit
[2026-02-05 06:53:56 UTC] USER=unknown EUID=33 PID=55082 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/provisioning
/opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/01-install/run.sh: line 41: ok: command not found
[INFO] π’ Starting PostgreSQL provisioning for web in universe-dev...
[INFO] Environment: web-universe-main-dev
[INFO] Identifier: coordinator
[INFO] VM IP: 142.93.238.16
[DEBUG] RUN_UUID=2165e83b-e0a5-4ce6-a4eb-b16df968beed JOB_UUID=efe0ec43-7ab3-46f1-8e76-8fbbb09faeab
[DEBUG] Tracking substep start: steps/01-install/steps/00-configure-network-hosts (RUN_UUID=2165e83b-e0a5-4ce6-a4eb-b16df968beed)
[INFO] π¦ 00 configure network hosts...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CONFIGURING POSTGRESQL NETWORK & DNS
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Environment: web-universe-main-dev
[0;34m[INFO][0m Identifier: coordinator
[0;34m[INFO][0m PostgreSQL IP: 10.100.1.54
[0;34m[INFO][0m Primary hostname: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
[0;34m[INFO][0m Adding /etc/hosts entries for coordinator...
[0;34m[INFO][0m 1. db-web-universe-main-dev-postgresql.fastorder.com β 10.100.1.54 (primary/short)
[0;34m[INFO][0m 2. db-web-universe-main-dev-postgresql-coordinator.fastorder.com β 10.100.1.54 (compatibility)
[0;34m[INFO][0m β
db-web-universe-main-dev-postgresql.fastorder.com already exists with correct IP
[0;34m[INFO][0m β
db-web-universe-main-dev-postgresql-coordinator.fastorder.com already exists with correct IP
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ
[0m β
Network & DNS configuration complete
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Verifying /etc/hosts entries:
10.100.1.54 db-web-universe-main-dev-postgresql.fastorder.com
10.100.1.54 db-web-universe-main-dev-postgresql-coordinator.fastorder.com
[DEBUG] Tracking substep start: steps/01-install/steps/01-prepare-ssl-server-postgres (RUN_UUID=2165e83b-e0a5-4ce6-a4eb-b16df968beed)
[INFO] π¦ 01 prepare ssl server postgres...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βββββββββββββββββββββββββββββββββββββββββββββββββ
π¦ PostgreSQL Server Certificate Generation
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe (FastOrder Universe)
Branch: main
Env: dev
Node: coordinator
Primary CN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Alt CN: web-universe-main-dev.fastorder.com
Internal IP: 10.100.1.54 (from topology: db-coordinator-postgresql)
Shared IP: 142.93.238.16 (legacy/public, also included in SANs)
Coordinator variants:
- db-web-universe-main-dev-postgresql-coordinator-coordinator.fastorder.com
- db-universe-main-dev-postgresql-coordinator-coordinator.fastorder.com
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
Removing existing server certificates (preserving client certs)...
[2026-02-05 06:53:59 UTC] USER=www-data EUID=0 PID=55268 ACTION=fsop ARGS=rm -f /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
β
Ensuring directories exist: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator and /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Generating 4096-bit private key...
[2026-02-05 06:53:59 UTC] USER=www-data EUID=0 PID=55290 ACTION=fsop ARGS=chmod 755 /tmp/pg-cert-gen-55202
[2026-02-05 06:54:00 UTC] USER=www-data EUID=0 PID=55321 ACTION=fsop ARGS=chmod 644 /tmp/pg-cert-gen-55202/ra_root.crt
π Creating certificate signing request (CSR)...
π Signing certificate with internal CA...
Certificate request self-signature ok
subject=C = US, ST = Virginia, L = Ashburn, O = FastOrder, OU = PostgreSQL, CN = db-web-universe-main-dev-postgresql-coordinator.fastorder.com
[2026-02-05 06:54:05 UTC] USER=www-data EUID=0 PID=55545 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-55202/server.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
[2026-02-05 06:54:05 UTC] USER=www-data EUID=0 PID=55555 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-55202/server.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
π Setting up CA certificate...
[2026-02-05 06:54:05 UTC] USER=www-data EUID=0 PID=55576 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-55202/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:05 UTC] USER=www-data EUID=0 PID=55587 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:06 UTC] USER=www-data EUID=0 PID=55603 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:06 UTC] USER=www-data EUID=0 PID=55612 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt
β
Using CA certificate: /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt
π Setting up key in private directory...
Key already in correct location (CERT_DIR == KEY_DIR)
π Securing key and cert permissions...
[2026-02-05 06:54:06 UTC] USER=www-data EUID=0 PID=55623 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
[2026-02-05 06:54:06 UTC] USER=www-data EUID=0 PID=55632 ACTION=fsop ARGS=chmod 600 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
[2026-02-05 06:54:06 UTC] USER=www-data EUID=0 PID=55641 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
[2026-02-05 06:54:06 UTC] USER=www-data EUID=0 PID=55659 ACTION=fsop ARGS=chown root:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:06 UTC] USER=www-data EUID=0 PID=55668 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Verifying certificate...
Certificate details:
β οΈ Certificate chain verification: FAILED (but certificate may still work)
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
PostgreSQL Server Certificate Generated Successfully!
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Node: coordinator
Primary CN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Certificate files installed:
π Server cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
π Server key: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
ποΈ CA cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt (ca.crt symlink also available)
To use these certificates in PostgreSQL:
1. Update postgresql.conf:
ssl = on
ssl_cert_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt'
ssl_key_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key'
ssl_ca_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt'
2. Restart PostgreSQL:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl restart postgresql@web-universe-main-dev-coordinator.service
3. Test SSL connection:
psql "host=db-web-universe-main-dev-postgresql-coordinator.fastorder.com port=5432 user=postgres sslmode=verify-full"
βββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: postgres
Identifier: coordinator
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: coordinator
User (CN): postgres
Hostname: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55737 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-coordinator-postgres
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55747 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-coordinator-postgres/ra_root.crt
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55756 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-coordinator-postgres/ra_root.key
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55770 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-postgres/ra_root.crt
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55779 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-postgres/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = postgres
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55803 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55812 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55821 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55830 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55839 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55848 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55858 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55867 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55885 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55897 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55906 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55921 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:54:07 UTC] USER=www-data EUID=0 PID=55930 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:54:08 UTC] USER=www-data EUID=0 PID=55940 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:54:08 UTC] USER=www-data EUID=0 PID=55955 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:54:08 UTC] USER=www-data EUID=0 PID=55965 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:08 UTC] USER=www-data EUID=0 PID=55976 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:08 UTC] USER=www-data EUID=0 PID=56003 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:08 UTC] USER=www-data EUID=0 PID=56012 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:08 UTC] USER=www-data EUID=0 PID=56021 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:08 UTC] USER=www-data EUID=0 PID=56030 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:08 UTC] USER=www-data EUID=0 PID=56040 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:08 UTC] USER=www-data EUID=0 PID=56050 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:54:08 UTC] USER=www-data EUID=0 PID=56060 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:54:08 UTC] USER=www-data EUID=0 PID=56069 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:08 UTC] USER=www-data EUID=0 PID=56078 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:54:08 UTC] USER=www-data EUID=0 PID=56096 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56107 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56125 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56138 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56147 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56156 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56165 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56174 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56183 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56192 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56201 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56210 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56219 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56228 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56240 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56251 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56277 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56292 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:09 UTC] USER=www-data EUID=0 PID=56301 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:10 UTC] USER=www-data EUID=0 PID=56310 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:10 UTC] USER=www-data EUID=0 PID=56330 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:54:10 UTC] USER=www-data EUID=0 PID=56341 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:54:10 UTC] USER=www-data EUID=0 PID=56350 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:10 UTC] USER=www-data EUID=0 PID=56360 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:54:10 UTC] USER=www-data EUID=0 PID=56402 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:54:10 UTC] USER=www-data EUID=0 PID=56414 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:10 UTC] USER=www-data EUID=0 PID=56430 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:10 UTC] USER=www-data EUID=0 PID=56446 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:10 UTC] USER=www-data EUID=0 PID=56455 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56464 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56473 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56482 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56491 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56500 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56509 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56518 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56527 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56536 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56546 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56565 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56574 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56583 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56592 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56601 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56610 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56619 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:54:11 UTC] USER=www-data EUID=0 PID=56628 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: postgres
Node: coordinator
FQDN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-coordinator.fastorder.com -U postgres -d postgres
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: postgres
Identifier: coordinator
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: coordinator
User (CN): postgres
Hostname: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:54:12 UTC] USER=www-data EUID=0 PID=56681 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-coordinator-postgres/ra_root.crt
[2026-02-05 06:54:12 UTC] USER=www-data EUID=0 PID=56692 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-coordinator-postgres/ra_root.key
[2026-02-05 06:54:12 UTC] USER=www-data EUID=0 PID=56706 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-postgres/ra_root.crt
[2026-02-05 06:54:12 UTC] USER=www-data EUID=0 PID=56717 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-postgres/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = postgres
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56751 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56760 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56769 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56778 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56796 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56805 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56814 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56823 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-postgres/postgres_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56832 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56842 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56852 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56864 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56882 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56891 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56900 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56918 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56927 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56962 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56971 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56982 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=56992 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:13 UTC] USER=www-data EUID=0 PID=57001 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57019 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57029 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57038 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57047 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57056 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57065 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57081 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57095 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57104 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57113 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57122 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57131 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57140 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57149 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57158 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57168 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57177 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57187 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57196 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57222 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57234 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57243 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:14 UTC] USER=www-data EUID=0 PID=57252 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57273 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57289 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57299 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57310 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57338 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57351 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57360 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57369 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57379 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57398 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57407 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57416 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57428 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57437 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57446 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57455 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57464 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57473 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key.pkcs1
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57482 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_der.key
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57492 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres_pk8.der
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57502 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57516 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57526 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
β
Symlinked ca.pem
β
Symlinked client-cert.pem
[2026-02-05 06:54:15 UTC] USER=www-data EUID=0 PID=57553 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:54:16 UTC] USER=www-data EUID=0 PID=57562 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:54:16 UTC] USER=www-data EUID=0 PID=57572 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:54:16 UTC] USER=www-data EUID=0 PID=57581 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:54:16 UTC] USER=www-data EUID=0 PID=57591 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: postgres
Node: coordinator
FQDN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-coordinator.fastorder.com -U postgres -d postgres
[DEBUG] Tracking substep start: steps/01-install/steps/02-setup-pg-instance (RUN_UUID=2165e83b-e0a5-4ce6-a4eb-b16df968beed)
[INFO] π¦ 02 setup pg instance...
[0;34m[DEADLOCK-PREVENTION][0m Deadlock prevention library loaded
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
π Configuring AWS credentials...
β
Using permanent AWS credentials from /var/www/.aws/credentials
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
βββββββββββββββββββββββββββββββββββββββββββββββββ
π Configuring AWS credentials...
[WARN] ~/.aws/credentials file not found
[WARN] AWS operations may require SSO login
βββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Using existing db-coordinator-postgresql environment: db-web-universe-main-dev-postgresql-coordinator.fastorder.com (10.100.1.54)
[INFO] PostgreSQL will listen on application-specific IP: 10.100.1.54
[0;34m[INFO][0m Environment: web-universe-main-dev
[0;34m[INFO][0m Identifier: coordinator
[0;34m[INFO][0m Data dir: /data/postgresql/17/web-universe-main-dev/coordinator
[0;34m[INFO][0m Port: 5432
[0;34m[INFO][0m Hostname: db-web-universe-main-dev-postgresql-coordinator
[2026-02-05 06:54:18 UTC] USER=www-data EUID=0 PID=57741 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:18 UTC] USER=www-data EUID=0 PID=57762 ACTION=fsop ARGS=chmod 755 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:18 UTC] USER=www-data EUID=0 PID=57786 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:18 UTC] USER=www-data EUID=0 PID=57816 ACTION=fsop ARGS=chown root:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[1;33m[WARN][0m Server certificate not found at /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
[0;34m[INFO][0m Generating server certificate using ssl/server.sh...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βββββββββββββββββββββββββββββββββββββββββββββββββ
π¦ PostgreSQL Server Certificate Generation
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe (FastOrder Universe)
Branch: main
Env: dev
Node: coordinator
Primary CN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Alt CN: web-universe-main-dev.fastorder.com
Internal IP: 10.100.1.54 (from topology: db-coordinator-postgresql)
Shared IP: 142.93.238.16 (legacy/public, also included in SANs)
Coordinator variants:
- db-web-universe-main-dev-postgresql-coordinator-coordinator.fastorder.com
- db-universe-main-dev-postgresql-coordinator-coordinator.fastorder.com
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
Removing existing server certificates (preserving client certs)...
[2026-02-05 06:54:18 UTC] USER=www-data EUID=0 PID=57859 ACTION=fsop ARGS=rm -f /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
β
Ensuring directories exist: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator and /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:18 UTC] USER=www-data EUID=0 PID=57868 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Generating 4096-bit private key...
[2026-02-05 06:54:18 UTC] USER=www-data EUID=0 PID=57878 ACTION=fsop ARGS=chmod 755 /tmp/pg-cert-gen-57823
[2026-02-05 06:54:18 UTC] USER=www-data EUID=0 PID=57887 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-cert-gen-57823/ra_root.crt
[2026-02-05 06:54:18 UTC] USER=www-data EUID=0 PID=57896 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-cert-gen-57823/ra_root.key
[2026-02-05 06:54:19 UTC] USER=www-data EUID=0 PID=57905 ACTION=fsop ARGS=chmod 644 /tmp/pg-cert-gen-57823/ra_root.crt
[2026-02-05 06:54:19 UTC] USER=www-data EUID=0 PID=57914 ACTION=fsop ARGS=chmod 644 /tmp/pg-cert-gen-57823/ra_root.key
π Creating certificate signing request (CSR)...
π Signing certificate with internal CA...
Certificate request self-signature ok
subject=C = US, ST = Virginia, L = Ashburn, O = FastOrder, OU = PostgreSQL, CN = db-web-universe-main-dev-postgresql-coordinator.fastorder.com
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58038 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-57823/server.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58047 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-57823/server.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58056 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
π Setting up CA certificate...
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58065 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-57823/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58074 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58083 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58092 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt
β
Using CA certificate: /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt
π Setting up key in private directory...
Key already in correct location (CERT_DIR == KEY_DIR)
π Securing key and cert permissions...
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58103 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58112 ACTION=fsop ARGS=chmod 600 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58121 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58130 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58139 ACTION=fsop ARGS=chown root:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Verifying certificate...
Certificate details:
Subject: C = US, ST = Virginia, L = Ashburn, O = FastOrder, OU = PostgreSQL, CN = db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
--
X509v3 Subject Alternative Name:
DNS:db-web-universe-main-dev-postgresql-coordinator.fastorder.com, DNS:web-universe-main-dev.fastorder.com, DNS:db-web-universe-main-dev-postgresql-coordinator.fastorder.com, DNS:db-web-universe-main-dev-postgresql-coordinator, DNS:localhost, DNS:db-web-universe-main-dev-postgresql-coordinator-coordinator.fastorder.com, DNS:db-universe-main-dev-postgresql-coordinator-coordinator.fastorder.com, DNS:db-web-universe-main-dev-postgresql.fastorder.com, IP Address:10.100.1.54, IP Address:127.0.0.1, IP Address:142.93.238.16
X509v3 Subject Key Identifier:
β οΈ Certificate chain verification: FAILED (but certificate may still work)
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
PostgreSQL Server Certificate Generated Successfully!
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Node: coordinator
Primary CN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Certificate files installed:
π Server cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
π Server key: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
ποΈ CA cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt (ca.crt symlink also available)
To use these certificates in PostgreSQL:
1. Update postgresql.conf:
ssl = on
ssl_cert_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt'
ssl_key_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key'
ssl_ca_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt'
2. Restart PostgreSQL:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl restart postgresql@web-universe-main-dev-coordinator.service
3. Test SSL connection:
psql "host=db-web-universe-main-dev-postgresql-coordinator.fastorder.com port=5432 user=postgres sslmode=verify-full"
βββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m β
Using canonical certificate path (hardened, ProtectHome=true compatible)
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58235 ACTION=fsop ARGS=test -f /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.crt
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58246 ACTION=fsop ARGS=test -f /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/server.key
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58256 ACTION=fsop ARGS=test -f /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt
[0;32m[OK][0m mTLS certificates OK (server cert + client certs verified) and keys secured
[0;34m[INFO][0m Preflight: stopping any conflicting Postgres services/processes on port 5432β¦
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58278 ACTION=passthru ARGS=systemctl stop postgresql@web-universe-main-dev-coordinator.service
[2026-02-05 06:54:21 UTC] USER=www-data EUID=0 PID=58304 ACTION=passthru ARGS=systemctl stop postgresql
[1;33m[WARN][0m Cleaning stale socket directory /var/run/postgresql-web-universe-main-dev-coordinator
[2026-02-05 06:54:22 UTC] USER=www-data EUID=0 PID=58338 ACTION=fsop ARGS=rm -rf /var/run/postgresql-web-universe-main-dev-coordinator
[0;32m[OK][0m No conflicting Postgres left on port 5432
[0;32m[OK][0m Using postgres password from vault provider
[2026-02-05 06:54:24 UTC] USER=www-data EUID=0 PID=58439 ACTION=fsop ARGS=chown postgres:postgres /tmp/.pg_pwfile.4nEzCA
[2026-02-05 06:54:24 UTC] USER=www-data EUID=0 PID=58461 ACTION=fsop ARGS=chmod 600 /tmp/.pg_pwfile.4nEzCA
[2026-02-05 06:54:24 UTC] USER=www-data EUID=0 PID=58486 ACTION=fsop ARGS=mkdir -p /data/postgresql/17/web-universe-main-dev
[2026-02-05 06:54:24 UTC] USER=www-data EUID=0 PID=58508 ACTION=fsop ARGS=chown postgres:postgres /data/postgresql/17/web-universe-main-dev
[2026-02-05 06:54:24 UTC] USER=www-data EUID=0 PID=58533 ACTION=fsop ARGS=chmod 755 /data/postgresql/17/web-universe-main-dev
[0;34m[INFO][0m Initializing cluster in /data/postgresql/17/web-universe-main-dev/coordinator (SCRAM; pwfile)
[1;33m[WARN][0m Removing existing data directory: /data/postgresql/17/web-universe-main-dev/coordinator
[2026-02-05 06:54:24 UTC] USER=www-data EUID=0 PID=58557 ACTION=fsop ARGS=rm -rf /data/postgresql/17/web-universe-main-dev/coordinator
[2026-02-05 06:54:24 UTC] USER=www-data EUID=0 PID=58594 ACTION=fsop ARGS=mkdir -p /data/postgresql/17/web-universe-main-dev/coordinator
[2026-02-05 06:54:24 UTC] USER=www-data EUID=0 PID=58618 ACTION=fsop ARGS=chown postgres:postgres /data/postgresql/17/web-universe-main-dev/coordinator
[2026-02-05 06:54:24 UTC] USER=www-data EUID=0 PID=58640 ACTION=fsop ARGS=chmod 700 /data/postgresql/17/web-universe-main-dev/coordinator
[2026-02-05 06:54:24 UTC] USER=www-data EUID=0 PID=58666 ACTION=fsop ARGS=mkdir -p /var/run/postgresql-web-universe-main-dev-coordinator
[2026-02-05 06:54:25 UTC] USER=www-data EUID=0 PID=58706 ACTION=fsop ARGS=chown postgres:postgres /var/run/postgresql-web-universe-main-dev-coordinator
[2026-02-05 06:54:25 UTC] USER=www-data EUID=0 PID=58739 ACTION=fsop ARGS=chmod 2775 /var/run/postgresql-web-universe-main-dev-coordinator
[2026-02-05 06:54:25 UTC] USER=www-data EUID=0 PID=58756 ACTION=passthru ARGS=sudo -u postgres /usr/lib/postgresql/17/bin/initdb -D /data/postgresql/17/web-universe-main-dev/coordinator --locale=en_US.UTF-8 --encoding=UTF8 --auth-local=scram-sha-256 --auth-host=scram-sha-256 --pwfile=/tmp/.pg_pwfile.4nEzCA
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /data/postgresql/17/web-universe-main-dev/coordinator ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default "max_connections" ... 100
selecting default "shared_buffers" ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
Success. You can now start the database server using:
/usr/lib/postgresql/17/bin/pg_ctl -D /data/postgresql/17/web-universe-main-dev/coordinator -l logfile start
[0;32m[OK][0m initdb complete
[2026-02-05 06:54:26 UTC] USER=www-data EUID=0 PID=58827 ACTION=fsop ARGS=rm -f /tmp/.pg_pwfile.4nEzCA
[0;34m[INFO][0m Writing postgresql.conf (TLSβ₯1.2, SCRAM, audit logs)
[0;32m[OK][0m postgresql.conf updated successfully
[0;34m[INFO][0m Writing pg_hba.conf (mTLS with client certificates + SCRAM, least-privilege)
[2026-02-05 06:54:26 UTC] USER=www-data EUID=0 PID=58875 ACTION=fsop ARGS=cp /tmp/tmp.kKtBVngze6 /data/postgresql/17/web-universe-main-dev/coordinator/pg_hba.conf
[2026-02-05 06:54:26 UTC] USER=www-data EUID=0 PID=58896 ACTION=fsop ARGS=chown postgres:postgres /data/postgresql/17/web-universe-main-dev/coordinator/pg_hba.conf
[2026-02-05 06:54:26 UTC] USER=www-data EUID=0 PID=58917 ACTION=fsop ARGS=chmod 600 /data/postgresql/17/web-universe-main-dev/coordinator/pg_hba.conf
[0;32m[OK][0m pg_hba.conf updated
[0;34m[INFO][0m Creating systemd unit: /etc/systemd/system/postgresql@web-universe-main-dev-coordinator.service
[2026-02-05 06:54:26 UTC] USER=www-data EUID=0 PID=58943 ACTION=fsop ARGS=mv -f /tmp/.pg_unit.keKE05 /etc/systemd/system/postgresql@web-universe-main-dev-coordinator.service
[2026-02-05 06:54:26 UTC] USER=www-data EUID=0 PID=58965 ACTION=fsop ARGS=chmod 0644 /etc/systemd/system/postgresql@web-universe-main-dev-coordinator.service
[0;32m[OK][0m systemd unit written
[2026-02-05 06:54:26 UTC] USER=www-data EUID=0 PID=58986 ACTION=fsop ARGS=mkdir -p /var/lib/pgbackrest /var/spool/pgbackrest /var/log/pgbackrest
[2026-02-05 06:54:26 UTC] USER=www-data EUID=0 PID=59007 ACTION=fsop ARGS=chown postgres:postgres /var/lib/pgbackrest /var/spool/pgbackrest /var/log/pgbackrest
[2026-02-05 06:54:26 UTC] USER=www-data EUID=0 PID=59038 ACTION=passthru ARGS=systemctl daemon-reload
[0;34m[INFO][0m Starting PostgreSQL instance...
[2026-02-05 06:54:27 UTC] USER=www-data EUID=0 PID=59175 ACTION=passthru ARGS=systemctl start postgresql@web-universe-main-dev-coordinator.service
[0;34m[INFO][0m Waiting for ACTIVE (systemd)β¦
[2026-02-05 06:54:28 UTC] USER=www-data EUID=0 PID=59234 ACTION=passthru ARGS=systemctl is-active --quiet postgresql@web-universe-main-dev-coordinator.service
[0;32m[OK][0m Service ACTIVE
[0;34m[INFO][0m Waiting for port 5432 bindβ¦
[0;32m[OK][0m Port bound
[0;34m[INFO][0m Waiting pg_isready (socket)β¦
[0;32m[OK][0m Readiness via socket OK
[0;34m[INFO][0m Waiting pg_isready (TCP db-web-universe-main-dev-postgresql-coordinator.fastorder.com:5432)β¦
[0;32m[OK][0m Startup sequence complete
[0;34m[INFO][0m Validating core security GUCs (via local socket)β¦
[0;32m[OK][0m Security GUCs verified (ssl, min TLS, SCRAM, audit logs)
[0;34m[INFO][0m Provisioning application database and Debezium role (if not exists)...
[0;34m[INFO][0m Checking if database fastorder_web_universe_main_dev_db exists...
[0;34m[INFO][0m DB check result: exit_code=0, output='[2026-02-05 06:54:29 UTC] USER=www-data EUID=0 PID=59395 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -Atqc SELECT 1 FROM pg_database WHERE datname = 'fastorder_web_universe_main_dev_db''
[0;34m[INFO][0m Creating database fastorder_web_universe_main_dev_db...
[2026-02-05 06:54:29 UTC] USER=www-data EUID=0 PID=59421 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c CREATE DATABASE "fastorder_web_universe_main_dev_db" ENCODING 'UTF8' LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8' TEMPLATE template0;
CREATE DATABASE
[0;32m[OK][0m Database fastorder_web_universe_main_dev_db created
[0;34m[INFO][0m Checking if role debezium_user exists...
[0;34m[INFO][0m Role check result: exit_code=0, output='[2026-02-05 06:54:29 UTC] USER=www-data EUID=0 PID=59445 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -Atqc SELECT 1 FROM pg_roles WHERE rolname = 'debezium_user''
[0;34m[INFO][0m Creating role debezium_user...
[2026-02-05 06:54:29 UTC] USER=www-data EUID=0 PID=59472 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c CREATE ROLE debezium_user LOGIN PASSWORD '7ejSPdiDL3ckLz8T0zwK2urJ';
CREATE ROLE
[0;32m[OK][0m Role debezium_user created
[2026-02-05 06:54:29 UTC] USER=www-data EUID=0 PID=59495 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c GRANT CONNECT ON DATABASE "fastorder_web_universe_main_dev_db" TO debezium_user;
GRANT
[0;32m[OK][0m Application DB (fastorder_web_universe_main_dev_db) + Debezium role (debezium_user) provisioned (idempotent)
[0;34m[INFO][0m Applying connection and memory optimizations...
[0;34m[INFO][0m Current settings: max_connections=100, work_mem=4MB
[0;34m[INFO][0m Target settings (coordinator): max_connections=150, work_mem=8MB
[2026-02-05 06:54:30 UTC] USER=www-data EUID=0 PID=59596 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c ALTER SYSTEM SET max_connections = 150;
ALTER SYSTEM
[2026-02-05 06:54:30 UTC] USER=www-data EUID=0 PID=59622 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c ALTER SYSTEM SET work_mem = '8MB';
ALTER SYSTEM
[2026-02-05 06:54:30 UTC] USER=www-data EUID=0 PID=59645 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc -c SELECT pg_reload_conf();
pg_reload_conf
----------------
t
(1 row)
[0;32m[OK][0m Settings applied to postgresql.auto.conf
[2026-02-05 06:54:30 UTC] USER=www-data EUID=0 PID=59661 ACTION=passthru ARGS=sudo -u postgres test -f /data/postgresql/17/web-universe-main-dev/coordinator/standby.signal
[0;34m[INFO][0m Service recently started (2s ago) - restarting to apply max_connections...
[0;34m[INFO][0m Stopping service...
[2026-02-05 06:54:30 UTC] USER=www-data EUID=0 PID=59683 ACTION=passthru ARGS=systemctl stop postgresql@web-universe-main-dev-coordinator.service
[0;34m[INFO][0m Waiting for port 5432 to be released...
[0;32m[OK][0m Port 5432 released
[0;34m[INFO][0m Starting service...
[2026-02-05 06:54:34 UTC] USER=www-data EUID=0 PID=59809 ACTION=passthru ARGS=systemctl start postgresql@web-universe-main-dev-coordinator.service
[0;32m[OK][0m β
Optimization complete: max_connections=150, work_mem=8MB
[0;34m[INFO][0m Setting postgres password via centralized script... for coordinator
[0;34m[INFO][0m Temporarily disabling synchronous_commit on coordinator for password setting...
[0;32m[OK][0m Disabled synchronous_commit (was: on)
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
β οΈ ~/.aws/credentials file not found
β οΈ Using environment-based AWS authentication
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Password Rotation via AWS Secrets Manager β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mEnvironment Configuration:[0m
[0;34m Service: web[0m
[0;34m Zone: universe[0m
[0;34m Environment: dev[0m
[0;34m Identifier: coordinator[0m
[0;34mAWS Secret: fastorder/db/web/universe/main/dev/postgresql/coordinator[0m
[0;34mConnection Info:[0m
[0;34m Socket Dir: /var/run/postgresql-web-universe-main-dev-coordinator[0m
[0;34m Port: 5432[0m
[0;34mTesting AWS Secrets Manager connectivity...[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;34mMethod 1 (PREFERRED): AWS Secrets Manager Rotation[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mThis method uses AWS Secrets Manager's built-in rotation:[0m
[0;34m β Zero-downtime (dual-password window)[0m
[0;34m β Automatic rollback on failure[0m
[0;34m β CloudTrail audit log[0m
[0;34m β CloudWatch metrics[0m
[0;34m β No secret exposure in scripts[0m
[0;34mNon-interactive mode: Proceeding with password rotation automatically[0m
[0;34mInitial setup: Using password from initdb[0m
[0;32mβ PostgreSQL password already set during initdb[0m
[0;34mStoring password in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/coordinator[0m
βΉοΈ Setting PostgreSQL credentials in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator
βΉοΈ Setting secret in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/coordinator
β
Secret updated: fastorder/db/web/universe/main/dev/postgresql/coordinator
β
PostgreSQL credentials set in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator
[0;32mβ Password stored in AWS Secrets Manager[0m
[0;34mVerifying new credentials...[0m
[0;32mβ New credentials retrieved from AWS Secrets Manager[0m
[0;34mTesting PostgreSQL connection with new credentials...[0m
[0;32mβ PostgreSQL connection successful (socket authentication)[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;32mβ β Password Rotation Complete! β[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mSecret: fastorder/db/web/universe/main/dev/postgresql/coordinator[0m
[0;34mMethod: Direct Update (stored in AWS Secrets Manager)[0m
[0;34mStatus: Completed[0m
[0;34mTo retrieve credentials:[0m
[0;34m # Using Bash library[0m
[0;34m source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh[0m
[0;34m get_pg_credentials coordinator[0m
[0;34mAudit trail: AWS CloudTrail (for Secrets Manager operations)[0m
[0;32mβ Done![0m
[0;34m[INFO][0m Restoring synchronous_commit on coordinator...
[0;32m[OK][0m Restored synchronous_commit to: on
[0;32m[OK][0m Password set and persisted
[0;34m[INFO][0m Updating /etc/hosts with PostgreSQL hostname mappings...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CONFIGURING POSTGRESQL NETWORK & DNS
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Environment: web-universe-main-dev
[0;34m[INFO][0m Identifier: coordinator
[0;34m[INFO][0m PostgreSQL IP: 10.100.1.54
[0;34m[INFO][0m Primary hostname: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
[0;34m[INFO][0m Adding /etc/hosts entries for coordinator...
[0;34m[INFO][0m 1. db-web-universe-main-dev-postgresql.fastorder.com β 10.100.1.54 (primary/short)
[0;34m[INFO][0m 2. db-web-universe-main-dev-postgresql-coordinator.fastorder.com β 10.100.1.54 (compatibility)
[0;34m[INFO][0m β
db-web-universe-main-dev-postgresql.fastorder.com already exists with correct IP
[0;34m[INFO][0m β
db-web-universe-main-dev-postgresql-coordinator.fastorder.com already exists with correct IP
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ
[0m β
Network & DNS configuration complete
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Verifying /etc/hosts entries:
10.100.1.54 db-web-universe-main-dev-postgresql.fastorder.com
10.100.1.54 db-web-universe-main-dev-postgresql-coordinator.fastorder.com
[0;32m[OK][0m PostgreSQL 'web-universe-main-dev' is up with TLS/SCRAM/logging.
Superuser TCP mode: cert
Connect (mTLS):
psql "sslmode=verify-full sslrootcert=/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt \
sslcert=/home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.crt \
sslkey=/home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/postgres.key \
host=db-web-universe-main-dev-postgresql-coordinator port=5432 dbname=postgres user=postgres"
File been compeleted perfectly: 02-setup-pg-instance
[0;34m[INFO][0m Registering PostgreSQL node to observability API...
[INFO] Detected 4-part identifier format
[INFO] Registering node via API
[INFO] Application: PostgreSQL
[INFO] Identifier: web-universe-main-dev-postgresql-coordinator
[INFO] Identifier Parent: coordinator
[INFO] IP: 10.100.1.54
[INFO] Port: 5432
[INFO] FQDN: db-web-universe-main-dev-postgresql-coordinator
[INFO] Status: running
[INFO] Environment: web-universe-main-dev (service=web, zone=universe, branch=main, env=dev)
[INFO] Calling registration API: https://skeleton.dev.fastorder.com/api/obs/register
[SUCCESS] =========================================
[SUCCESS] Node registered successfully via API!
[SUCCESS] =========================================
[SUCCESS] Node UUID: 90feffd7-89fb-4afb-a63f-cc975d7e928c
[SUCCESS] Environment UUID: b9b5805b-8033-4d13-b5de-5df5c0dd562b
[SUCCESS] Dashboard: https:\/\/skeleton.dev.fastorder.com\/dashboard\/monitoring\/environment\/b9b5805b-8033-4d13-b5de-5df5c0dd562b
[0;32m[OK][0m PostgreSQL node registered to observability API
[DEBUG] Tracking substep start: steps/01-install/steps/03-role (RUN_UUID=2165e83b-e0a5-4ce6-a4eb-b16df968beed)
[INFO] π¦ 03 role...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: debezium_user
Identifier: coordinator
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: coordinator
User (CN): debezium_user
Hostname: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:54:55 UTC] USER=www-data EUID=0 PID=61233 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-coordinator-debezium_user
[2026-02-05 06:54:55 UTC] USER=www-data EUID=0 PID=61244 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-coordinator-debezium_user/ra_root.crt
[2026-02-05 06:54:55 UTC] USER=www-data EUID=0 PID=61253 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-coordinator-debezium_user/ra_root.key
[2026-02-05 06:54:55 UTC] USER=www-data EUID=0 PID=61262 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-debezium_user/ra_root.crt
[2026-02-05 06:54:55 UTC] USER=www-data EUID=0 PID=61291 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-debezium_user/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = debezium_user
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:55 UTC] USER=www-data EUID=0 PID=61337 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61346 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61355 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-debezium_user/debezium_user.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61364 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-debezium_user/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61375 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-debezium_user/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61387 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61396 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-debezium_user/debezium_user.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key.pkcs1
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61409 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-debezium_user/debezium_user_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_der.key
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61426 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-debezium_user/debezium_user_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61435 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61445 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61454 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61471 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61480 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key.pkcs1
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61492 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_der.key
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61504 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61513 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61522 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61559 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61569 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:56 UTC] USER=www-data EUID=0 PID=61578 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61587 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61596 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61605 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61614 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61623 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61632 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key.pkcs1
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61641 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_der.key
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61650 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_pk8.der
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61661 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61673 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61692 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61701 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61719 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61728 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61737 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61746 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61755 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61764 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key.pkcs1
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61773 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_der.key
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61782 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_pk8.der
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61793 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61812 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61830 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61839 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61849 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61858 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt
[2026-02-05 06:54:57 UTC] USER=www-data EUID=0 PID=61867 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=61876 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=61885 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key.pkcs1
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=61894 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_der.key
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=61903 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_pk8.der
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=61913 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=61923 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=61932 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=61953 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=61971 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=61980 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=62013 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key.pkcs1
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=62023 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_der.key
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=62033 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user_pk8.der
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=62044 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=62055 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=62065 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=62074 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=62084 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=62093 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:54:58 UTC] USER=www-data EUID=0 PID=62106 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:54:59 UTC] USER=www-data EUID=0 PID=62116 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:54:59 UTC] USER=www-data EUID=0 PID=62140 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: debezium_user
Node: coordinator
FQDN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/debezium_user.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-coordinator.fastorder.com -U debezium_user -d postgres
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
π¦ Start executing 03-create-role.sh
π¦ Setting password for user: fastorder_admin_gd
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
β οΈ ~/.aws/credentials file not found
β οΈ Using environment-based AWS authentication
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Password Rotation via AWS Secrets Manager β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mEnvironment Configuration:[0m
[0;34m Service: web[0m
[0;34m Zone: universe[0m
[0;34m Environment: dev[0m
[0;34m Identifier: coordinator[0m
[0;34mAWS Secret: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd[0m
[0;34mConnection Info:[0m
[0;34m Socket Dir: /var/run/postgresql-web-universe-main-dev-coordinator[0m
[0;34m Port: 5432[0m
[0;34mTesting AWS Secrets Manager connectivity...[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;34mMethod 1 (PREFERRED): AWS Secrets Manager Rotation[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mThis method uses AWS Secrets Manager's built-in rotation:[0m
[0;34m β Zero-downtime (dual-password window)[0m
[0;34m β Automatic rollback on failure[0m
[0;34m β CloudTrail audit log[0m
[0;34m β CloudWatch metrics[0m
[0;34m β No secret exposure in scripts[0m
[0;34mNon-interactive mode: Proceeding with password rotation automatically[0m
[0;34mGenerating new secure password...[0m
[0;34mUser fastorder_admin_gd does not exist yet - skipping ALTER, will be created by calling script[0m
[0;32mβ Password generated for new user: fastorder_admin_gd[0m
[0;34mStoring password in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd[0m
βΉοΈ Setting PostgreSQL credentials in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
βΉοΈ Setting secret in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
β
Secret updated: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
β
PostgreSQL credentials set in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
[0;32mβ Password stored in AWS Secrets Manager[0m
[0;34mVerifying new credentials...[0m
[0;32mβ New credentials retrieved from AWS Secrets Manager[0m
[0;34mTesting PostgreSQL connection with new credentials...[0m
[0;32mβ PostgreSQL connection successful (socket authentication)[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;32mβ β Password Rotation Complete! β[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mSecret: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd[0m
[0;34mMethod: Direct Update (stored in AWS Secrets Manager)[0m
[0;34mStatus: Completed[0m
[0;34mTo retrieve credentials:[0m
[0;34m # Using Bash library[0m
[0;34m source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh[0m
[0;34m get_pg_credentials coordinator[0m
[0;34mAudit trail: AWS CloudTrail (for Secrets Manager operations)[0m
[0;32mβ Done![0m
π Retrieving password from vault with identifier: coordinator/fastorder_admin_gd
β Retrieved password from centralized secrets vault
π Using PostgreSQL host: db-web-universe-main-dev-postgresql.fastorder.com
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: fastorder_admin_gd
Identifier: coordinator
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: coordinator
User (CN): fastorder_admin_gd
Hostname: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:55:09 UTC] USER=www-data EUID=0 PID=62827 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-coordinator-fastorder_admin_gd/ra_root.crt
[2026-02-05 06:55:09 UTC] USER=www-data EUID=0 PID=62838 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-coordinator-fastorder_admin_gd/ra_root.key
[2026-02-05 06:55:09 UTC] USER=www-data EUID=0 PID=62847 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-fastorder_admin_gd/ra_root.crt
[2026-02-05 06:55:09 UTC] USER=www-data EUID=0 PID=62856 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-coordinator-fastorder_admin_gd/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = fastorder_admin_gd
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:55:10 UTC] USER=www-data EUID=0 PID=62908 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:55:10 UTC] USER=www-data EUID=0 PID=62923 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:55:10 UTC] USER=www-data EUID=0 PID=62934 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-fastorder_admin_gd/fastorder_admin_gd.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key
[2026-02-05 06:55:10 UTC] USER=www-data EUID=0 PID=62952 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-fastorder_admin_gd/fastorder_admin_gd.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.crt
[2026-02-05 06:55:10 UTC] USER=www-data EUID=0 PID=62961 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-fastorder_admin_gd/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:55:10 UTC] USER=www-data EUID=0 PID=62970 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:55:10 UTC] USER=www-data EUID=0 PID=62979 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-fastorder_admin_gd/fastorder_admin_gd.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:55:10 UTC] USER=www-data EUID=0 PID=62988 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-fastorder_admin_gd/fastorder_admin_gd_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key
[2026-02-05 06:55:10 UTC] USER=www-data EUID=0 PID=62997 ACTION=fsop ARGS=cp -f /tmp/pg-client-coordinator-fastorder_admin_gd/fastorder_admin_gd_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der
[2026-02-05 06:55:10 UTC] USER=www-data EUID=0 PID=63006 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key
[2026-02-05 06:55:10 UTC] USER=www-data EUID=0 PID=63015 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63024 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63033 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63042 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63051 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63060 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63069 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63078 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63087 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63096 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63105 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63131 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63140 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63149 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63162 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63171 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63180 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63189 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63198 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63207 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63216 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63225 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63234 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63244 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63255 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63264 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63273 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63287 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63298 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63311 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63321 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63335 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63344 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63353 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63362 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63371 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63381 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63391 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:11 UTC] USER=www-data EUID=0 PID=63400 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63409 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63418 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63427 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63436 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63445 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63454 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63463 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63472 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63481 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63490 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63500 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63510 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63520 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63530 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63545 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63562 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63571 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63580 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63589 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63598 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63607 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63616 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_der.key
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63625 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd_pk8.der
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63635 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator β /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63645 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63654 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63663 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63678 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63688 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63697 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63706 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63715 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:55:12 UTC] USER=www-data EUID=0 PID=63724 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: fastorder_admin_gd
Node: coordinator
FQDN: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/fastorder_admin_gd.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-coordinator.fastorder.com -U fastorder_admin_gd -d postgres
𧱠Connecting via Unix socket to create role and database...
Socket: /var/run/postgresql-web-universe-main-dev-coordinator:5432
π¦ Creating role fastorder_admin_gd...
β
Role fastorder_admin_gd created
βΉοΈ Database fastorder_web_universe_main_dev_db already exists, skipping creation
[2026-02-05 06:55:13 UTC] USER=www-data EUID=0 PID=63787 ACTION=passthru ARGS=sudo -u postgres psql -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc
GRANT
β
Role and DB created via SSL
π Adding user to pg_hba.conf for SSL access...
βΉοΈ Using pg_hba.conf: /data/postgresql/17/web-universe-main-dev/coordinator/pg_hba.conf
β
Added fastorder_admin_gd to pg_hba.conf
π Reloading PostgreSQL configuration...
[2026-02-05 06:55:13 UTC] USER=www-data EUID=0 PID=63827 ACTION=passthru ARGS=systemctl reload postgresql@web-universe-main-dev-coordinator.service
β
PostgreSQL configuration reloaded
π§ͺ Testing connection for user: fastorder_admin_gd
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[0;34m=== Pre-flight Checks ===[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;32mβ[0m AWS Secrets Manager accessible
[0;34m=== Retrieving Credentials from AWS ===[0m
βΉοΈ Retrieving PostgreSQL credentials for: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
βΉοΈ Fetching secret: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
β
Retrieved from cache: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
β
PostgreSQL credentials loaded for coordinator/fastorder_admin_gd: fastorder_admin_gd@db-web-universe-main-dev-postgresql.fastorder.com:5432/fastorder_web_universe_main_dev_db
[0;32mβ[0m Credentials retrieved: fastorder_admin_gd@db-web-universe-main-dev-postgresql.fastorder.com:5432/fastorder_web_universe_main_dev_db
[0;34mββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Test Suite (AWS Secrets MGR) β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34m=== PostgreSQL Authentication Test ===[0m
[0;31mβ[0m PostgreSQL authentication failed
---- Error Details ----
psql: error: connection to server at "db-web-universe-main-dev-postgresql.fastorder.com" (10.100.1.54), port 5432 failed: root certificate file "/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/fastorder_admin_gd/root.crt" does not exist
Either provide the file, use the system's trusted roots with sslrootcert=system, or change sslmode to disable server certificate verification.
----------------------
β User authentication test failed
π Password stored securely in AWS Secrets Manager
π Secret path: fastorder/db/web/universe/main/dev/postgresql/coordinator/fastorder_admin_gd
π¦ End executing 03-create-role.sh
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[2026-02-05 06:55:18 UTC] USER=www-data EUID=0 PID=64143 ACTION=fsop ARGS=test -f /data/postgresql/17/web-universe-main-dev/coordinator/standby.signal
ββ fast setup βββββββββββββββββββββββββββββββββββββββββββββ
NAME : web-universe-main-dev
IDENTIFIER : coordinator
PG HOST : db-web-universe-main-dev-postgresql.fastorder.com:5432
ROLE : debezium_user
DB : fastorder_web_universe_main_dev_db
SCHEMA : web
AUTH MODE : scram (scram=password over TLS | cert=mTLS)
SUBNET ALLOW: 10.201.0.0/16
CONNECT /32 : 142.93.238.16
SSL DIR : /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator
DNS β 10.100.1.54
CA : /home/www-data/ssl/.postgresql/web-universe-main-dev/coordinator/root.crt
π Setting password for user: debezium_user
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
β οΈ ~/.aws/credentials file not found
β οΈ Using environment-based AWS authentication
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Password Rotation via AWS Secrets Manager β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mEnvironment Configuration:[0m
[0;34m Service: web[0m
[0;34m Zone: universe[0m
[0;34m Environment: dev[0m
[0;34m Identifier: coordinator[0m
[0;34mAWS Secret: fastorder/db/web/universe/main/dev/postgresql/coordinator/debezium_user[0m
[0;34mConnection Info:[0m
[0;34m Socket Dir: /var/run/postgresql-web-universe-main-dev-coordinator[0m
[0;34m Port: 5432[0m
[0;34mTesting AWS Secrets Manager connectivity...[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;34mMethod 1 (PREFERRED): AWS Secrets Manager Rotation[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mThis method uses AWS Secrets Manager's built-in rotation:[0m
[0;34m β Zero-downtime (dual-password window)[0m
[0;34m β Automatic rollback on failure[0m
[0;34m β CloudTrail audit log[0m
[0;34m β CloudWatch metrics[0m
[0;34m β No secret exposure in scripts[0m
[0;34mNon-interactive mode: Proceeding with password rotation automatically[0m
[0;34mGenerating new secure password...[0m
[0;34mUser debezium_user does not exist yet - skipping ALTER, will be created by calling script[0m
[0;32mβ Password generated for new user: debezium_user[0m
[0;34mStoring password in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/coordinator/debezium_user[0m
βΉοΈ Setting PostgreSQL credentials in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator/debezium_user
βΉοΈ Setting secret in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/coordinator/debezium_user
β
Secret updated: fastorder/db/web/universe/main/dev/postgresql/coordinator/debezium_user
β
PostgreSQL credentials set in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator/debezium_user
[0;32mβ Password stored in AWS Secrets Manager[0m
[0;34mVerifying new credentials...[0m
[0;32mβ New credentials retrieved from AWS Secrets Manager[0m
[0;34mTesting PostgreSQL connection with new credentials...[0m
[0;32mβ PostgreSQL connection successful (socket authentication)[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;32mβ β Password Rotation Complete! β[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mSecret: fastorder/db/web/universe/main/dev/postgresql/coordinator/debezium_user[0m
[0;34mMethod: Direct Update (stored in AWS Secrets Manager)[0m
[0;34mStatus: Completed[0m
[0;34mTo retrieve credentials:[0m
[0;34m # Using Bash library[0m
[0;34m source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh[0m
[0;34m get_pg_credentials coordinator[0m
[0;34mAudit trail: AWS CloudTrail (for Secrets Manager operations)[0m
[0;32mβ Done![0m
π Retrieving password from vault with identifier: coordinator/debezium_user
β Retrieved password from secrets vault
password : (stored in AWS Secrets Manager)
π TLS chain check...
π§ Ensuring role and grantsβ¦
βΉοΈ Role debezium_user exists, updating
[2026-02-05 06:55:29 UTC] USER=www-data EUID=0 PID=64863 ACTION=passthru ARGS=sudo -u postgres psql -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d postgres --no-psqlrc
ALTER ROLE
βΉοΈ Database fastorder_web_universe_main_dev_db already exists
[2026-02-05 06:55:29 UTC] USER=www-data EUID=0 PID=64890 ACTION=passthru ARGS=sudo -u postgres psql -h /var/run/postgresql-web-universe-main-dev-coordinator -p 5432 -d fastorder_web_universe_main_dev_db --no-psqlrc
CREATE SCHEMA
GRANT
GRANT
GRANT
GRANT
β
Role/DB/grants ensured.
β οΈ Could not find pg_hba.conf (skipping HBA edits): /data/postgresql/17/web-universe-main-dev/coordinator/pg_hba.conf
π§ͺ Testing ROLE connection (scram)...
β
SCRAM+TLS probe OK
π Done.
[DEBUG] Tracking substep start: steps/01-install/steps/05-setup-service (RUN_UUID=2165e83b-e0a5-4ce6-a4eb-b16df968beed)
[INFO] π¦ 05 setup service...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βΉοΈ Service-specific setup (web) is handled by parent script
β
Step 5 completed (service setup delegated to 01-install/run.sh)
π DEBUG_CHECKPOINT_01: Starting service-specific steps for SERVICE=web
π DEBUG_CHECKPOINT_02: Checking for service-specific run.sh: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/01-install/steps/web/run.sh
π DEBUG_CHECKPOINT_03: Found service-specific run.sh for: web
[DEBUG] Tracking substep start: steps/01-install/steps/web (RUN_UUID=2165e83b-e0a5-4ce6-a4eb-b16df968beed)
[INFO] πΈ Service: web (service-specific)
π DEBUG_CHECKPOINT_04: Executing service-specific: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/01-install/steps/web/run.sh
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Web Service Schema Provisioning
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Service: web
[INFO] Zone: universe
[INFO] Branch: main
[INFO] Environment: dev
[INFO] Identifier: coordinator
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] π¦ Running: 01-init-schema.sh...
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βββββββββββββββββββββββββββββββββββββββ
Initializing config schema
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Identifier: coordinator
Database: fastorder_web_universe_main_dev_db
Host: db-web-universe-main-dev-postgresql.fastorder.com:5432
βββββββββββββββββββββββββββββββββββββββ
[INFO] Checking if config schema exists...
[INFO] Creating config schema and tables...
CREATE EXTENSION
CREATE SCHEMA
CREATE TABLE
COMMENT
CREATE TABLE
COMMENT
CREATE TABLE
COMMENT
CREATE INDEX
CREATE INDEX
CREATE INDEX
INSERT 0 1
CREATE FUNCTION
CREATE FUNCTION
CREATE FUNCTION
NOTICE: trigger "trg_public_defaults_version" for relation "config.public_defaults" does not exist, skipping
DROP TRIGGER
CREATE TRIGGER
NOTICE: trigger "trg_feature_flags_version" for relation "config.feature_flags" does not exist, skipping
DROP TRIGGER
CREATE TRIGGER
NOTICE: trigger "trg_public_defaults_set_updated_at" for relation "config.public_defaults" does not exist, skipping
DROP TRIGGER
CREATE TRIGGER
NOTICE: trigger "trg_feature_flags_set_updated_at" for relation "config.feature_flags" does not exist, skipping
DROP TRIGGER
CREATE TRIGGER
[OK] Config schema and tables created
[INFO] Seeding initial guest services data...
INSERT 0 9
INSERT 0 1
[OK] Initial data seeded
[INFO] Verifying config schema...
βββββββββββββββββββββββββββββββββββββββ
Config Schema Verification
βββββββββββββββββββββββββββββββββββββββ
Guest services: 9
βββββββββββββββββββββββββββββββββββββββ
[OK] Config schema initialization complete
[OK] β 01-init-schema.sh completed
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[OK] Web service schema provisioning complete
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ[0m β
Coordinator setup completed
ββββββββββββββββββββββββββββββββββββββββββββββββββ
Setting up 1 worker(s) (Citus data nodes)β¦
ββββββββββββββββββββββββββββββββββββββββββββββββββ
β Setting up worker: worker-01
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] π Initializing log directories...
[2026-02-05 06:55:34 UTC] USER=unknown EUID=33 PID=65131 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/metrics
[2026-02-05 06:55:34 UTC] USER=unknown EUID=33 PID=65138 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/audit
[2026-02-05 06:55:34 UTC] USER=unknown EUID=33 PID=65145 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/provisioning
[2026-02-05 06:55:34 UTC] USER=unknown EUID=33 PID=65154 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/metrics
[2026-02-05 06:55:34 UTC] USER=unknown EUID=33 PID=65161 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/audit
[2026-02-05 06:55:34 UTC] USER=unknown EUID=33 PID=65168 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/provisioning
/opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/01-install/run.sh: line 41: ok: command not found
[INFO] π’ Starting PostgreSQL provisioning for web in universe-dev...
[INFO] Environment: web-universe-main-dev
[INFO] Identifier: worker-01
[INFO] VM IP: 142.93.238.16
[DEBUG] RUN_UUID=2165e83b-e0a5-4ce6-a4eb-b16df968beed JOB_UUID=efe0ec43-7ab3-46f1-8e76-8fbbb09faeab
[DEBUG] Tracking substep start: steps/01-install/steps/00-configure-network-hosts (RUN_UUID=2165e83b-e0a5-4ce6-a4eb-b16df968beed)
[INFO] π¦ 00 configure network hosts...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CONFIGURING POSTGRESQL NETWORK & DNS
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Environment: web-universe-main-dev
[0;34m[INFO][0m Identifier: worker-01
[0;34m[INFO][0m PostgreSQL IP: 10.100.1.243
[0;34m[INFO][0m Primary hostname: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[0;34m[INFO][0m Adding /etc/hosts entry for worker-01...
[0;34m[INFO][0m db-web-universe-main-dev-postgresql-worker-01.fastorder.com β 10.100.1.243
[0;34m[INFO][0m β
db-web-universe-main-dev-postgresql-worker-01.fastorder.com already exists with correct IP
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ
[0m β
Network & DNS configuration complete
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Verifying /etc/hosts entries:
10.100.1.243 db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[DEBUG] Tracking substep start: steps/01-install/steps/01-prepare-ssl-server-postgres (RUN_UUID=2165e83b-e0a5-4ce6-a4eb-b16df968beed)
[INFO] π¦ 01 prepare ssl server postgres...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βββββββββββββββββββββββββββββββββββββββββββββββββ
π¦ PostgreSQL Server Certificate Generation
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe (FastOrder Universe)
Branch: main
Env: dev
Node: worker-01
Primary CN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Alt CN: web-universe-main-dev.fastorder.com
Internal IP: 10.100.1.243 (from topology: db-worker-01-postgresql)
Shared IP: 142.93.238.16 (legacy/public, also included in SANs)
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
Removing existing server certificates (preserving client certs)...
[2026-02-05 06:55:38 UTC] USER=www-data EUID=0 PID=65523 ACTION=fsop ARGS=rm -f /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
β
Ensuring directories exist: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01 and /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:55:38 UTC] USER=www-data EUID=0 PID=65544 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Generating 4096-bit private key...
[2026-02-05 06:55:38 UTC] USER=www-data EUID=0 PID=65564 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-cert-gen-65425/ra_root.crt
[2026-02-05 06:55:38 UTC] USER=www-data EUID=0 PID=65574 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-cert-gen-65425/ra_root.key
[2026-02-05 06:55:38 UTC] USER=www-data EUID=0 PID=65584 ACTION=fsop ARGS=chmod 644 /tmp/pg-cert-gen-65425/ra_root.crt
[2026-02-05 06:55:38 UTC] USER=www-data EUID=0 PID=65593 ACTION=fsop ARGS=chmod 644 /tmp/pg-cert-gen-65425/ra_root.key
π Creating certificate signing request (CSR)...
π Signing certificate with internal CA...
Certificate request self-signature ok
subject=C = US, ST = Virginia, L = Ashburn, O = FastOrder, OU = PostgreSQL, CN = db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[2026-02-05 06:55:43 UTC] USER=www-data EUID=0 PID=65754 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-65425/server.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
[2026-02-05 06:55:43 UTC] USER=www-data EUID=0 PID=65766 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-65425/server.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
[2026-02-05 06:55:43 UTC] USER=www-data EUID=0 PID=65783 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
π Setting up CA certificate...
[2026-02-05 06:55:44 UTC] USER=www-data EUID=0 PID=65793 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-65425/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:44 UTC] USER=www-data EUID=0 PID=65803 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:44 UTC] USER=www-data EUID=0 PID=65815 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:44 UTC] USER=www-data EUID=0 PID=65825 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt
β
Using CA certificate: /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt
π Setting up key in private directory...
Key already in correct location (CERT_DIR == KEY_DIR)
π Securing key and cert permissions...
[2026-02-05 06:55:44 UTC] USER=www-data EUID=0 PID=65842 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
[2026-02-05 06:55:44 UTC] USER=www-data EUID=0 PID=65854 ACTION=fsop ARGS=chmod 600 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
[2026-02-05 06:55:44 UTC] USER=www-data EUID=0 PID=65863 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
[2026-02-05 06:55:44 UTC] USER=www-data EUID=0 PID=65872 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
[2026-02-05 06:55:44 UTC] USER=www-data EUID=0 PID=65881 ACTION=fsop ARGS=chown root:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Verifying certificate...
Certificate details:
Subject: C = US, ST = Virginia, L = Ashburn, O = FastOrder, OU = PostgreSQL, CN = db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
--
X509v3 Subject Alternative Name:
DNS:db-web-universe-main-dev-postgresql-worker-01.fastorder.com, DNS:web-universe-main-dev.fastorder.com, DNS:db-web-universe-main-dev-postgresql-worker-01.fastorder.com, DNS:db-web-universe-main-dev-postgresql-worker-01, DNS:localhost, IP Address:10.100.1.243, IP Address:127.0.0.1, IP Address:142.93.238.16
X509v3 Subject Key Identifier:
β οΈ Certificate chain verification: FAILED (but certificate may still work)
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
PostgreSQL Server Certificate Generated Successfully!
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Node: worker-01
Primary CN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Certificate files installed:
π Server cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
π Server key: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
ποΈ CA cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt (ca.crt symlink also available)
To use these certificates in PostgreSQL:
1. Update postgresql.conf:
ssl = on
ssl_cert_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt'
ssl_key_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key'
ssl_ca_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt'
2. Restart PostgreSQL:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl restart postgresql@web-universe-main-dev-worker-01.service
3. Test SSL connection:
psql "host=db-web-universe-main-dev-postgresql-worker-01.fastorder.com port=5432 user=postgres sslmode=verify-full"
βββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: postgres
Identifier: worker-01
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: worker-01
User (CN): postgres
Hostname: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:55:44 UTC] USER=www-data EUID=0 PID=65949 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-worker-01-postgres
[2026-02-05 06:55:44 UTC] USER=www-data EUID=0 PID=65967 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-worker-01-postgres/ra_root.key
[2026-02-05 06:55:44 UTC] USER=www-data EUID=0 PID=65976 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-postgres/ra_root.crt
[2026-02-05 06:55:44 UTC] USER=www-data EUID=0 PID=65985 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-postgres/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = postgres
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:55:45 UTC] USER=www-data EUID=0 PID=66011 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:55:45 UTC] USER=www-data EUID=0 PID=66025 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:55:45 UTC] USER=www-data EUID=0 PID=66035 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:55:45 UTC] USER=www-data EUID=0 PID=66044 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:55:45 UTC] USER=www-data EUID=0 PID=66053 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:45 UTC] USER=www-data EUID=0 PID=66062 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:55:45 UTC] USER=www-data EUID=0 PID=66074 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:55:45 UTC] USER=www-data EUID=0 PID=66083 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:55:45 UTC] USER=www-data EUID=0 PID=66092 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:55:45 UTC] USER=www-data EUID=0 PID=66101 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:55:45 UTC] USER=www-data EUID=0 PID=66119 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:55:45 UTC] USER=www-data EUID=0 PID=66128 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:55:45 UTC] USER=www-data EUID=0 PID=66137 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66146 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66166 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66201 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66210 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66222 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66231 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66241 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66255 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66265 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66279 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66304 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66313 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66322 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66331 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66341 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66351 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66360 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66369 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66378 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66387 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66397 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66406 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66424 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66433 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:55:46 UTC] USER=www-data EUID=0 PID=66446 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66458 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66468 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66483 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66498 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66515 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66524 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66533 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66551 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66560 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66569 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66579 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66589 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66608 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66618 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66628 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66637 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66646 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66655 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66664 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:47 UTC] USER=www-data EUID=0 PID=66673 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66682 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66692 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66701 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66710 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66719 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66730 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66749 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66759 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66768 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66777 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66786 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66795 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66804 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66813 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66823 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:55:48 UTC] USER=www-data EUID=0 PID=66832 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: postgres
Node: worker-01
FQDN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-worker-01.fastorder.com -U postgres -d postgres
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: postgres
Identifier: worker-01
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: worker-01
User (CN): postgres
Hostname: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:55:49 UTC] USER=www-data EUID=0 PID=66873 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-worker-01-postgres
[2026-02-05 06:55:49 UTC] USER=www-data EUID=0 PID=66882 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-worker-01-postgres/ra_root.crt
[2026-02-05 06:55:49 UTC] USER=www-data EUID=0 PID=66893 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-worker-01-postgres/ra_root.key
[2026-02-05 06:55:49 UTC] USER=www-data EUID=0 PID=66904 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-postgres/ra_root.crt
[2026-02-05 06:55:49 UTC] USER=www-data EUID=0 PID=66913 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-postgres/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = postgres
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:55:49 UTC] USER=www-data EUID=0 PID=66939 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:55:49 UTC] USER=www-data EUID=0 PID=66948 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:55:49 UTC] USER=www-data EUID=0 PID=66957 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:55:49 UTC] USER=www-data EUID=0 PID=66968 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:55:49 UTC] USER=www-data EUID=0 PID=66977 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:49 UTC] USER=www-data EUID=0 PID=66986 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:55:49 UTC] USER=www-data EUID=0 PID=66995 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:55:49 UTC] USER=www-data EUID=0 PID=67004 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:55:49 UTC] USER=www-data EUID=0 PID=67013 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-postgres/postgres_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:55:49 UTC] USER=www-data EUID=0 PID=67035 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67044 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67053 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67064 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67082 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67100 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67109 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67121 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67132 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67166 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67175 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67184 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67193 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67202 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67211 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67220 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67239 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67248 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67257 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:55:50 UTC] USER=www-data EUID=0 PID=67270 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67288 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67301 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67318 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67328 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67338 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67367 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67377 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67386 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67395 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67413 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_pk8.der
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67433 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67442 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67467 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67476 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67485 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67494 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67503 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67512 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67521 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67533 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67542 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67551 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67561 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67571 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67580 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:51 UTC] USER=www-data EUID=0 PID=67589 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:55:52 UTC] USER=www-data EUID=0 PID=67598 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:52 UTC] USER=www-data EUID=0 PID=67607 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:55:52 UTC] USER=www-data EUID=0 PID=67625 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
[2026-02-05 06:55:52 UTC] USER=www-data EUID=0 PID=67634 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:52 UTC] USER=www-data EUID=0 PID=67654 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key.pkcs1
[2026-02-05 06:55:52 UTC] USER=www-data EUID=0 PID=67663 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_der.key
[2026-02-05 06:55:52 UTC] USER=www-data EUID=0 PID=67672 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/postgres_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres_pk8.der
[2026-02-05 06:55:52 UTC] USER=www-data EUID=0 PID=67682 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:55:52 UTC] USER=www-data EUID=0 PID=67705 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:55:52 UTC] USER=www-data EUID=0 PID=67714 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:55:52 UTC] USER=www-data EUID=0 PID=67728 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:55:52 UTC] USER=www-data EUID=0 PID=67739 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:55:52 UTC] USER=www-data EUID=0 PID=67752 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:55:52 UTC] USER=www-data EUID=0 PID=67763 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:55:52 UTC] USER=www-data EUID=0 PID=67772 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: postgres
Node: worker-01
FQDN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-worker-01.fastorder.com -U postgres -d postgres
[DEBUG] Tracking substep start: steps/01-install/steps/02-setup-pg-instance (RUN_UUID=2165e83b-e0a5-4ce6-a4eb-b16df968beed)
[INFO] π¦ 02 setup pg instance...
[0;34m[DEADLOCK-PREVENTION][0m Deadlock prevention library loaded
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
π Configuring AWS credentials...
β
Using permanent AWS credentials from /var/www/.aws/credentials
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
βββββββββββββββββββββββββββββββββββββββββββββββββ
π Configuring AWS credentials...
[WARN] ~/.aws/credentials file not found
[WARN] AWS operations may require SSO login
βββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Using existing db-worker-01-postgresql environment: db-web-universe-main-dev-postgresql-worker-01.fastorder.com (10.100.1.243)
[INFO] PostgreSQL will listen on application-specific IP: 10.100.1.243
[0;34m[INFO][0m Environment: web-universe-main-dev
[0;34m[INFO][0m Identifier: worker-01
[0;34m[INFO][0m Data dir: /data/postgresql/17/web-universe-main-dev/worker-01
[0;34m[INFO][0m Port: 5432
[0;34m[INFO][0m Hostname: db-web-universe-main-dev-postgresql-worker-01
[2026-02-05 06:55:54 UTC] USER=www-data EUID=0 PID=67906 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:55:54 UTC] USER=www-data EUID=0 PID=67953 ACTION=fsop ARGS=chmod 755 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:55:54 UTC] USER=www-data EUID=0 PID=67984 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:55:54 UTC] USER=www-data EUID=0 PID=68013 ACTION=fsop ARGS=chown root:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[1;33m[WARN][0m Server certificate not found at /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
[0;34m[INFO][0m Generating server certificate using ssl/server.sh...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βββββββββββββββββββββββββββββββββββββββββββββββββ
π¦ PostgreSQL Server Certificate Generation
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe (FastOrder Universe)
Branch: main
Env: dev
Node: worker-01
Primary CN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Alt CN: web-universe-main-dev.fastorder.com
Internal IP: 10.100.1.243 (from topology: db-worker-01-postgresql)
Shared IP: 142.93.238.16 (legacy/public, also included in SANs)
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
Removing existing server certificates (preserving client certs)...
[2026-02-05 06:55:55 UTC] USER=www-data EUID=0 PID=68061 ACTION=fsop ARGS=rm -f /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
β
Ensuring directories exist: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01 and /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:55:55 UTC] USER=www-data EUID=0 PID=68070 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Generating 4096-bit private key...
[2026-02-05 06:55:55 UTC] USER=www-data EUID=0 PID=68080 ACTION=fsop ARGS=chmod 755 /tmp/pg-cert-gen-68022
[2026-02-05 06:55:55 UTC] USER=www-data EUID=0 PID=68091 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-cert-gen-68022/ra_root.crt
[2026-02-05 06:55:55 UTC] USER=www-data EUID=0 PID=68100 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-cert-gen-68022/ra_root.key
[2026-02-05 06:55:55 UTC] USER=www-data EUID=0 PID=68118 ACTION=fsop ARGS=chmod 644 /tmp/pg-cert-gen-68022/ra_root.key
π Creating certificate signing request (CSR)...
π Signing certificate with internal CA...
Certificate request self-signature ok
subject=C = US, ST = Virginia, L = Ashburn, O = FastOrder, OU = PostgreSQL, CN = db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[2026-02-05 06:55:56 UTC] USER=www-data EUID=0 PID=68201 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-68022/server.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68210 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-68022/server.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68228 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
π Setting up CA certificate...
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68237 ACTION=fsop ARGS=cp /tmp/pg-cert-gen-68022/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68261 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68270 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68281 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt
β
Using CA certificate: /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt
π Setting up key in private directory...
Key already in correct location (CERT_DIR == KEY_DIR)
π Securing key and cert permissions...
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68294 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68303 ACTION=fsop ARGS=chmod 600 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68312 ACTION=fsop ARGS=chown postgres:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68321 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68330 ACTION=fsop ARGS=chown root:postgres /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68339 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Verifying certificate...
Certificate details:
Subject: C = US, ST = Virginia, L = Ashburn, O = FastOrder, OU = PostgreSQL, CN = db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
--
X509v3 Subject Alternative Name:
DNS:db-web-universe-main-dev-postgresql-worker-01.fastorder.com, DNS:web-universe-main-dev.fastorder.com, DNS:db-web-universe-main-dev-postgresql-worker-01.fastorder.com, DNS:db-web-universe-main-dev-postgresql-worker-01, DNS:localhost, IP Address:10.100.1.243, IP Address:127.0.0.1, IP Address:142.93.238.16
X509v3 Subject Key Identifier:
β οΈ Certificate chain verification: FAILED (but certificate may still work)
βββββββββββββββββββββββββββββββββββββββββββββββββ
β
PostgreSQL Server Certificate Generated Successfully!
βββββββββββββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Node: worker-01
Primary CN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Certificate files installed:
π Server cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
π Server key: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
ποΈ CA cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt (ca.crt symlink also available)
To use these certificates in PostgreSQL:
1. Update postgresql.conf:
ssl = on
ssl_cert_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt'
ssl_key_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key'
ssl_ca_file = '/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt'
2. Restart PostgreSQL:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl restart postgresql@web-universe-main-dev-worker-01.service
3. Test SSL connection:
psql "host=db-web-universe-main-dev-postgresql-worker-01.fastorder.com port=5432 user=postgres sslmode=verify-full"
βββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m β
Using canonical certificate path (hardened, ProtectHome=true compatible)
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68373 ACTION=fsop ARGS=test -f /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.crt
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68385 ACTION=fsop ARGS=test -f /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/server.key
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68394 ACTION=fsop ARGS=test -f /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt
[0;32m[OK][0m mTLS certificates OK (server cert + client certs verified) and keys secured
[0;34m[INFO][0m Preflight: stopping any conflicting Postgres services/processes on port 5432β¦
[2026-02-05 06:55:57 UTC] USER=www-data EUID=0 PID=68415 ACTION=passthru ARGS=systemctl stop postgresql@web-universe-main-dev-worker-01.service
[2026-02-05 06:55:58 UTC] USER=www-data EUID=0 PID=68443 ACTION=passthru ARGS=systemctl stop postgresql
[1;33m[WARN][0m Cleaning stale socket directory /var/run/postgresql-web-universe-main-dev-worker-01
[2026-02-05 06:55:58 UTC] USER=www-data EUID=0 PID=68492 ACTION=fsop ARGS=rm -rf /var/run/postgresql-web-universe-main-dev-worker-01
[0;32m[OK][0m No conflicting Postgres left on port 5432
[0;32m[OK][0m Using postgres password from vault provider
[2026-02-05 06:56:00 UTC] USER=www-data EUID=0 PID=68615 ACTION=fsop ARGS=chown postgres:postgres /tmp/.pg_pwfile.CzsA6u
[2026-02-05 06:56:00 UTC] USER=www-data EUID=0 PID=68636 ACTION=fsop ARGS=chmod 600 /tmp/.pg_pwfile.CzsA6u
[2026-02-05 06:56:01 UTC] USER=www-data EUID=0 PID=68684 ACTION=fsop ARGS=chown postgres:postgres /data/postgresql/17/web-universe-main-dev
[2026-02-05 06:56:01 UTC] USER=www-data EUID=0 PID=68708 ACTION=fsop ARGS=chmod 755 /data/postgresql/17/web-universe-main-dev
[0;34m[INFO][0m Initializing cluster in /data/postgresql/17/web-universe-main-dev/worker-01 (SCRAM; pwfile)
[1;33m[WARN][0m Removing existing data directory: /data/postgresql/17/web-universe-main-dev/worker-01
[2026-02-05 06:56:01 UTC] USER=www-data EUID=0 PID=68730 ACTION=fsop ARGS=rm -rf /data/postgresql/17/web-universe-main-dev/worker-01
[2026-02-05 06:56:01 UTC] USER=www-data EUID=0 PID=68774 ACTION=fsop ARGS=mkdir -p /data/postgresql/17/web-universe-main-dev/worker-01
[2026-02-05 06:56:01 UTC] USER=www-data EUID=0 PID=68804 ACTION=fsop ARGS=chown postgres:postgres /data/postgresql/17/web-universe-main-dev/worker-01
[2026-02-05 06:56:01 UTC] USER=www-data EUID=0 PID=68829 ACTION=fsop ARGS=chmod 700 /data/postgresql/17/web-universe-main-dev/worker-01
[2026-02-05 06:56:01 UTC] USER=www-data EUID=0 PID=68850 ACTION=fsop ARGS=mkdir -p /var/run/postgresql-web-universe-main-dev-worker-01
[2026-02-05 06:56:01 UTC] USER=www-data EUID=0 PID=68875 ACTION=fsop ARGS=chown postgres:postgres /var/run/postgresql-web-universe-main-dev-worker-01
[2026-02-05 06:56:01 UTC] USER=www-data EUID=0 PID=68923 ACTION=fsop ARGS=chmod 2775 /var/run/postgresql-web-universe-main-dev-worker-01
[2026-02-05 06:56:01 UTC] USER=www-data EUID=0 PID=68932 ACTION=passthru ARGS=sudo -u postgres /usr/lib/postgresql/17/bin/initdb -D /data/postgresql/17/web-universe-main-dev/worker-01 --locale=en_US.UTF-8 --encoding=UTF8 --auth-local=scram-sha-256 --auth-host=scram-sha-256 --pwfile=/tmp/.pg_pwfile.CzsA6u
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /data/postgresql/17/web-universe-main-dev/worker-01 ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default "max_connections" ... 100
selecting default "shared_buffers" ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
Success. You can now start the database server using:
/usr/lib/postgresql/17/bin/pg_ctl -D /data/postgresql/17/web-universe-main-dev/worker-01 -l logfile start
[0;32m[OK][0m initdb complete
[2026-02-05 06:56:03 UTC] USER=www-data EUID=0 PID=68985 ACTION=fsop ARGS=rm -f /tmp/.pg_pwfile.CzsA6u
[0;34m[INFO][0m Writing postgresql.conf (TLSβ₯1.2, SCRAM, audit logs)
[0;32m[OK][0m postgresql.conf updated successfully
[0;34m[INFO][0m Writing pg_hba.conf (mTLS with client certificates + SCRAM, least-privilege)
[2026-02-05 06:56:03 UTC] USER=www-data EUID=0 PID=69043 ACTION=fsop ARGS=cp /tmp/tmp.QB4GX7wD3v /data/postgresql/17/web-universe-main-dev/worker-01/pg_hba.conf
[2026-02-05 06:56:03 UTC] USER=www-data EUID=0 PID=69064 ACTION=fsop ARGS=chown postgres:postgres /data/postgresql/17/web-universe-main-dev/worker-01/pg_hba.conf
[2026-02-05 06:56:03 UTC] USER=www-data EUID=0 PID=69089 ACTION=fsop ARGS=chmod 600 /data/postgresql/17/web-universe-main-dev/worker-01/pg_hba.conf
[0;32m[OK][0m pg_hba.conf updated
[0;34m[INFO][0m Creating systemd unit: /etc/systemd/system/postgresql@web-universe-main-dev-worker-01.service
[2026-02-05 06:56:03 UTC] USER=www-data EUID=0 PID=69114 ACTION=fsop ARGS=mv -f /tmp/.pg_unit.HnUDFI /etc/systemd/system/postgresql@web-universe-main-dev-worker-01.service
[2026-02-05 06:56:03 UTC] USER=www-data EUID=0 PID=69135 ACTION=fsop ARGS=chmod 0644 /etc/systemd/system/postgresql@web-universe-main-dev-worker-01.service
[0;32m[OK][0m systemd unit written
[2026-02-05 06:56:03 UTC] USER=www-data EUID=0 PID=69156 ACTION=fsop ARGS=mkdir -p /var/lib/pgbackrest /var/spool/pgbackrest /var/log/pgbackrest
[2026-02-05 06:56:03 UTC] USER=www-data EUID=0 PID=69177 ACTION=fsop ARGS=chown postgres:postgres /var/lib/pgbackrest /var/spool/pgbackrest /var/log/pgbackrest
[2026-02-05 06:56:03 UTC] USER=www-data EUID=0 PID=69200 ACTION=passthru ARGS=systemctl daemon-reload
[0;34m[INFO][0m Starting PostgreSQL instance...
[2026-02-05 06:56:04 UTC] USER=www-data EUID=0 PID=69324 ACTION=passthru ARGS=systemctl start postgresql@web-universe-main-dev-worker-01.service
[0;34m[INFO][0m Waiting for ACTIVE (systemd)β¦
[2026-02-05 06:56:05 UTC] USER=www-data EUID=0 PID=69370 ACTION=passthru ARGS=systemctl is-active --quiet postgresql@web-universe-main-dev-worker-01.service
[0;32m[OK][0m Service ACTIVE
[0;34m[INFO][0m Waiting for port 5432 bindβ¦
[0;32m[OK][0m Port bound
[0;34m[INFO][0m Waiting pg_isready (socket)β¦
[0;32m[OK][0m Readiness via socket OK
[0;34m[INFO][0m Waiting pg_isready (TCP db-web-universe-main-dev-postgresql-worker-01.fastorder.com:5432)β¦
[0;32m[OK][0m Startup sequence complete
[0;34m[INFO][0m Validating core security GUCs (via local socket)β¦
[0;32m[OK][0m Security GUCs verified (ssl, min TLS, SCRAM, audit logs)
[0;34m[INFO][0m Provisioning application database and Debezium role (if not exists)...
[0;34m[INFO][0m Checking if database fastorder_web_universe_main_dev_db exists...
[0;34m[INFO][0m DB check result: exit_code=0, output='[2026-02-05 06:56:06 UTC] USER=www-data EUID=0 PID=69541 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -Atqc SELECT 1 FROM pg_database WHERE datname = 'fastorder_web_universe_main_dev_db''
[0;34m[INFO][0m Creating database fastorder_web_universe_main_dev_db...
[2026-02-05 06:56:06 UTC] USER=www-data EUID=0 PID=69564 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c CREATE DATABASE "fastorder_web_universe_main_dev_db" ENCODING 'UTF8' LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8' TEMPLATE template0;
CREATE DATABASE
[0;32m[OK][0m Database fastorder_web_universe_main_dev_db created
[0;34m[INFO][0m Checking if role debezium_user exists...
[0;34m[INFO][0m Role check result: exit_code=0, output='[2026-02-05 06:56:06 UTC] USER=www-data EUID=0 PID=69616 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -Atqc SELECT 1 FROM pg_roles WHERE rolname = 'debezium_user''
[0;34m[INFO][0m Creating role debezium_user...
[2026-02-05 06:56:06 UTC] USER=www-data EUID=0 PID=69651 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c CREATE ROLE debezium_user LOGIN PASSWORD 'wNiMHGWCm28zG6cfoGZ8phOT';
CREATE ROLE
[0;32m[OK][0m Role debezium_user created
[2026-02-05 06:56:07 UTC] USER=www-data EUID=0 PID=69674 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c GRANT CONNECT ON DATABASE "fastorder_web_universe_main_dev_db" TO debezium_user;
GRANT
[0;32m[OK][0m Application DB (fastorder_web_universe_main_dev_db) + Debezium role (debezium_user) provisioned (idempotent)
[0;34m[INFO][0m Applying connection and memory optimizations...
[0;34m[INFO][0m Current settings: max_connections=100, work_mem=4MB
[0;34m[INFO][0m Target settings (worker): max_connections=100, work_mem=8MB
[2026-02-05 06:56:07 UTC] USER=www-data EUID=0 PID=69772 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c ALTER SYSTEM SET max_connections = 100;
ALTER SYSTEM
[2026-02-05 06:56:07 UTC] USER=www-data EUID=0 PID=69806 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -v ON_ERROR_STOP=1 -c ALTER SYSTEM SET work_mem = '8MB';
ALTER SYSTEM
[2026-02-05 06:56:07 UTC] USER=www-data EUID=0 PID=69829 ACTION=passthru ARGS=sudo -u postgres psql -U postgres -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc -c SELECT pg_reload_conf();
pg_reload_conf
----------------
t
(1 row)
[0;32m[OK][0m Settings applied to postgresql.auto.conf
[2026-02-05 06:56:07 UTC] USER=www-data EUID=0 PID=69849 ACTION=passthru ARGS=sudo -u postgres test -f /data/postgresql/17/web-universe-main-dev/worker-01/standby.signal
[0;34m[INFO][0m Service recently started (2s ago) - restarting to apply max_connections...
[0;34m[INFO][0m Stopping service...
[2026-02-05 06:56:07 UTC] USER=www-data EUID=0 PID=69872 ACTION=passthru ARGS=systemctl stop postgresql@web-universe-main-dev-worker-01.service
[0;34m[INFO][0m Waiting for port 5432 to be released...
[0;32m[OK][0m Port 5432 released
[0;34m[INFO][0m Starting service...
[2026-02-05 06:56:11 UTC] USER=www-data EUID=0 PID=70006 ACTION=passthru ARGS=systemctl start postgresql@web-universe-main-dev-worker-01.service
[2026-02-05 06:56:17 UTC] USER=www-data EUID=0 PID=70322 ACTION=passthru ARGS=systemctl is-active --quiet postgresql@web-universe-main-dev-worker-01.service
[0;32m[OK][0m β
Optimization complete: max_connections=100, work_mem=8MB
[0;32m[OK][0m Synchronous replication already configured (synchronous_commit: on)
[0;34m[INFO][0m Setting postgres password via centralized script... for worker-01
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
β οΈ ~/.aws/credentials file not found
β οΈ Using environment-based AWS authentication
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Password Rotation via AWS Secrets Manager β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mEnvironment Configuration:[0m
[0;34m Service: web[0m
[0;34m Zone: universe[0m
[0;34m Environment: dev[0m
[0;34m Identifier: worker-01[0m
[0;34mAWS Secret: fastorder/db/web/universe/main/dev/postgresql/worker-01[0m
[0;34mConnection Info:[0m
[0;34m Socket Dir: /var/run/postgresql-web-universe-main-dev-worker-01[0m
[0;34m Port: 5432[0m
[0;34mTesting AWS Secrets Manager connectivity...[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;34mMethod 1 (PREFERRED): AWS Secrets Manager Rotation[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mThis method uses AWS Secrets Manager's built-in rotation:[0m
[0;34m β Zero-downtime (dual-password window)[0m
[0;34m β Automatic rollback on failure[0m
[0;34m β CloudTrail audit log[0m
[0;34m β CloudWatch metrics[0m
[0;34m β No secret exposure in scripts[0m
[0;34mNon-interactive mode: Proceeding with password rotation automatically[0m
[0;34mInitial setup: Using password from initdb[0m
[0;32mβ PostgreSQL password already set during initdb[0m
[0;34mStoring password in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/worker-01[0m
βΉοΈ Setting PostgreSQL credentials in vault: fastorder/db/web/universe/main/dev/postgresql/worker-01
βΉοΈ Setting secret in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/worker-01
β
Secret updated: fastorder/db/web/universe/main/dev/postgresql/worker-01
β
PostgreSQL credentials set in vault: fastorder/db/web/universe/main/dev/postgresql/worker-01
[0;32mβ Password stored in AWS Secrets Manager[0m
[0;34mVerifying new credentials...[0m
[0;32mβ New credentials retrieved from AWS Secrets Manager[0m
[0;34mTesting PostgreSQL connection with new credentials...[0m
[0;32mβ PostgreSQL connection successful (socket authentication)[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;32mβ β Password Rotation Complete! β[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mSecret: fastorder/db/web/universe/main/dev/postgresql/worker-01[0m
[0;34mMethod: Direct Update (stored in AWS Secrets Manager)[0m
[0;34mStatus: Completed[0m
[0;34mTo retrieve credentials:[0m
[0;34m # Using Bash library[0m
[0;34m source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh[0m
[0;34m get_pg_credentials worker-01[0m
[0;34mAudit trail: AWS CloudTrail (for Secrets Manager operations)[0m
[0;32mβ Done![0m
[0;32m[OK][0m Password set and persisted
[0;34m[INFO][0m Updating /etc/hosts with PostgreSQL hostname mappings...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CONFIGURING POSTGRESQL NETWORK & DNS
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Environment: web-universe-main-dev
[0;34m[INFO][0m Identifier: worker-01
[0;34m[INFO][0m PostgreSQL IP: 10.100.1.243
[0;34m[INFO][0m Primary hostname: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[0;34m[INFO][0m Adding /etc/hosts entry for worker-01...
[0;34m[INFO][0m db-web-universe-main-dev-postgresql-worker-01.fastorder.com β 10.100.1.243
[0;34m[INFO][0m β
db-web-universe-main-dev-postgresql-worker-01.fastorder.com already exists with correct IP
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ
[0m β
Network & DNS configuration complete
[0;32mβ
[0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Verifying /etc/hosts entries:
10.100.1.243 db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[0;32m[OK][0m PostgreSQL 'web-universe-main-dev' is up with TLS/SCRAM/logging.
Superuser TCP mode: cert
Connect (mTLS):
psql "sslmode=verify-full sslrootcert=/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt \
sslcert=/home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.crt \
sslkey=/home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/postgres.key \
host=db-web-universe-main-dev-postgresql-worker-01 port=5432 dbname=postgres user=postgres"
File been compeleted perfectly: 02-setup-pg-instance
[0;34m[INFO][0m Registering PostgreSQL node to observability API...
[INFO] Detected 4-part identifier format
[INFO] Registering node via API
[INFO] Application: PostgreSQL
[INFO] Identifier: web-universe-main-dev-postgresql-worker-01
[INFO] Identifier Parent: worker-01
[INFO] IP: 10.100.1.243
[INFO] Port: 5432
[INFO] FQDN: db-web-universe-main-dev-postgresql-worker-01
[INFO] Status: running
[INFO] Environment: web-universe-main-dev (service=web, zone=universe, branch=main, env=dev)
[INFO] Calling registration API: https://skeleton.dev.fastorder.com/api/obs/register
[SUCCESS] =========================================
[SUCCESS] Node registered successfully via API!
[SUCCESS] =========================================
[SUCCESS] Node UUID: 84e4185a-2ef1-49c1-8d2a-841d077f036b
[SUCCESS] Environment UUID: b9b5805b-8033-4d13-b5de-5df5c0dd562b
[SUCCESS] Dashboard: https:\/\/skeleton.dev.fastorder.com\/dashboard\/monitoring\/environment\/b9b5805b-8033-4d13-b5de-5df5c0dd562b
[0;32m[OK][0m PostgreSQL node registered to observability API
[DEBUG] Tracking substep start: steps/01-install/steps/03-role (RUN_UUID=2165e83b-e0a5-4ce6-a4eb-b16df968beed)
[INFO] π¦ 03 role...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[2026-02-05 06:56:29 UTC] USER=www-data EUID=0 PID=71022 ACTION=fsop ARGS=test -f /data/postgresql/17/web-universe-main-dev/worker-01/standby.signal
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: debezium_user
Identifier: worker-01
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: worker-01
User (CN): debezium_user
Hostname: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:56:30 UTC] USER=www-data EUID=0 PID=71212 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-worker-01-debezium_user
[2026-02-05 06:56:30 UTC] USER=www-data EUID=0 PID=71221 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-worker-01-debezium_user/ra_root.crt
[2026-02-05 06:56:30 UTC] USER=www-data EUID=0 PID=71230 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-worker-01-debezium_user/ra_root.key
[2026-02-05 06:56:30 UTC] USER=www-data EUID=0 PID=71239 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-debezium_user/ra_root.crt
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = debezium_user
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71263 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71272 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71290 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-debezium_user/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.crt
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71299 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-debezium_user/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71308 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71317 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-debezium_user/debezium_user.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key.pkcs1
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71326 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-debezium_user/debezium_user_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_der.key
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71335 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-debezium_user/debezium_user_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_pk8.der
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71344 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71353 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71362 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71371 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71380 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key.pkcs1
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71389 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_der.key
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71398 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_pk8.der
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71407 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71419 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71445 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71454 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71484 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71499 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71508 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71517 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:31 UTC] USER=www-data EUID=0 PID=71526 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71535 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key.pkcs1
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71545 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user_der.key
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71555 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user_pk8.der
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71584 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71594 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71603 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71612 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71621 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71630 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71639 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71648 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71667 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71678 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key.pkcs1
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71690 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user_der.key
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71699 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user_pk8.der
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71715 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71725 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71735 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71746 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71755 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71774 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71783 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71792 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71801 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:56:32 UTC] USER=www-data EUID=0 PID=71810 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key.pkcs1
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=71819 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user_der.key
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=71828 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user_pk8.der
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=71838 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=71848 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=71858 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=71876 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=71894 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=71912 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=71921 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=71930 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key.pkcs1
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=71939 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user_der.key
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=71948 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/debezium_user_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user_pk8.der
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=71958 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=71992 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=72001 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
β
Symlinked client-key.pem
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=72020 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=72030 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:56:33 UTC] USER=www-data EUID=0 PID=72039 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:56:34 UTC] USER=www-data EUID=0 PID=72048 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: debezium_user
Node: worker-01
FQDN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/debezium_user.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-worker-01.fastorder.com -U debezium_user -d postgres
π Generating replicator client certificate for worker-01...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: replicator
Identifier: worker-01
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: worker-01
User (CN): replicator
Hostname: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:56:34 UTC] USER=www-data EUID=0 PID=72095 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-worker-01-replicator
[2026-02-05 06:56:34 UTC] USER=www-data EUID=0 PID=72104 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-worker-01-replicator/ra_root.crt
[2026-02-05 06:56:34 UTC] USER=www-data EUID=0 PID=72113 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-worker-01-replicator/ra_root.key
[2026-02-05 06:56:34 UTC] USER=www-data EUID=0 PID=72131 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-replicator/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = replicator
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:56:34 UTC] USER=www-data EUID=0 PID=72147 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:56:34 UTC] USER=www-data EUID=0 PID=72159 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72170 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-replicator/replicator.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72185 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-replicator/replicator.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.crt
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72194 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-replicator/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72205 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72214 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-replicator/replicator.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key.pkcs1
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72223 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-replicator/replicator_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_der.key
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72232 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-replicator/replicator_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_pk8.der
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72241 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72258 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key.pkcs1
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72268 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_der.key
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72277 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_pk8.der
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72295 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72304 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72313 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key.pkcs1
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72322 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_der.key
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72331 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_pk8.der
[2026-02-05 06:56:35 UTC] USER=www-data EUID=0 PID=72351 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72495 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72505 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72514 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72534 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72543 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72552 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72561 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72570 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72579 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key.pkcs1
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72588 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/replicator_der.key
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72597 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/replicator_pk8.der
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72617 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72626 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72635 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72644 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72653 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72662 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72671 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72680 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72692 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72701 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key.pkcs1
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72710 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/replicator_der.key
[2026-02-05 06:56:36 UTC] USER=www-data EUID=0 PID=72719 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/replicator_pk8.der
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72750 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72759 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72769 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72783 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72799 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72817 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72833 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72854 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key.pkcs1
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72863 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/replicator_der.key
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72872 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/replicator_pk8.der
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72882 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72892 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72901 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72910 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72919 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72928 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72945 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72956 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72966 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=72982 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=73000 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator_der.key
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=73009 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/replicator_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator_pk8.der
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=73019 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=73029 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=73038 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:56:37 UTC] USER=www-data EUID=0 PID=73047 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:56:38 UTC] USER=www-data EUID=0 PID=73059 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:56:38 UTC] USER=www-data EUID=0 PID=73068 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:56:38 UTC] USER=www-data EUID=0 PID=73083 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:56:38 UTC] USER=www-data EUID=0 PID=73105 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:56:38 UTC] USER=www-data EUID=0 PID=73115 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: replicator
Node: worker-01
FQDN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/replicator.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-worker-01.fastorder.com -U replicator -d postgres
β
Replicator certificate generated for worker-01
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
π¦ Start executing 03-create-role.sh
π¦ Setting password for user: fastorder_admin_gd
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
β οΈ ~/.aws/credentials file not found
β οΈ Using environment-based AWS authentication
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Password Rotation via AWS Secrets Manager β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mEnvironment Configuration:[0m
[0;34m Service: web[0m
[0;34m Zone: universe[0m
[0;34m Environment: dev[0m
[0;34m Identifier: worker-01[0m
[0;34mAWS Secret: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd[0m
[0;34mConnection Info:[0m
[0;34m Socket Dir: /var/run/postgresql-web-universe-main-dev-worker-01[0m
[0;34m Port: 5432[0m
[0;34mTesting AWS Secrets Manager connectivity...[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;34mMethod 1 (PREFERRED): AWS Secrets Manager Rotation[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mThis method uses AWS Secrets Manager's built-in rotation:[0m
[0;34m β Zero-downtime (dual-password window)[0m
[0;34m β Automatic rollback on failure[0m
[0;34m β CloudTrail audit log[0m
[0;34m β CloudWatch metrics[0m
[0;34m β No secret exposure in scripts[0m
[0;34mNon-interactive mode: Proceeding with password rotation automatically[0m
[0;34mGenerating new secure password...[0m
[0;34mUser fastorder_admin_gd does not exist yet - skipping ALTER, will be created by calling script[0m
[0;32mβ Password generated for new user: fastorder_admin_gd[0m
[0;34mStoring password in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd[0m
βΉοΈ Setting PostgreSQL credentials in vault: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
βΉοΈ Setting secret in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
β
Secret updated: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
β
PostgreSQL credentials set in vault: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
[0;32mβ Password stored in AWS Secrets Manager[0m
[0;34mVerifying new credentials...[0m
[0;32mβ New credentials retrieved from AWS Secrets Manager[0m
[0;34mTesting PostgreSQL connection with new credentials...[0m
[0;32mβ PostgreSQL connection successful (socket authentication)[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;32mβ β Password Rotation Complete! β[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mSecret: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd[0m
[0;34mMethod: Direct Update (stored in AWS Secrets Manager)[0m
[0;34mStatus: Completed[0m
[0;34mTo retrieve credentials:[0m
[0;34m # Using Bash library[0m
[0;34m source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh[0m
[0;34m get_pg_credentials worker-01[0m
[0;34mAudit trail: AWS CloudTrail (for Secrets Manager operations)[0m
[0;32mβ Done![0m
π Retrieving password from vault with identifier: worker-01/fastorder_admin_gd
β Retrieved password from centralized secrets vault
π Using PostgreSQL host: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: fastorder_admin_gd
Identifier: worker-01
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: worker-01
User (CN): fastorder_admin_gd
Hostname: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:56:47 UTC] USER=www-data EUID=0 PID=73776 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-worker-01-fastorder_admin_gd
[2026-02-05 06:56:47 UTC] USER=www-data EUID=0 PID=73792 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-worker-01-fastorder_admin_gd/ra_root.crt
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73802 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-worker-01-fastorder_admin_gd/ra_root.key
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73811 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-fastorder_admin_gd/ra_root.crt
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73824 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-worker-01-fastorder_admin_gd/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = fastorder_admin_gd
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73849 ACTION=fsop ARGS=mkdir -p /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73858 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73868 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-fastorder_admin_gd/fastorder_admin_gd.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73878 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-fastorder_admin_gd/fastorder_admin_gd.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.crt
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73888 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-fastorder_admin_gd/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73897 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73906 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-fastorder_admin_gd/fastorder_admin_gd.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73915 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-fastorder_admin_gd/fastorder_admin_gd_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73924 ACTION=fsop ARGS=cp -f /tmp/pg-client-worker-01-fastorder_admin_gd/fastorder_admin_gd_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73933 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73943 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73953 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73962 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73971 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73980 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=73992 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=74003 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=74012 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=74021 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der
[2026-02-05 06:56:48 UTC] USER=www-data EUID=0 PID=74030 ACTION=fsop ARGS=chown root:root /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74039 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74075 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74084 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74094 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74103 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74112 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74121 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74130 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74140 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74149 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74158 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74167 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74176 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74186 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74196 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74205 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74214 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74223 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74232 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74241 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74250 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74259 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74268 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74277 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74286 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74295 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74305 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74315 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74324 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74333 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74342 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74351 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74363 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74372 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74381 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74390 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74399 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74408 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74429 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:49 UTC] USER=www-data EUID=0 PID=74439 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74448 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74457 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74466 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74475 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74486 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74495 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74504 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74514 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74525 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key.pkcs1
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74534 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd_der.key
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74543 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd_pk8.der
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74559 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01 β /etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74570 ACTION=fsop ARGS=mkdir -p /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74579 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74588 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74597 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74606 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74615 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74624 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74633 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74642 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: fastorder_admin_gd
Node: worker-01
FQDN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/fastorder_admin_gd.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-worker-01.fastorder.com -U fastorder_admin_gd -d postgres
𧱠Connecting via Unix socket to create role and database...
Socket: /var/run/postgresql-web-universe-main-dev-worker-01:5432
π¦ Creating role fastorder_admin_gd...
β
Role fastorder_admin_gd created
βΉοΈ Database fastorder_web_universe_main_dev_db already exists, skipping creation
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74714 ACTION=passthru ARGS=sudo -u postgres psql -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc
GRANT
β
Role and DB created via SSL
π Adding user to pg_hba.conf for SSL access...
βΉοΈ Using pg_hba.conf: /data/postgresql/17/web-universe-main-dev/worker-01/pg_hba.conf
β
Added fastorder_admin_gd to pg_hba.conf
π Reloading PostgreSQL configuration...
[2026-02-05 06:56:50 UTC] USER=www-data EUID=0 PID=74751 ACTION=passthru ARGS=systemctl reload postgresql@web-universe-main-dev-worker-01.service
β
PostgreSQL configuration reloaded
π§ͺ Testing connection for user: fastorder_admin_gd
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[0;34m=== Pre-flight Checks ===[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;32mβ[0m AWS Secrets Manager accessible
[0;34m=== Retrieving Credentials from AWS ===[0m
βΉοΈ Retrieving PostgreSQL credentials for: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
βΉοΈ Fetching secret: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
β
Retrieved from cache: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
β
PostgreSQL credentials loaded for worker-01/fastorder_admin_gd: fastorder_admin_gd@db-web-universe-main-dev-postgresql-worker-01.fastorder.com:5432/fastorder_web_universe_main_dev_db
[0;32mβ[0m Credentials retrieved: fastorder_admin_gd@db-web-universe-main-dev-postgresql-worker-01.fastorder.com:5432/fastorder_web_universe_main_dev_db
[0;34mββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Test Suite (AWS Secrets MGR) β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34m=== PostgreSQL Authentication Test ===[0m
[0;31mβ[0m PostgreSQL authentication failed
---- Error Details ----
psql: error: connection to server at "db-web-universe-main-dev-postgresql-worker-01.fastorder.com" (10.100.1.243), port 5432 failed: root certificate file "/etc/fastorder/postgresql/certs/web-universe-main-dev/worker-01/fastorder_admin_gd/root.crt" does not exist
Either provide the file, use the system's trusted roots with sslrootcert=system, or change sslmode to disable server certificate verification.
----------------------
β User authentication test failed
π Password stored securely in AWS Secrets Manager
π Secret path: fastorder/db/web/universe/main/dev/postgresql/worker-01/fastorder_admin_gd
π¦ End executing 03-create-role.sh
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[2026-02-05 06:56:55 UTC] USER=www-data EUID=0 PID=74997 ACTION=fsop ARGS=test -f /data/postgresql/17/web-universe-main-dev/worker-01/standby.signal
ββ fast setup βββββββββββββββββββββββββββββββββββββββββββββ
NAME : web-universe-main-dev
IDENTIFIER : worker-01
PG HOST : db-web-universe-main-dev-postgresql-worker-01.fastorder.com:5432
ROLE : debezium_user
DB : fastorder_web_universe_main_dev_db
SCHEMA : web
AUTH MODE : scram (scram=password over TLS | cert=mTLS)
SUBNET ALLOW: 10.201.0.0/16
CONNECT /32 : 142.93.238.16
SSL DIR : /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
DNS β 10.100.1.243
CA : /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
π Setting password for user: debezium_user
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
π Configuring AWS credentials...
β οΈ ~/.aws/credentials file not found
β οΈ Using environment-based AWS authentication
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mβ PostgreSQL Password Rotation via AWS Secrets Manager β[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mEnvironment Configuration:[0m
[0;34m Service: web[0m
[0;34m Zone: universe[0m
[0;34m Environment: dev[0m
[0;34m Identifier: worker-01[0m
[0;34mAWS Secret: fastorder/db/web/universe/main/dev/postgresql/worker-01/debezium_user[0m
[0;34mConnection Info:[0m
[0;34m Socket Dir: /var/run/postgresql-web-universe-main-dev-worker-01[0m
[0;34m Port: 5432[0m
[0;34mTesting AWS Secrets Manager connectivity...[0m
βΉοΈ Testing AWS IAM credentials...
β
AWS IAM credentials are valid
{
"UserId": "AIDAWYLM4MSHFSCGU7QUM",
"Account": "464621692046",
"Arn": "arn:aws:iam::464621692046:user/fo-dev"
}
[0;34mMethod 1 (PREFERRED): AWS Secrets Manager Rotation[0m
[0;34mββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mThis method uses AWS Secrets Manager's built-in rotation:[0m
[0;34m β Zero-downtime (dual-password window)[0m
[0;34m β Automatic rollback on failure[0m
[0;34m β CloudTrail audit log[0m
[0;34m β CloudWatch metrics[0m
[0;34m β No secret exposure in scripts[0m
[0;34mNon-interactive mode: Proceeding with password rotation automatically[0m
[0;34mGenerating new secure password...[0m
[0;34mUser debezium_user does not exist yet - skipping ALTER, will be created by calling script[0m
[0;32mβ Password generated for new user: debezium_user[0m
[0;34mStoring password in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/worker-01/debezium_user[0m
βΉοΈ Setting PostgreSQL credentials in vault: fastorder/db/web/universe/main/dev/postgresql/worker-01/debezium_user
βΉοΈ Setting secret in AWS Secrets Manager: fastorder/db/web/universe/main/dev/postgresql/worker-01/debezium_user
β
Secret updated: fastorder/db/web/universe/main/dev/postgresql/worker-01/debezium_user
β
PostgreSQL credentials set in vault: fastorder/db/web/universe/main/dev/postgresql/worker-01/debezium_user
[0;32mβ Password stored in AWS Secrets Manager[0m
[0;34mVerifying new credentials...[0m
[0;32mβ New credentials retrieved from AWS Secrets Manager[0m
[0;34mTesting PostgreSQL connection with new credentials...[0m
[0;32mβ PostgreSQL connection successful (socket authentication)[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;32mβ β Password Rotation Complete! β[0m
[0;32mβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ[0m
[0;34mSecret: fastorder/db/web/universe/main/dev/postgresql/worker-01/debezium_user[0m
[0;34mMethod: Direct Update (stored in AWS Secrets Manager)[0m
[0;34mStatus: Completed[0m
[0;34mTo retrieve credentials:[0m
[0;34m # Using Bash library[0m
[0;34m source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh[0m
[0;34m get_pg_credentials worker-01[0m
[0;34mAudit trail: AWS CloudTrail (for Secrets Manager operations)[0m
[0;32mβ Done![0m
π Retrieving password from vault with identifier: worker-01/debezium_user
β Retrieved password from secrets vault
password : (stored in AWS Secrets Manager)
π TLS chain check...
π§ Ensuring role and grantsβ¦
βΉοΈ Role debezium_user exists, updating
[2026-02-05 06:57:04 UTC] USER=www-data EUID=0 PID=75668 ACTION=passthru ARGS=sudo -u postgres psql -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d postgres --no-psqlrc
ALTER ROLE
βΉοΈ Database fastorder_web_universe_main_dev_db already exists
[2026-02-05 06:57:04 UTC] USER=www-data EUID=0 PID=75697 ACTION=passthru ARGS=sudo -u postgres psql -h /var/run/postgresql-web-universe-main-dev-worker-01 -p 5432 -d fastorder_web_universe_main_dev_db --no-psqlrc
CREATE SCHEMA
GRANT
GRANT
GRANT
GRANT
ALTER DEFAULT PRIVILEGES
β
Role/DB/grants ensured.
β οΈ Could not find pg_hba.conf (skipping HBA edits): /data/postgresql/17/web-universe-main-dev/worker-01/pg_hba.conf
π§ͺ Testing ROLE connection (scram)...
β
SCRAM+TLS probe OK
π Done.
π Creating replicator role for worker-01...
[WARN] Deadlock prevention library not found: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/01-install/steps/role/lib/pg-deadlock-prevention.sh
π Configuring AWS credentials...
β
Using permanent AWS credentials from /var/www/.aws/credentials
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
ββ replicator setup βββββββββββββββββββββββββββββββββββββββ
NAME : web-universe-main-dev
IDENTIFIER : worker-01
PG HOST : db-web-universe-main-dev-postgresql-worker-01.fastorder.com:5432
ROLE : replicator
SSL DIR : /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01
DNS β 10.100.1.243
CA : /home/www-data/ssl/.postgresql/web-universe-main-dev/worker-01/root.crt
π TLS chain check...
π§ Ensuring replicator roleβ¦
π Checking AWS Secrets Manager for replicator password...
β
Retrieved replicator password from AWS Secrets Manager
βΉοΈ Temporarily disabling synchronous_commit to prevent replication deadlock...
NOTICE: Creating role: replicator with password
SET
CREATE ROLE
β
Replicator role ensured with password authentication.
βΉοΈ Password stored in: AWS Secrets Manager
Secret name: fastorder/db/web/universe/main/dev/postgresql/replicator
π MIGRATION PATH: Password β Certificate Authentication
Current: SCRAM-SHA-256 password auth (production-ready)
Future: Certificate-based auth (requires CA automation)
To migrate: Update pg_hba.conf rules from 'scram-sha-256' to 'cert clientcert=verify-full'
and configure standby to use SSL certificates instead of password
π Done.
β
Replicator role created for worker-01
[DEBUG] Tracking substep start: steps/01-install/steps/05-setup-service (RUN_UUID=2165e83b-e0a5-4ce6-a4eb-b16df968beed)
[INFO] π¦ 05 setup service...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βΉοΈ Service-specific setup (web) is handled by parent script
β
Step 5 completed (service setup delegated to 01-install/run.sh)
π DEBUG_CHECKPOINT_01: Starting service-specific steps for SERVICE=web
π DEBUG_CHECKPOINT_02: Checking for service-specific run.sh: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/01-install/steps/web/run.sh
π DEBUG_CHECKPOINT_03: Found service-specific run.sh for: web
[DEBUG] Tracking substep start: steps/01-install/steps/web (RUN_UUID=2165e83b-e0a5-4ce6-a4eb-b16df968beed)
[INFO] πΈ Service: web (service-specific)
π DEBUG_CHECKPOINT_04: Executing service-specific: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/01-install/steps/web/run.sh
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Web Service Schema Provisioning
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Service: web
[INFO] Zone: universe
[INFO] Branch: main
[INFO] Environment: dev
[INFO] Identifier: coordinator
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] π¦ Running: 01-init-schema.sh...
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
βββββββββββββββββββββββββββββββββββββββ
Initializing config schema
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Identifier: coordinator
Database: fastorder_web_universe_main_dev_db
Host: db-web-universe-main-dev-postgresql.fastorder.com:5432
βββββββββββββββββββββββββββββββββββββββ
[INFO] Checking if config schema exists...
[INFO] Config schema already exists - checking tables...
[OK] Config schema with 3 tables already exists - skipping
[OK] β 01-init-schema.sh completed
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[OK] Web service schema provisioning complete
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ[0m β
Worker worker-01 setup completed
Skipping standbys (PG_WORKERS_STANDBY_NUM=0)
[0;32mβ[0m β
PostgreSQL installation completed
[0;34m[INFO][0m Discovering additional setup steps...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Executing step: 02-pg-bouncer.sh
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Setting up PgBouncer connection pooling...
[2026-02-05 06:57:14 UTC] USER=www-data EUID=0 PID=76192 ACTION=fsop ARGS=rm -f /tmp/pgbouncer-ip.service /tmp/pgbouncer.service
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[0;32mβ [SECRETS][0m Centralized Secrets Manager library loaded (Purpose-Engine Pattern)
[0;34m[SECRETS][0m Functions: PostgreSQL (build_pg_secret_name, get/set_pg_credentials_to_vault, rotate_pg_password)
[0;34m[SECRETS][0m Search (build_es_secret_name, get/set_es_credentials_to_vault)
[0;34m[SECRETS][0m Backups (build_backup_path)
[0;34m[SECRETS][0m Docs: /var/www/html/skeleton.dev.fastorder.com/docs/FASTCTL_USAGE_GUIDE.md
[0;34m[INFO][0m Checking for existing PgBouncer application environment in topology β¦
[0;32m[OK][0m Using existing PgBouncer environment:
[0;34m[INFO][0m IP: 10.100.1.244
[0;34m[INFO][0m FQDN: db-web-universe-main-dev-postgresql-bouncer.fastorder.com
[0;34m[INFO][0m Domain: db-web-universe-main-dev-postgresql-bouncer.fastorder.com
[0;34m[INFO][0m Ensuring /etc/hosts entry for db-web-universe-main-dev-postgresql-bouncer.fastorder.com β¦
[0;32m[OK][0m /etc/hosts already contains entry for db-web-universe-main-dev-postgresql-bouncer.fastorder.com
[1;33m[WARN][0m IP 10.100.1.244 is assigned to multiple interfaces:
inet 10.100.1.242/32 scope global lo
valid_lft forever preferred_lft forever
inet 10.100.1.244/32 scope global lo:pgbouncer
--
inet 10.100.1.243/32 scope global eth0
valid_lft forever preferred_lft forever
inet 10.100.1.244/32 scope global eth0:244
[1;33m[WARN][0m This may cause routing issues
[0;34m[INFO][0m Final verification of /etc/hosts entry for db-web-universe-main-dev-postgresql-bouncer.fastorder.com β¦
[0;32m[OK][0m /etc/hosts correctly maps db-web-universe-main-dev-postgresql-bouncer.fastorder.com to 10.100.1.244
[0;32m[OK][0m PgBouncer IP 10.100.1.244 already correctly bound to lo:pgbouncer
[2026-02-05 06:57:15 UTC] USER=www-data EUID=0 PID=76278 ACTION=passthru ARGS=systemctl daemon-reload
[2026-02-05 06:57:16 UTC] USER=www-data EUID=0 PID=76387 ACTION=passthru ARGS=systemctl restart pgbouncer-ip@web-universe-main-dev.service
Job for pgbouncer-ip@web-universe-main-dev.service failed because the control process exited with error code.
See "systemctl status pgbouncer-ip@web-universe-main-dev.service" and "journalctl -xeu pgbouncer-ip@web-universe-main-dev.service" for details.
[2026-02-05 06:57:16 UTC] USER=www-data EUID=0 PID=76399 ACTION=passthru ARGS=systemctl is-active --quiet pgbouncer-ip@web-universe-main-dev.service
[1;33m[WARN][0m pgbouncer-ip@web-universe-main-dev.service is not active
[1;33m[WARN][0m Check status: command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl status pgbouncer-ip@web-universe-main-dev.service
[2026-02-05 06:57:16 UTC] USER=www-data EUID=0 PID=76432 ACTION=fsop ARGS=mkdir -p /etc/pgbouncer/web-universe-main-dev
[2026-02-05 06:57:16 UTC] USER=www-data EUID=0 PID=76441 ACTION=fsop ARGS=mkdir -p /run/pgbouncer/web-universe-main-dev
[2026-02-05 06:57:17 UTC] USER=www-data EUID=0 PID=76450 ACTION=fsop ARGS=mkdir -p /var/log/pgbouncer/web-universe-main-dev
[2026-02-05 06:57:17 UTC] USER=www-data EUID=0 PID=76459 ACTION=fsop ARGS=chmod 750 /etc/pgbouncer/web-universe-main-dev
[2026-02-05 06:57:17 UTC] USER=www-data EUID=0 PID=76477 ACTION=fsop ARGS=chmod 750 /var/log/pgbouncer/web-universe-main-dev
[2026-02-05 06:57:17 UTC] USER=www-data EUID=0 PID=76486 ACTION=fsop ARGS=chown root:postgres /etc/pgbouncer/web-universe-main-dev
[2026-02-05 06:57:17 UTC] USER=www-data EUID=0 PID=76495 ACTION=fsop ARGS=chown postgres:postgres /run/pgbouncer/web-universe-main-dev
[2026-02-05 06:57:17 UTC] USER=www-data EUID=0 PID=76504 ACTION=fsop ARGS=chown postgres:postgres /var/log/pgbouncer/web-universe-main-dev
[0;34m[INFO][0m Generating pgbouncer_admin client certificates...
[0;34m[INFO][0m β³ This may take 30-60 seconds...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
Environment: web-universe-main-dev
Username: pgbouncer_admin
Identifier: pgbouncer
π¦ Start executing client cert generation
βββββββββββββββββββββββββββββββββββββββ
Environment: web-universe-main-dev
Service: web
Zone: universe
Branch: main
Env: dev
Node: pgbouncer
User (CN): pgbouncer_admin
Hostname: db-web-universe-main-dev-postgresql-bouncer.fastorder.com
βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:57:17 UTC] USER=www-data EUID=0 PID=76539 ACTION=fsop ARGS=chmod 755 /tmp/pg-client-pgbouncer-pgbouncer_admin
[2026-02-05 06:57:17 UTC] USER=www-data EUID=0 PID=76549 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.crt /tmp/pg-client-pgbouncer-pgbouncer_admin/ra_root.crt
[2026-02-05 06:57:17 UTC] USER=www-data EUID=0 PID=76564 ACTION=fsop ARGS=cp /opt/fastorder/ssl/ca/fastorder_ra_root/ra_root.key /tmp/pg-client-pgbouncer-pgbouncer_admin/ra_root.key
[2026-02-05 06:57:17 UTC] USER=www-data EUID=0 PID=76573 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-pgbouncer-pgbouncer_admin/ra_root.crt
[2026-02-05 06:57:17 UTC] USER=www-data EUID=0 PID=76582 ACTION=fsop ARGS=chmod 644 /tmp/pg-client-pgbouncer-pgbouncer_admin/ra_root.key
π Generating private key (PKCS#1 format)...
π Converting to PKCS#8 PEM (for pgjdbc/debezium)...
π (optional) Exporting DER as well...
π Generating CSR...
π Signing with CA...
Certificate request self-signature ok
subject=CN = pgbouncer_admin
π Installing to canonical location β /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:18 UTC] USER=www-data EUID=0 PID=76648 ACTION=fsop ARGS=chmod 750 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:18 UTC] USER=www-data EUID=0 PID=76659 ACTION=fsop ARGS=cp -f /tmp/pg-client-pgbouncer-pgbouncer_admin/pgbouncer_admin.key /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[2026-02-05 06:57:18 UTC] USER=www-data EUID=0 PID=76670 ACTION=fsop ARGS=cp -f /tmp/pg-client-pgbouncer-pgbouncer_admin/pgbouncer_admin.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt
[2026-02-05 06:57:18 UTC] USER=www-data EUID=0 PID=76679 ACTION=fsop ARGS=cp -f /tmp/pg-client-pgbouncer-pgbouncer_admin/ra_root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt
[2026-02-05 06:57:18 UTC] USER=www-data EUID=0 PID=76688 ACTION=fsop ARGS=ln -sf root.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/ca.crt
[2026-02-05 06:57:18 UTC] USER=www-data EUID=0 PID=76706 ACTION=fsop ARGS=cp -f /tmp/pg-client-pgbouncer-pgbouncer_admin/pgbouncer_admin.key.pkcs1 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1
[2026-02-05 06:57:18 UTC] USER=www-data EUID=0 PID=76717 ACTION=fsop ARGS=cp -f /tmp/pg-client-pgbouncer-pgbouncer_admin/pgbouncer_admin_der.key /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_der.key
[2026-02-05 06:57:18 UTC] USER=www-data EUID=0 PID=76726 ACTION=fsop ARGS=cp -f /tmp/pg-client-pgbouncer-pgbouncer_admin/pgbouncer_admin_pk8.der /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der
[2026-02-05 06:57:18 UTC] USER=www-data EUID=0 PID=76742 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[2026-02-05 06:57:18 UTC] USER=www-data EUID=0 PID=76753 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1
[2026-02-05 06:57:18 UTC] USER=www-data EUID=0 PID=76763 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_der.key
[2026-02-05 06:57:18 UTC] USER=www-data EUID=0 PID=76772 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der
[2026-02-05 06:57:18 UTC] USER=www-data EUID=0 PID=76790 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:18 UTC] USER=www-data EUID=0 PID=76808 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1
[2026-02-05 06:57:18 UTC] USER=www-data EUID=0 PID=76817 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_der.key
[2026-02-05 06:57:19 UTC] USER=www-data EUID=0 PID=76826 ACTION=fsop ARGS=chown root:sslusers /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der
[2026-02-05 06:57:19 UTC] USER=www-data EUID=0 PID=76844 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt
β
Canonical installation complete
π Creating symlinks for ab β /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:19 UTC] USER=www-data EUID=0 PID=76871 ACTION=fsop ARGS=mkdir -p /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:19 UTC] USER=www-data EUID=0 PID=76880 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:57:19 UTC] USER=www-data EUID=0 PID=76889 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:57:19 UTC] USER=www-data EUID=0 PID=76901 ACTION=fsop ARGS=chown ab:ab /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:19 UTC] USER=www-data EUID=0 PID=76911 ACTION=fsop ARGS=chmod 700 /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:19 UTC] USER=www-data EUID=0 PID=76931 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt
[2026-02-05 06:57:19 UTC] USER=www-data EUID=0 PID=76971 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/ca.crt /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/ca.crt
[2026-02-05 06:57:19 UTC] USER=www-data EUID=0 PID=76993 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1 /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1
[2026-02-05 06:57:19 UTC] USER=www-data EUID=0 PID=77012 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_der.key /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin_der.key
[2026-02-05 06:57:19 UTC] USER=www-data EUID=0 PID=77032 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der
[2026-02-05 06:57:19 UTC] USER=www-data EUID=0 PID=77046 ACTION=fsop ARGS=chown -h ab:ssl-cert /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer/ca.crt
β
Symlinks created for ab in /home/ab/ssl/.postgresql/web-universe-main-dev/pgbouncer β /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer
π Creating symlinks for www-data β /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:19 UTC] USER=www-data EUID=0 PID=77056 ACTION=fsop ARGS=mkdir -p /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:19 UTC] USER=www-data EUID=0 PID=77067 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77076 ACTION=fsop ARGS=chmod 700 /home/www-data/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77087 ACTION=fsop ARGS=chown www-data:www-data /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77108 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77117 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77126 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77135 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/ca.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/ca.crt
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77144 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1 /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77162 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77172 ACTION=fsop ARGS=chown -h www-data:ssl-cert /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer/ca.crt
β
Symlinks created for www-data in /home/www-data/ssl/.postgresql/web-universe-main-dev/pgbouncer β /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer
π Creating symlinks for postgres β /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77182 ACTION=fsop ARGS=mkdir -p /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77191 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77200 ACTION=fsop ARGS=chmod 700 /home/postgres/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77209 ACTION=fsop ARGS=chown postgres:postgres /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77227 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77236 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77245 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77254 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/ca.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/ca.crt
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77263 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1 /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77272 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_der.key /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin_der.key
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77283 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77293 ACTION=fsop ARGS=chown -h postgres:ssl-cert /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer/ca.crt
β
Symlinks created for postgres in /home/postgres/ssl/.postgresql/web-universe-main-dev/pgbouncer β /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer
π Creating symlinks for kafka β /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77310 ACTION=fsop ARGS=mkdir -p /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77319 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77328 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev
[2026-02-05 06:57:20 UTC] USER=www-data EUID=0 PID=77337 ACTION=fsop ARGS=chown kafka:kafka /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77346 ACTION=fsop ARGS=chmod 700 /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77355 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77364 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77373 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77382 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/ca.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/ca.crt
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77391 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1 /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key.pkcs1
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77400 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_der.key /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin_der.key
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77409 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin_pk8.der
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77419 ACTION=fsop ARGS=chown -h kafka:ssl-cert /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/ca.crt
β
Symlinks created for kafka in /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer β /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer
π All requested users processed.
π Creating Kafka SSL certificate symlinks for www-data...
Source: /opt/kafka/secrets/web-universe-main-dev/coordinator/pem
Destination: /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77441 ACTION=fsop ARGS=chmod 750 /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77450 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /var/www/ssl/kafka/web-universe-main-dev/ca.pem
β
Symlinked ca.pem
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77459 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
β
Symlinked client-cert.pem
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77468 ACTION=fsop ARGS=ln -sf /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Symlinked client-key.pem
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77478 ACTION=fsop ARGS=chown -R www-data:www-data /var/www/ssl/kafka/web-universe-main-dev
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77487 ACTION=fsop ARGS=chmod 640 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77500 ACTION=fsop ARGS=chown kafka:sslusers /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-key.pem
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77509 ACTION=fsop ARGS=chmod 644 /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/ca.pem /opt/kafka/secrets/web-universe-main-dev/coordinator/pem/client-cert.pem
β
Kafka certificate symlinks ready for www-data
PHP Kafka consumers can now use:
- ssl.ca.location: /var/www/ssl/kafka/web-universe-main-dev/ca.pem
- ssl.certificate.location: /var/www/ssl/kafka/web-universe-main-dev/client-cert.pem
- ssl.key.location: /var/www/ssl/kafka/web-universe-main-dev/client-key.pem
β
Client certificate generated successfully!
Environment: web-universe-main-dev
User: pgbouncer_admin
Node: pgbouncer
FQDN: db-web-universe-main-dev-postgresql-bouncer.fastorder.com
Next steps for Kafka Connect (Debezium β Postgres):
- Point connector to PEM key files:
database.sslcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt
database.sslkey: /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key # PKCS#8 PEM
database.sslrootcert: /home/kafka/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt
- If Connect runs in a container, bind-mount /home/kafka/ssl/.postgresql inside the container
and use the container path in connector config.
For local testing:
export PGSSLCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt"
export PGSSLKEY="/home/$USER/ssl/.postgresql/web-universe-main-dev/pgbouncer/pgbouncer_admin.key"
export PGSSLROOTCERT="/home/$USER/ssl/.postgresql/web-universe-main-dev/pgbouncer/root.crt"
export PGSSLMODE="verify-full"
psql -h db-web-universe-main-dev-postgresql-bouncer.fastorder.com -U pgbouncer_admin -d postgres
[0;32m[OK][0m mTLS client certificate present: /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt
[0;34m[INFO][0m Creating symlinks to canonical certificates in /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend...
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77534 ACTION=fsop ARGS=mkdir -p /etc/ssl/private/web-universe-main-dev/pg/pgbouncer-backend
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77543 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.crt
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77552 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key /etc/ssl/private/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.key
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77561 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/root.crt
[0;34m[INFO][0m Creating coordinator CA symlink for PostgreSQL server verification...
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77571 ACTION=fsop ARGS=ln -sf /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/coordinator-ca.crt
[0;34m[INFO][0m Verifying canonical certificate permissions...
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77582 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt
[2026-02-05 06:57:21 UTC] USER=www-data EUID=0 PID=77591 ACTION=fsop ARGS=chmod 640 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[2026-02-05 06:57:22 UTC] USER=www-data EUID=0 PID=77600 ACTION=fsop ARGS=chmod 644 /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt
[2026-02-05 06:57:22 UTC] USER=www-data EUID=0 PID=77609 ACTION=fsop ARGS=chown root:www-data /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key
[0;32m[OK][0m Backend certificate symlinks created in /etc/ssl
[0;32m[OK][0m Coordinator CA symlink created for server verification
[0;32m[OK][0m Certificates already in canonical location - no symlinks needed
[2026-02-05 06:57:22 UTC] USER=www-data EUID=0 PID=77620 ACTION=fsop ARGS=test -r /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/server.crt
[2026-02-05 06:57:22 UTC] USER=www-data EUID=0 PID=77629 ACTION=fsop ARGS=test -r /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/server.key
[2026-02-05 06:57:22 UTC] USER=www-data EUID=0 PID=77638 ACTION=fsop ARGS=test -r /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/ca.crt
[2026-02-05 06:57:22 UTC] USER=www-data EUID=0 PID=77647 ACTION=fsop ARGS=test -r /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/coordinator-ca.crt
[0;34m[INFO][0m PgBouncer will use PostgreSQL coordinator CA: /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/coordinator-ca.crt
[0;32m[OK][0m PostgreSQL coordinator at db-web-universe-main-dev-postgresql-coordinator.fastorder.com:5432 is reachable
[0;34m[INFO][0m Dumping SCRAM secrets from coordinator for PgBouncer auth_file β¦
[2026-02-05 06:57:22 UTC] USER=www-data EUID=0 PID=77667 ACTION=fsop ARGS=cp /tmp/tmp.PHRoQT0zDi /etc/pgbouncer/web-universe-main-dev/userlist.txt
[2026-02-05 06:57:22 UTC] USER=www-data EUID=0 PID=77676 ACTION=fsop ARGS=chmod 640 /etc/pgbouncer/web-universe-main-dev/userlist.txt
[2026-02-05 06:57:22 UTC] USER=www-data EUID=0 PID=77685 ACTION=fsop ARGS=chown postgres:postgres /etc/pgbouncer/web-universe-main-dev/userlist.txt
[0;32m[OK][0m Auth file written: /etc/pgbouncer/web-universe-main-dev/userlist.txt
[0;34m[INFO][0m Retrieved password from vault for pgbouncer_admin
[0;34m[INFO][0m Ensuring PgBouncer admin role 'pgbouncer_admin' exists in Postgres (coordinator) β¦
[0;32m[OK][0m Role pgbouncer_admin created/updated successfully
[0;34m[SECRETS][0m Setting credentials in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator/pgbouncer_admin
[0;32mβ [SECRETS][0m Credentials updated in vault: fastorder/db/web/universe/main/dev/postgresql/coordinator/pgbouncer_admin
[0;34m[INFO][0m β
PgBouncer admin password stored in centralized secrets vault
[0;34m[INFO][0m Re-fetching SCRAM secrets after role creation to ensure pgbouncer_admin is included β¦
[2026-02-05 06:57:29 UTC] USER=www-data EUID=0 PID=77935 ACTION=fsop ARGS=cp /tmp/tmp.4jQFlFaO9l /etc/pgbouncer/web-universe-main-dev/userlist.txt
[2026-02-05 06:57:29 UTC] USER=www-data EUID=0 PID=77944 ACTION=fsop ARGS=chmod 640 /etc/pgbouncer/web-universe-main-dev/userlist.txt
[2026-02-05 06:57:29 UTC] USER=www-data EUID=0 PID=77954 ACTION=fsop ARGS=chown postgres:postgres /etc/pgbouncer/web-universe-main-dev/userlist.txt
[0;32m[OK][0m Auth file updated with pgbouncer_admin SCRAM hash
[0;34m[INFO][0m Auth file contains [2026-02-05 06:57:29 UTC] USER=www-data EUID=0 PID=77965 ACTION=passthru ARGS=bash -c wc -l < '/etc/pgbouncer/web-universe-main-dev/userlist.txt'
4 user(s)
[0;32m[OK][0m Admin 'pgbouncer_admin' password generated and saved
[0;34m[INFO][0m Configuring PostgreSQL to prevent Citus metadata sync hangs...
ALTER ROLE
[0;32m[OK][0m Disabled Citus metadata sync for pgbouncer_admin
[0;34m[INFO][0m Verifying application database fastorder_web_universe_main_dev_db exists...
[0;32m[OK][0m β Database fastorder_web_universe_main_dev_db exists
[0;34m[INFO][0m Granting permissions to pgbouncer_admin on fastorder_web_universe_main_dev_db...
GRANT
[0;32m[OK][0m β Granted CONNECT on fastorder_web_universe_main_dev_db to pgbouncer_admin
GRANT
[0;32m[OK][0m β Granted USAGE on schema public to pgbouncer_admin
GRANT
[0;32m[OK][0m β Granted SELECT on all tables to pgbouncer_admin
ALTER DATABASE
[0;32m[OK][0m Set synchronous_commit=local for fastorder_web_universe_main_dev_db
[0;34m[INFO][0m Ensuring pg_hba.conf entry for pgbouncer_admin β¦
[0;34m[INFO][0m Adding pg_hba.conf entries for pgbouncer_admin with cert auth β¦
[2026-02-05 06:57:30 UTC] USER=unknown EUID=33 PID=78045 ACTION=-u ARGS=postgres bash
ERROR: Invalid or unauthorized action: -u
[0;32m[OK][0m pg_hba.conf updated and PostgreSQL configuration reloaded
[1;33m[WARN][0m pg_hba.conf entry may not have loaded correctly
[0;34m[INFO][0m Writing /etc/pgbouncer/web-universe-main-dev/pgbouncer.ini β¦
[2026-02-05 06:57:31 UTC] USER=www-data EUID=0 PID=78100 ACTION=fsop ARGS=cp /tmp/tmp.jUISjhnGi8 /etc/pgbouncer/web-universe-main-dev/pgbouncer.ini
[2026-02-05 06:57:31 UTC] USER=www-data EUID=0 PID=78118 ACTION=fsop ARGS=chown postgres:postgres /etc/pgbouncer/web-universe-main-dev/pgbouncer.ini
[2026-02-05 06:57:31 UTC] USER=www-data EUID=0 PID=78127 ACTION=fsop ARGS=chown -R postgres:postgres /etc/pgbouncer/web-universe-main-dev /run/pgbouncer/web-universe-main-dev /var/log/pgbouncer/web-universe-main-dev
[2026-02-05 06:57:31 UTC] USER=www-data EUID=0 PID=78136 ACTION=fsop ARGS=chmod 640 /etc/pgbouncer/web-universe-main-dev/userlist.txt
[0;32m[OK][0m pgbouncer.ini ready
[0;34m[INFO][0m Verifying TLS settings in pgbouncer.ini:
[2026-02-05 06:57:31 UTC] USER=www-data EUID=0 PID=78146 ACTION=fsop ARGS=grep -E (client_tls_sslmode|server_tls) /etc/pgbouncer/web-universe-main-dev/pgbouncer.ini
client_tls_sslmode = verify-full
server_tls_sslmode = verify-full
server_tls_ca_file = /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/coordinator-ca.crt
server_tls_cert_file = /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.crt
server_tls_key_file = /etc/ssl/private/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.key
[0;34m[INFO][0m Verifying PgBouncer server certificate files:
[2026-02-05 06:57:31 UTC] USER=www-data EUID=0 PID=78155 ACTION=fsop ARGS=test -r /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.crt
[0;32m[OK][0m Server cert readable by postgres: /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.crt
[2026-02-05 06:57:31 UTC] USER=www-data EUID=0 PID=78164 ACTION=fsop ARGS=test -r /etc/ssl/private/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.key
[0;32m[OK][0m Server key readable by postgres: /etc/ssl/private/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.key
[0;34m[INFO][0m Verifying coordinator CA certificate:
[2026-02-05 06:57:31 UTC] USER=www-data EUID=0 PID=78173 ACTION=fsop ARGS=test -r /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/coordinator-ca.crt
[0;32m[OK][0m Coordinator CA readable by postgres: /etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/coordinator-ca.crt
[0;34m[INFO][0m Preflight: stopping any conflicting PgBouncer on 6432 β¦
[2026-02-05 06:57:31 UTC] USER=www-data EUID=0 PID=78182 ACTION=passthru ARGS=systemctl is-active --quiet pgbouncer.service
[2026-02-05 06:57:31 UTC] USER=www-data EUID=0 PID=78191 ACTION=passthru ARGS=systemctl stop pgbouncer@web-universe-main-dev.service
permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.47/containers/json?all=1": dial unix /var/run/docker.sock: connect: permission denied
[2026-02-05 06:57:33 UTC] USER=www-data EUID=0 PID=78291 ACTION=passthru ARGS=systemctl daemon-reload
[0;32m[OK][0m systemd unit installed: pgbouncer@web-universe-main-dev.service
[0;34m[INFO][0m Running pre-flight IP conflict check for 10.100.1.244:6432 β¦
[1;33m[WARN][0m IP conflict checker not found at /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/lib/check-ip-conflicts.sh
[1;33m[WARN][0m Skipping pre-flight check - conflicts may occur
[0;34m[INFO][0m Starting PgBouncer (web-universe-main-dev) β¦
[2026-02-05 06:57:35 UTC] USER=www-data EUID=0 PID=78401 ACTION=passthru ARGS=systemctl restart pgbouncer@web-universe-main-dev.service
[2026-02-05 06:57:35 UTC] USER=www-data EUID=0 PID=78412 ACTION=passthru ARGS=systemctl is-active --quiet pgbouncer@web-universe-main-dev.service
[0;32m[OK][0m Service ACTIVE
[0;34m[INFO][0m Verifying auth_file before probing β¦
[0;34m[INFO][0m Auth file contains 4 user(s)
[1;33m[WARN][0m Auth file does NOT contain pgbouncer_admin entry - authentication will fail
[0;34m[INFO][0m Probing admin console via SSL (psql to database 'pgbouncer') β¦
[0;34m[INFO][0m Retrieved password from vault for admin console probe
[0;32m[OK][0m Admin console reachable (SHOW POOLS OK)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Running Comprehensive PgBouncer Verification Tests
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Password extracted: WO0D2C0d7Z... (using postgres user certificates)
[0;34m[INFO][0m Test 1/7: Admin Console - SHOW POOLS
database | user | cl_active | cl_waiting | cl_active_cancel_req | cl_waiting_cancel_req | sv_active | sv_active_cancel | sv_being_canceled | sv_idle | sv_used | sv_tested | sv_login | maxwait | maxwait_us | pool_mode | load_balance_hosts
-----------+-----------+-----------+------------+----------------------+-----------------------+-----------+------------------+-------------------+---------+---------+-----------+----------+---------+------------+-----------+--------------------
pgbouncer | pgbouncer | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | statement |
(1 row)
[0;32m[OK][0m β SHOW POOLS: SUCCESS
[0;34m[INFO][0m Test 2/7: Admin Console - SHOW VERSION
[0;32m[OK][0m β SHOW VERSION: PgBouncer 1.24.1
[0;34m[INFO][0m Test 3/7: Admin Console - SHOW STATS
database | total_server_assignment_count | total_xact_count | total_query_count | total_received | total_sent | total_xact_time | total_query_time | total_wait_time | total_client_parse_count | total_server_parse_count | total_bind_count | avg_server_assignment_count | avg_xact_count | avg_query_count | avg_recv | avg_sent | avg_xact_time | avg_query_time | avg_wait_time | avg_client_parse_count | avg_server_parse_count | avg_bind_count
-----------+-------------------------------+------------------+-------------------+----------------+------------+-----------------+------------------+-----------------+--------------------------+--------------------------+------------------+-----------------------------+----------------+-----------------+----------+----------+---------------+----------------+---------------+------------------------+------------------------+----------------
pgbouncer | 0 | 4 | 4 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0
(1 row)
[0;32m[OK][0m β SHOW STATS: SUCCESS
[0;34m[INFO][0m Test 4/7: Admin Console - SHOW DATABASES
name | host | port | database | force_user | pool_size | min_pool_size | reserve_pool_size | server_lifetime | pool_mode | load_balance_hosts | max_connections | current_connections | max_client_connections | current_client_connections | paused | disabled
---------------------------------------------+---------------------------------------------------------------+------+------------------------------------+------------+-----------+---------------+-------------------+-----------------+-----------+--------------------+-----------------+---------------------+------------------------+----------------------------+--------+----------
fastorder_web_universe_main_dev_db | db-web-universe-main-dev-postgresql-coordinator.fastorder.com | 5432 | fastorder_web_universe_main_dev_db | | 100 | 0 | 20 | 3600 | | | 0 | 0 | 0 | 0 | 0 | 0
fastorder_web_universe_main_dev_db_worker_1 | pg-worker-01-web-universe-main-dev.fastorder.com | 5432 | fastorder_web_universe_main_dev_db | | 100 | 0 | 20 | 3600 | | | 0 | 0 | 0 | 0 | 0 | 0
fastorder_web_universe_main_dev_db_worker_2 | pg-worker-01-standby-01-web-universe-main-dev.fastorder.com | 5432 | fastorder_web_universe_main_dev_db | | 100 | 0 | 20 | 3600 | | | 0 | 0 | 0 | 0 | 0 | 0
fastorder_web_universe_main_dev_db_worker_3 | pg-worker-01-standby-02-web-universe-main-dev.fastorder.com | 5432 | fastorder_web_universe_main_dev_db | | 100 | 0 | 20 | 3600 | | | 0 | 0 | 0 | 0 | 0 | 0
fastorder_web_universe_main_dev_db_worker_4 | pg-worker-01-standby-03-web-universe-main-dev.fastorder.com | 5432 | fastorder_web_universe_main_dev_db | | 100 | 0 | 20 | 3600 | | | 0 | 0 | 0 | 0 | 0 | 0
pgbouncer | | 6432 | pgbouncer | pgbouncer | 2 | 0 | 0 | 3600 | statement | | 0 | 0 | 0 | 1 | 0 | 0
(6 rows)
[0;32m[OK][0m β SHOW DATABASES: SUCCESS
[0;34m[INFO][0m Test 5/7: Admin Console - SHOW CONFIG
[0;32m[OK][0m β SHOW CONFIG: SUCCESS
[0;34m[INFO][0m Key settings:
[0;34m[INFO][0m client_tls_sslmode = verify-full|disable|yes
[0;34m[INFO][0m max_client_conn = 2048|100|yes
[0;34m[INFO][0m pool_mode = transaction|session|yes
[0;34m[INFO][0m server_tls_sslmode = verify-full|prefer|yes
psql "host=db-web-universe-main-dev-postgresql-bouncer.fastorder.com port=6432 dbname=fastorder_web_universe_main_dev_db user=pgbouncer_admin password=WO0D2C0d7ZbIdk65D10y9TaD connect_timeout=5 sslmode=verify-full sslrootcert=/etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/root.crt sslcert=/etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.crt sslkey=/etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/pgbouncer_admin.key" --no-psqlrc -Atc 'SELECT version();'
[0;34m[INFO][0m Test 6/7: Application Database - SELECT version()
[1;33m[WARN][0m β Application database query: FAILED (timeout or connection issue)
[1;33m[WARN][0m If Citus is not set up yet, run: ./setup/05-db/engine/postgresql/steps/03-citus-setup.sh
[0;34m[INFO][0m Test 7/8: Application Database - Connection Details
[1;33m[WARN][0m β Connection details: FAILED (timeout or connection issue)
[1;33m[WARN][0m If Citus is not set up yet, run: ./setup/05-db/engine/postgresql/steps/03-citus-setup.sh
[0;34m[INFO][0m Test 8/8: End-to-End Application Routing - Pool Verification
[0;34m[INFO][0m Running actual queries through PgBouncer to verify routing and pooling...
[1;33m[WARN][0m β End-to-end routing verification: FAILED - All 3 queries failed
[1;33m[WARN][0m If Citus is not set up yet, run: ./setup/05-db/engine/postgresql/steps/03-citus-setup.sh
[1;33m[WARN][0m Otherwise check if database fastorder_web_universe_main_dev_db exists and user pgbouncer_admin has permissions
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Verification Complete - Tests 1-5 PASSED (Admin console verified)
[1;33m[WARN][0m Tests 6-8 FAILED - Application database not accessible
[1;33m[WARN][0m This is expected if Citus is not set up yet
[1;33m[WARN][0m Run: ./setup/05-db/engine/postgresql/steps/03-citus-setup.sh
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32m[OK][0m PgBouncer is up for web-universe-main-dev
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Connection Examples
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Password stored in: AWS Secrets Manager (fastorder/db/web/ksa/main/dev/postgresqlweb/universe/main/dev/coordinator-pgbouncer_admin)
Current password: WO0D2C0d7ZbIdk65D10y9TaD
1. Admin Console (using IP address to avoid DNS/SSL issues):
psql "host=10.100.1.244 port=6432 dbname=pgbouncer sslkey=/etc/ssl/private/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.key sslcert=/etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.crt user=pgbouncer_admin password=WO0D2C0d7ZbIdk65D10y9TaD sslmode=verify-full sslrootcert=/etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/root.crt" --no-psqlrc -v ON_ERROR_STOP=1 -c "SHOW POOLS;"
2. Admin Console (using hostname):
psql "host=db-web-universe-main-dev-postgresql-bouncer.fastorder.com port=6432 dbname=pgbouncer sslkey=/etc/ssl/private/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.key sslcert=/etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.crt user=pgbouncer_admin password=WO0D2C0d7ZbIdk65D10y9TaD sslmode=verify-full sslrootcert=/etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/root.crt" --no-psqlrc -v ON_ERROR_STOP=1 -c "SHOW POOLS;"
3. Application Database:
psql "host=db-web-universe-main-dev-postgresql-bouncer.fastorder.com port=6432 dbname=fastorder_web_universe_main_dev_db sslkey=/etc/ssl/private/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.key sslcert=/etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/pgbouncer_admin.crt user=pgbouncer_admin password=WO0D2C0d7ZbIdk65D10y9TaD sslmode=verify-full sslrootcert=/etc/ssl/certs/web-universe-main-dev/pg/pgbouncer-backend/root.crt" --no-psqlrc -v ON_ERROR_STOP=1 -c "SHOW POOLS;"
4. Using .pgpass file:
echo "db-web-universe-main-dev-postgresql-bouncer.fastorder.com:6432:*:pgbouncer_admin:WO0D2C0d7ZbIdk65D10y9TaD" >> ~/.pgpass
chmod 600 ~/.pgpass
psql -h db-web-universe-main-dev-postgresql-bouncer.fastorder.com -p 6432 -U pgbouncer_admin -d fastorder_web_universe_main_dev_db
5. Retrieve password from vault:
source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
PGPASSWORD="$(get_pg_credentials_from_vault 'coordinator-pgbouncer_admin' 'password')" \
psql -h 10.100.1.244 -p 6432 -U pgbouncer_admin -d pgbouncer -c "SHOW POOLS;"
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Architecture
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β’ Default db 'fastorder_web_universe_main_dev_db' β Citus coordinator (db-web-universe-main-dev-postgresql-coordinator.fastorder.com)
β’ Worker access: 'fastorder_web_universe_main_dev_db_worker_1', 'fastorder_web_universe_main_dev_db_worker_2', β¦ (if exist)
β’ Client TLS: require (password auth) / verify-full (mTLS with certs)
β’ Server TLS: verify-full (PgBouncer validates PostgreSQL certs)
β’ Auth: SCRAM-SHA-256 via /etc/pgbouncer/web-universe-main-dev/userlist.txt
β’ Pool mode: transaction (stateless connections)
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Management
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Service Status:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl status pgbouncer@web-universe-main-dev.service
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl status pgbouncer-ip@web-universe-main-dev.service
Logs:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru journalctl -u pgbouncer@web-universe-main-dev.service -f
/usr/local/bin/fastorder-provisioning-wrapper.sh tail -f /var/log/pgbouncer/web-universe-main-dev/pgbouncer.log
Reload Config:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl reload pgbouncer@web-universe-main-dev.service
Restart:
command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl restart pgbouncer@web-universe-main-dev.service
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Files
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Config: /etc/pgbouncer/web-universe-main-dev/pgbouncer.ini
Auth file: /etc/pgbouncer/web-universe-main-dev/userlist.txt
Server cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/server.crt
Server key: /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/server.key
CA cert: /etc/fastorder/postgresql/certs/web-universe-main-dev/pgbouncer/ca.crt
PG CA: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/ca.crt
Logs: /var/log/pgbouncer/web-universe-main-dev/pgbouncer.log
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Troubleshooting
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
If "SASL authentication failed":
1. Check auth file: /usr/local/bin/fastorder-provisioning-wrapper.sh cat /etc/pgbouncer/web-universe-main-dev/userlist.txt
2. Verify pgbouncer_admin is present with SCRAM hash
3. Get password from vault:
source /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
get_pg_credentials_from_vault 'coordinator-pgbouncer_admin' 'password'
4. Reload PgBouncer: command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl reload pgbouncer@web-universe-main-dev.service
If "no pg_hba.conf entry":
1. Check pg_hba.conf on coordinator
2. Add rule: hostssl all pgbouncer_admin 10.100.1.244/32 cert clientcert=verify-full
3. Reload PostgreSQL
To add users to PgBouncer:
1. Create user in PostgreSQL with password
2. Re-run SCRAM dump:
psql "host=db-web-universe-main-dev-postgresql-coordinator.fastorder.com port=5432 dbname=postgres user=postgres \
sslmode=verify-full sslrootcert=/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/root.crt \
sslcert=/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.crt sslkey=/etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/postgres.key" \
-Atc "SELECT '\"' || rolname || '\" \"' || rolpassword || '\"' \
FROM pg_authid WHERE rolpassword LIKE 'SCRAM-SHA-256%' \
AND rolcanlogin ORDER BY rolname;" | command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh fsop tee /etc/pgbouncer/web-universe-main-dev/userlist.txt
3. Reload: command sudo -n /usr/local/bin/fastorder-provisioning-wrapper.sh passthru systemctl reload pgbouncer@web-universe-main-dev.service
[0;34m[INFO][0m Registering PgBouncer node to observability API...
[INFO] Detected 4-part identifier format
[INFO] Registering node via API
[INFO] Application: PgBouncer
[INFO] Identifier: web-universe-main-dev-pgbouncer
[INFO] Identifier Parent: postgresql
[INFO] IP: 10.100.1.244
[INFO] Port: 6432
[INFO] FQDN: db-web-universe-main-dev-postgresql-bouncer.fastorder.com
[INFO] Status: running
[INFO] Environment: web-universe-main-dev (service=web, zone=universe, branch=main, env=dev)
[INFO] Calling registration API: https://skeleton.dev.fastorder.com/api/obs/register
[SUCCESS] =========================================
[SUCCESS] Node registered successfully via API!
[SUCCESS] =========================================
[SUCCESS] Node UUID: fdc70c5f-615d-432f-8161-a7acd56ea9ed
[SUCCESS] Environment UUID: b9b5805b-8033-4d13-b5de-5df5c0dd562b
[SUCCESS] Dashboard: https:\/\/skeleton.dev.fastorder.com\/dashboard\/monitoring\/environment\/b9b5805b-8033-4d13-b5de-5df5c0dd562b
[0;32m[OK][0m PgBouncer node registered to observability API
[0;32mβ[0m β
PgBouncer setup completed
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Executing step: 03-citus-setup.sh
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CITUS DISTRIBUTED CLUSTER SETUP
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Phase 1: Installing Citus extension on workers...
[0;34m[INFO][0m Phase 2: Setting up coordinator and registering workers...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m π¦ PHASE 1: Installing Citus extension on 1 worker(s)...
[0;34m[INFO][0m β Worker 1/1: Installing Citus on worker-01...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CITUS CLUSTER SETUP
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m π§ Setting up Citus Worker...
[0;34m[INFO][0m Temporarily disabling synchronous replication for extension installation...
t
[0;34m[INFO][0m Installing Citus extension on worker...
[0;32m[OK][0m Citus extension installed on worker
[0;34m[INFO][0m Restoring synchronous replication settings...
t
[0;34m[INFO][0m Worker Citus extension installed - registration will happen when coordinator setup runs
[0;32m[OK][0m Citus setup complete for worker-01
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ[0m β
Citus extension installed on worker-01
[0;32mβ[0m β
Phase 1 Complete: All 1 workers have Citus extension installed
[0;34m[INFO][0m π§ PHASE 2: Setting up Citus coordinator and registering workers...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CITUS CLUSTER SETUP
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m π§ Setting up Citus Coordinator...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m DIAGNOSTIC: Configuration Variables
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m PG_WORKERS_NUM: 1
[0;34m[INFO][0m ENV_ID: web-universe-main-dev
[0;34m[INFO][0m DOMAIN: fastorder.com
[0;34m[INFO][0m PORT: 5432
[0;34m[INFO][0m SOCKET_DIR: /var/run/postgresql-web-universe-main-dev-coordinator
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Ensuring postgres client certificates exist for coordinator...
[0;32m[OK][0m Postgres client certificates already exist for coordinator
[0;34m[INFO][0m Adding citus_cert_map to coordinator pg_ident.conf...
[0;32m[OK][0m pg_ident.conf updated for coordinator
[0;34m[INFO][0m Installing Citus extension on coordinator...
[0;32m[OK][0m Citus extension installed on coordinator (postgres database)
[0;34m[INFO][0m Installing Citus extension on application database: fastorder_web_universe_main_dev_db...
[0;32m[OK][0m Citus extension installed on application database: fastorder_web_universe_main_dev_db
[0;34m[INFO][0m Configuring Citus SSL connection parameters...
[2026-02-05 06:58:05 UTC] USER=www-data EUID=0 PID=79758 ACTION=passthru ARGS=systemctl reload postgresql@web-universe-main-dev-coordinator.service
[0;32m[OK][0m β
Citus SSL connection parameters configured: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator
[1;33m[WARN][0m Node not identified as coordinator, initializing...
[0;34m[INFO][0m Checking coordinator configuration...
[0;34m[INFO][0m Persisting citus.local_hostname to postgresql.conf...
[2026-02-05 06:58:07 UTC] USER=www-data EUID=0 PID=79846 ACTION=passthru ARGS=sudo -u postgres grep -q ^citus.local_hostname /data/postgresql/17/web-universe-main-dev/coordinator/postgresql.conf
[2026-02-05 06:58:07 UTC] USER=www-data EUID=0 PID=79873 ACTION=passthru ARGS=systemctl reload postgresql@web-universe-main-dev-coordinator.service
[0;32m[OK][0m β
citus.local_hostname persisted to config and reloaded
[0;34m[INFO][0m Configuring coordinator hostname in postgres database: db-web-universe-main-dev-postgresql-coordinator.fastorder.com:5432
[0;32m[OK][0m β
Coordinator hostname set to db-web-universe-main-dev-postgresql-coordinator.fastorder.com:5432 in postgres database
[0;34m[INFO][0m Checking coordinator configuration in application database: fastorder_web_universe_main_dev_db...
[0;34m[INFO][0m Configuring coordinator hostname in application database: db-web-universe-main-dev-postgresql-coordinator.fastorder.com:5432
[0;32m[OK][0m β
Coordinator hostname set to db-web-universe-main-dev-postgresql-coordinator.fastorder.com:5432 in application database
[0;34m[INFO][0m Validating coordinator configuration before worker registration...
[0;32m[OK][0m β
Coordinator hostname validated: db-web-universe-main-dev-postgresql-coordinator.fastorder.com
[0;32m[OK][0m β
citus_tables view is accessible
[0;34m[INFO][0m Checking coordinator self-registration...
[0;32m[OK][0m β
Coordinator is already self-registered
[0;34m[INFO][0m Configuring coordinator shard placement policy...
[0;32m[OK][0m β
Coordinator already configured in postgres database (shouldhaveshards = false)
[0;32m[OK][0m β
Coordinator already configured in application database (shouldhaveshards = false)
[0;34m[INFO][0m Registering 1 worker(s) to Citus cluster...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m PRE-FLIGHT: Checking worker availability...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Checking worker worker-01...
[0;34m[INFO][0m FQDN: db-web-universe-main-dev-postgresql-worker-01.fastorder.com
[0;32m[OK][0m β
Worker worker-01 is reachable via SSL
[0;32m[OK][0m All workers are reachable - proceeding with registration
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Adding Citus worker: db-web-universe-main-dev-postgresql-worker-01.fastorder.com:5432
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Adding citus_cert_map to worker-01 pg_ident.conf...
[0;32m[OK][0m pg_ident.conf updated for worker-01
[0;34m[INFO][0m Configuring worker worker-01 HBA for coordinator (10.100.1.54) access...
[0;32m[OK][0m Worker worker-01 HBA configured for coordinator (10.100.1.54)
[0;34m[INFO][0m Adding replication rules for 3 standby(s)...
[0;32m[OK][0m Replication rules added for worker-01
[0;34m[INFO][0m Reloading worker worker-01 to apply HBA changes...
[2026-02-05 06:58:11 UTC] USER=www-data EUID=0 PID=80161 ACTION=passthru ARGS=systemctl reload postgresql@web-universe-main-dev-worker-01.service
[0;34m[INFO][0m Configuring coordinator HBA for worker worker-01 (10.100.1.243) access...
[0;32m[OK][0m Coordinator HBA configured for worker worker-01 (10.100.1.243)
[0;34m[INFO][0m Reloading coordinator to apply HBA changes...
[2026-02-05 06:58:11 UTC] USER=www-data EUID=0 PID=80203 ACTION=passthru ARGS=systemctl reload postgresql@web-universe-main-dev-coordinator.service
[0;34m[INFO][0m Ensuring postgres client certificates exist for worker-01...
[0;32m[OK][0m Postgres client certificates already exist for worker-01
[0;34m[INFO][0m Configuring citus.node_conninfo on worker-01...
[2026-02-05 06:58:12 UTC] USER=www-data EUID=0 PID=80221 ACTION=passthru ARGS=systemctl reload postgresql@web-universe-main-dev-worker-01.service
[0;32m[OK][0m citus.node_conninfo configured on worker-01
[0;34m[INFO][0m Temporarily relaxing sync-rep on worker worker-01...
t
[0;32m[OK][0m Worker worker-01 sync-rep relaxed (was: sync_commit=on)
[0;34m[INFO][0m Ensuring Citus extension on worker databases...
CREATE EXTENSION
CREATE EXTENSION
[0;34m[INFO][0m Running citus_add_node with 180s timeout...
2
[0;34m[INFO][0m Restoring worker worker-01 sync-rep settings...
t
[0;32m[OK][0m Worker worker-01 sync-rep restored
[0;32m[OK][0m β
Worker db-web-universe-main-dev-postgresql-worker-01.fastorder.com successfully added to Citus cluster
[0;34m[INFO][0m Node ID: 2
[0;34m[INFO][0m Registered in: postgres, fastorder_web_universe_main_dev_db
[0;32m[OK][0m Worker worker-01 registration successful
[0;34m[INFO][0m Configuring worker worker-01 shard placement policy...
[0;32m[OK][0m β
Worker worker-01 configured to hold shards in all databases
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m POST-REGISTRATION: Verifying cluster state...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Expected workers: 1
[0;34m[INFO][0m Registered workers: 1
[0;32m[OK][0m β
All 1 workers successfully registered!
[0;34m[INFO][0m Citus cluster configuration:
db-web-universe-main-dev-postgresql-coordinator.fastorder.com 5432 0 t primary f
db-web-universe-main-dev-postgresql-worker-01.fastorder.com 5432 1 t primary t
[0;34m[INFO][0m Note: groupid=0 is the coordinator, groupid>0 are workers
[0;34m[INFO][0m shouldhaveshards: false=query router only, true=holds data shards
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m FINAL VALIDATION: Verifying configuration persistence...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:58:16 UTC] USER=www-data EUID=0 PID=80512 ACTION=passthru ARGS=sudo -u postgres grep -q ^citus.local_hostname /data/postgresql/17/web-universe-main-dev/coordinator/postgresql.conf
[0;32m[OK][0m β
citus.local_hostname persisted in postgresql.conf
[0;32m[OK][0m β
All 1 worker(s) successfully registered and verified
[0;32m[OK][0m β
All validation checks passed
[0;32m[OK][0m Citus coordinator setup complete
[0;32m[OK][0m Citus setup complete for coordinator
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ[0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ[0m β
CITUS CLUSTER SETUP COMPLETED SUCCESSFULLY
[0;32mβ[0m Coordinator: Ready and accepting connections
[0;32mβ[0m Workers registered: 1
[0;32mβ[0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Executing step: 05-backup-setup.sh
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Setting up coordinator backup...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] π Configuring backups for web-universe-main-dev...
[INFO] 1οΈβ£ Installing pgBackRest...
[INFO] β
pgBackRest already installed
[INFO] Version: pgBackRest 2.56.0
[INFO] 2οΈβ£ Creating backup directories...
[2026-02-05 06:58:18 UTC] USER=www-data EUID=0 PID=80620 ACTION=fsop ARGS=mkdir -p /var/lib/pgbackrest/archive/web-universe-main-dev
[2026-02-05 06:58:18 UTC] USER=www-data EUID=0 PID=80629 ACTION=fsop ARGS=mkdir -p /var/lib/pgbackrest/backup/web-universe-main-dev
[2026-02-05 06:58:18 UTC] USER=www-data EUID=0 PID=80638 ACTION=fsop ARGS=mkdir -p /var/log/pgbackrest
[2026-02-05 06:58:18 UTC] USER=www-data EUID=0 PID=80647 ACTION=fsop ARGS=mkdir -p /etc/pgbackrest
[2026-02-05 06:58:18 UTC] USER=www-data EUID=0 PID=80656 ACTION=fsop ARGS=mkdir -p /etc/pgbackrest/conf.d
[2026-02-05 06:58:18 UTC] USER=www-data EUID=0 PID=80665 ACTION=fsop ARGS=chown -R postgres:postgres /var/lib/pgbackrest
[2026-02-05 06:58:19 UTC] USER=www-data EUID=0 PID=80743 ACTION=fsop ARGS=chown -R postgres:postgres /var/log/pgbackrest
[2026-02-05 06:58:20 UTC] USER=www-data EUID=0 PID=80754 ACTION=fsop ARGS=chown -R postgres:postgres /etc/pgbackrest
[2026-02-05 06:58:20 UTC] USER=www-data EUID=0 PID=80764 ACTION=fsop ARGS=chmod 750 /var/lib/pgbackrest
[2026-02-05 06:58:20 UTC] USER=www-data EUID=0 PID=80773 ACTION=fsop ARGS=chmod 750 /var/lib/pgbackrest/archive/web-universe-main-dev
[2026-02-05 06:58:20 UTC] USER=www-data EUID=0 PID=80784 ACTION=fsop ARGS=chmod 750 /var/lib/pgbackrest/backup/web-universe-main-dev
[INFO] β
Backup directories created
[INFO] 3οΈβ£ Configuring pgBackRest for coordinator...
[INFO] Using existing cipher key from /etc/pgbackrest/.cipher-key-web-universe-main-dev
[2026-02-05 06:58:20 UTC] USER=www-data EUID=0 PID=80813 ACTION=fsop ARGS=chmod 640 /etc/pgbackrest/pgbackrest.conf
[2026-02-05 06:58:20 UTC] USER=www-data EUID=0 PID=80822 ACTION=fsop ARGS=chown postgres:postgres /etc/pgbackrest/pgbackrest.conf
[INFO] β
pgBackRest configuration created with shared cipher key
[INFO] 3οΈβ£.5οΈβ£ Cleaning up data directory...
[INFO] Removing old .backup.* files...
[2026-02-05 06:58:20 UTC] USER=www-data EUID=0 PID=80837 ACTION=fsop ARGS=find /data/postgresql/17/web-universe-main-dev/coordinator -name *.backup.* -type f -delete
[INFO] Ensuring correct ownership...
[2026-02-05 06:58:20 UTC] USER=www-data EUID=0 PID=80864 ACTION=fsop ARGS=chown -R postgres:postgres /data/postgresql/17/web-universe-main-dev/coordinator
[INFO] β
Data directory cleaned and permissions fixed
[INFO] 4οΈβ£ Creating pgBackRest spool directory...
[2026-02-05 06:58:20 UTC] USER=www-data EUID=0 PID=80877 ACTION=fsop ARGS=mkdir -p /var/spool/pgbackrest
[2026-02-05 06:58:20 UTC] USER=www-data EUID=0 PID=80890 ACTION=fsop ARGS=chown postgres:postgres /var/spool/pgbackrest
[2026-02-05 06:58:20 UTC] USER=www-data EUID=0 PID=80899 ACTION=fsop ARGS=chmod 750 /var/spool/pgbackrest
[INFO] β
Spool directory created
[INFO] 4οΈβ£.5οΈβ£ Ensuring PostgreSQL coordinator is running...
[2026-02-05 06:58:20 UTC] USER=www-data EUID=0 PID=80908 ACTION=passthru ARGS=sudo -u postgres test -f /data/postgresql/17/web-universe-main-dev/coordinator/PG_VERSION
[2026-02-05 06:58:20 UTC] USER=www-data EUID=0 PID=80918 ACTION=passthru ARGS=systemctl is-active --quiet postgresql@web-universe-main-dev-coordinator.service
[INFO] β
Coordinator is already running
[INFO] 5οΈβ£ Initializing pgBackRest stanza...
[INFO] Stanza exists - verifying system-id consistency...
[INFO] β
Coordinator stanza web-universe-main-dev-coordinator already initialized and verified
[INFO] 6οΈβ£ Configuring WAL archiving in PostgreSQL...
[INFO] Updating coordinator postgresql.conf...
ALTER SYSTEM
ALTER SYSTEM
ALTER SYSTEM
ALTER SYSTEM
pg_reload_conf
----------------
t
(1 row)
[INFO] β
WAL archiving configured for coordinator
[INFO] 7οΈβ£ Restarting PostgreSQL to enable archive_mode...
[INFO] Stopping PostgreSQL...
[2026-02-05 06:58:20 UTC] USER=www-data EUID=0 PID=80973 ACTION=passthru ARGS=systemctl stop postgresql@web-universe-main-dev-coordinator.service
[INFO] Starting PostgreSQL with archive_mode enabled...
[2026-02-05 06:58:23 UTC] USER=www-data EUID=0 PID=81012 ACTION=passthru ARGS=systemctl start postgresql@web-universe-main-dev-coordinator.service
[2026-02-05 06:58:26 UTC] USER=www-data EUID=0 PID=81229 ACTION=passthru ARGS=systemctl is-active --quiet postgresql@web-universe-main-dev-coordinator.service
[INFO] β
PostgreSQL restarted successfully
[INFO] β
archive_mode is now enabled
[INFO] Verifying pgBackRest stanza with archive_mode enabled...
[2026-02-05 06:58:27 UTC] USER=www-data EUID=0 PID=81258 ACTION=passthru ARGS=sudo -u postgres pgbackrest --stanza=web-universe-main-dev-coordinator --log-level-console=info check
2026-02-05 06:58:27.035 P00 INFO: check command begin 2.56.0: --exec-id=81266-31e0324b --log-level-console=info --log-level-file=debug --pg1-path=/data/postgresql/17/web-universe-main-dev/coordinator --pg1-port=5432 --pg1-socket-path=/var/run/postgresql-web-universe-main-dev-coordinator --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/var/lib/pgbackrest/backup/web-universe-main-dev --stanza=web-universe-main-dev-coordinator
2026-02-05 06:58:27.052 P00 INFO: check repo1 configuration (primary)
2026-02-05 06:58:27.065 P00 ERROR: [028]: backup and archive info files exist but do not match the database
HINT: is this the correct stanza?
HINT: did an error occur during stanza-upgrade?
2026-02-05 06:58:27.065 P00 INFO: check command end: aborted with exception [028]
[WARN] β οΈ Stanza verification failed - this may be normal if WAL archiving hasn't started yet
[WARN] The backup system is configured and will work once WAL segments are generated
[INFO] 8οΈβ£ Creating backup automation scripts...
[2026-02-05 06:58:27 UTC] USER=www-data EUID=0 PID=81283 ACTION=fsop ARGS=sed -i s|__STANZA_NAME__|web-universe-main-dev-coordinator|g /usr/local/bin/pgbackrest-full-backup-web-universe-main-dev.sh
[2026-02-05 06:58:27 UTC] USER=www-data EUID=0 PID=81293 ACTION=fsop ARGS=chmod 755 /usr/local/bin/pgbackrest-full-backup-web-universe-main-dev.sh
[2026-02-05 06:58:27 UTC] USER=www-data EUID=0 PID=81317 ACTION=fsop ARGS=sed -i s|__STANZA_NAME__|web-universe-main-dev-coordinator|g /usr/local/bin/pgbackrest-diff-backup-web-universe-main-dev.sh
[2026-02-05 06:58:27 UTC] USER=www-data EUID=0 PID=81327 ACTION=fsop ARGS=chmod 755 /usr/local/bin/pgbackrest-diff-backup-web-universe-main-dev.sh
[INFO] β
Backup scripts created
[INFO] 9οΈβ£ Setting up cron jobs for automated backups...
[2026-02-05 06:58:27 UTC] USER=www-data EUID=0 PID=81353 ACTION=fsop ARGS=chmod 644 /etc/cron.d/pgbackrest-web-universe-main-dev
[INFO] β
Cron jobs configured
[INFO] Schedule:
[INFO] - Full backup: Sundays at 2:00 AM
[INFO] - Differential backup: Mon-Sat at 2:00 AM
[INFO] π Creating restore documentation...
[2026-02-05 06:58:27 UTC] USER=www-data EUID=0 PID=81371 ACTION=fsop ARGS=sed -i s|__STANZA_NAME__|web-universe-main-dev-coordinator|g /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[2026-02-05 06:58:27 UTC] USER=www-data EUID=0 PID=81381 ACTION=fsop ARGS=sed -i s|__ENV_ID__|web-universe-main-dev|g /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[2026-02-05 06:58:27 UTC] USER=www-data EUID=0 PID=81390 ACTION=fsop ARGS=sed -i s|__DATA_DIR__|/data/postgresql/17/web-universe-main-dev/coordinator|g /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[2026-02-05 06:58:27 UTC] USER=www-data EUID=0 PID=81400 ACTION=fsop ARGS=chmod 644 /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[2026-02-05 06:58:27 UTC] USER=www-data EUID=0 PID=81409 ACTION=fsop ARGS=chown postgres:postgres /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[INFO] β
Restore documentation created at: /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[INFO] 1οΈβ£1οΈβ£ Taking first full backup...
[INFO] Verifying PostgreSQL coordinator service is active...
[INFO] Waiting for PostgreSQL to be ready...
[INFO] PostgreSQL coordinator is ready
[INFO] Initializing pgbackrest stanza...
2026-02-05 06:58:27.637 P00 INFO: start command begin 2.56.0: --exec-id=81430-a46291c2 --log-level-console=info --log-level-file=debug --stanza=web-universe-main-dev-coordinator
2026-02-05 06:58:27.638 P00 WARN: stop file does not exist for stanza web-universe-main-dev-coordinator
2026-02-05 06:58:27.638 P00 INFO: start command end: completed successfully (8ms)
[INFO] Upgrading stanza to match current PostgreSQL system-id...
2026-02-05 06:58:27.695 P00 INFO: stanza-upgrade command begin 2.56.0: --exec-id=81446-5a5ca402 --log-level-console=info --log-level-file=debug --no-online --pg1-path=/data/postgresql/17/web-universe-main-dev/coordinator --pg1-port=5432 --pg1-socket-path=/var/run/postgresql-web-universe-main-dev-coordinator --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/var/lib/pgbackrest/backup/web-universe-main-dev --stanza=web-universe-main-dev-coordinator
2026-02-05 06:58:27.696 P00 INFO: stanza-upgrade for stanza 'web-universe-main-dev-coordinator' on repo1
2026-02-05 06:58:27.708 P00 INFO: stanza-upgrade command end: completed successfully (16ms)
[INFO] This may take a few minutes depending on database size...
[2026-02-05 06:58:27 UTC] USER=www-data EUID=0 PID=81457 ACTION=fsop ARGS=touch /var/log/pgbackrest/initial-backup-20260205-065827.log
[2026-02-05 06:58:27 UTC] USER=www-data EUID=0 PID=81466 ACTION=fsop ARGS=chown postgres:postgres /var/log/pgbackrest/initial-backup-20260205-065827.log
[2026-02-05 06:58:27 UTC] USER=www-data EUID=0 PID=81475 ACTION=fsop ARGS=chmod 644 /var/log/pgbackrest/initial-backup-20260205-065827.log
[INFO] Running backup (timeout: 10 minutes)...
[2026-02-05 06:58:42 UTC] USER=www-data EUID=0 PID=82070 ACTION=fsop ARGS=cp /tmp/pgbackrest-backup-80592.log /var/log/pgbackrest/initial-backup-20260205-065827.log
[INFO] β
Initial full backup completed successfully
[INFO] Log: /var/log/pgbackrest/initial-backup-20260205-065827.log
2026-02-05 06:58:41.953 P00 INFO: repo1: remove expired backup 20260205-063608F
2026-02-05 06:58:41.993 P00 INFO: repo1: 17-4 remove archive, start = 000000010000000000000004, stop = 000000010000000000000006
2026-02-05 06:58:41.993 P00 INFO: repo1: 17-5 no archive to remove
2026-02-05 06:58:41.994 P00 INFO: repo1: 17-6 remove archive, start = 000000010000000000000002, stop = 000000010000000000000002
2026-02-05 06:58:41.994 P00 INFO: expire command end: completed successfully (49ms)
[INFO] Current backups:
stanza: web-universe-main-dev-coordinator
status: ok
cipher: aes-256-cbc
db (prior)
wal archive min/max (17): 000000010000000000000007/000000010000000000000008
full backup: 20260205-063637F
timestamp start/stop: 2026-02-05 06:36:37+00 / 2026-02-05 06:36:40+00
wal start/stop: 000000010000000000000007 / 000000010000000000000007
database size: 33.5MB, database backup size: 33.5MB
repo1: backup set size: 5.4MB, backup size: 5.4MB
db (prior)
wal archive min/max (17): 000000010000000000000003/000000010000000000000009
full backup: 20260205-064342F
timestamp start/stop: 2026-02-05 06:43:42+00 / 2026-02-05 06:43:51+00
wal start/stop: 000000010000000000000003 / 000000010000000000000003
database size: 33.5MB, database backup size: 33.5MB
repo1: backup set size: 5.4MB, backup size: 5.4MB
full backup: 20260205-064402F
timestamp start/stop: 2026-02-05 06:44:02+00 / 2026-02-05 06:44:10+00
wal start/stop: 000000010000000000000006 / 000000010000000000000006
database size: 33.5MB, database backup size: 33.5MB
repo1: backup set size: 5.4MB, backup size: 5.4MB
db (current)
wal archive min/max (17): none present
full backup: 20260205-065827F
timestamp start/stop: 2026-02-05 06:58:27+00 / 2026-02-05 06:58:41+00
wal start/stop: 000000010000000000000003 / 000000010000000000000003
database size: 33.5MB, database backup size: 33.5MB
repo1: backup set size: 5.4MB, backup size: 5.4MB
[INFO] π Checking for worker configurations...
[INFO] βΉοΈ No worker identifier provided - skipping worker backup setup
[INFO] (Run with 'worker-01', 'worker-02', etc. to configure worker backups)
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] β
Backup setup complete!
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] β
Completed steps:
[INFO] 1. pgBackRest installed and configured
[INFO] 2. WAL archiving enabled (archive_mode=on)
[INFO] 3. PostgreSQL restarted with new settings
[INFO] 4. pgBackRest stanza initialized and verified
[INFO] 5. Initial full backup completed
[INFO] 6. Automated backup cron jobs configured
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Configuration Details:
[INFO] Coordinator:
[INFO] Stanza: web-universe-main-dev-coordinator
[INFO] Schedule: Full: Sun 2AM, Diff: Mon-Sat 2AM
[INFO] Common:
[INFO] Backup dir: /var/lib/pgbackrest/backup/web-universe-main-dev
[INFO] Archive dir: /var/lib/pgbackrest/archive/web-universe-main-dev
[INFO] Config: /etc/pgbackrest/pgbackrest.conf
[INFO] Restore guide: /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[INFO] Retention:
[INFO] Full backups: 4 (keep last 4 full backups)
[INFO] Differential: 4 (keep last 4 diff per full)
[INFO] Archive WAL: Auto-managed by pgBackRest
[INFO] Manual commands:
[INFO] Coordinator: sudo -u postgres pgbackrest --stanza=web-universe-main-dev-coordinator backup
[INFO] List all backups: sudo -u postgres pgbackrest info
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Setting up worker backups for 1 worker(s)...
[0;34m[INFO][0m Setting up backup for: worker-01
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] π Configuring backups for web-universe-main-dev...
[INFO] 1οΈβ£ Installing pgBackRest...
[INFO] β
pgBackRest already installed
[INFO] Version: pgBackRest 2.56.0
[INFO] 2οΈβ£ Creating backup directories...
[2026-02-05 06:58:42 UTC] USER=www-data EUID=0 PID=82151 ACTION=fsop ARGS=mkdir -p /var/lib/pgbackrest/archive/web-universe-main-dev
[2026-02-05 06:58:42 UTC] USER=www-data EUID=0 PID=82160 ACTION=fsop ARGS=mkdir -p /var/lib/pgbackrest/backup/web-universe-main-dev
[2026-02-05 06:58:42 UTC] USER=www-data EUID=0 PID=82169 ACTION=fsop ARGS=mkdir -p /var/log/pgbackrest
[2026-02-05 06:58:42 UTC] USER=www-data EUID=0 PID=82178 ACTION=fsop ARGS=mkdir -p /etc/pgbackrest
[2026-02-05 06:58:42 UTC] USER=www-data EUID=0 PID=82201 ACTION=fsop ARGS=chown -R postgres:postgres /var/lib/pgbackrest
[2026-02-05 06:58:44 UTC] USER=www-data EUID=0 PID=82242 ACTION=fsop ARGS=chown -R postgres:postgres /var/log/pgbackrest
[2026-02-05 06:58:44 UTC] USER=www-data EUID=0 PID=82251 ACTION=fsop ARGS=chown -R postgres:postgres /etc/pgbackrest
[2026-02-05 06:58:44 UTC] USER=www-data EUID=0 PID=82260 ACTION=fsop ARGS=chmod 750 /var/lib/pgbackrest
[2026-02-05 06:58:44 UTC] USER=www-data EUID=0 PID=82269 ACTION=fsop ARGS=chmod 750 /var/lib/pgbackrest/archive/web-universe-main-dev
[2026-02-05 06:58:45 UTC] USER=www-data EUID=0 PID=82280 ACTION=fsop ARGS=chmod 750 /var/lib/pgbackrest/backup/web-universe-main-dev
[INFO] β
Backup directories created
[INFO] 3οΈβ£ Configuring pgBackRest for coordinator...
[INFO] Using existing cipher key from /etc/pgbackrest/.cipher-key-web-universe-main-dev
[2026-02-05 06:58:45 UTC] USER=www-data EUID=0 PID=82307 ACTION=fsop ARGS=chmod 640 /etc/pgbackrest/pgbackrest.conf
[2026-02-05 06:58:45 UTC] USER=www-data EUID=0 PID=82316 ACTION=fsop ARGS=chown postgres:postgres /etc/pgbackrest/pgbackrest.conf
[INFO] β
pgBackRest configuration created with shared cipher key
[INFO] 3οΈβ£.5οΈβ£ Cleaning up data directory...
[INFO] Removing old .backup.* files...
[2026-02-05 06:58:45 UTC] USER=www-data EUID=0 PID=82325 ACTION=fsop ARGS=find /data/postgresql/17/web-universe-main-dev/coordinator -name *.backup.* -type f -delete
[INFO] Ensuring correct ownership...
[2026-02-05 06:58:45 UTC] USER=www-data EUID=0 PID=82334 ACTION=fsop ARGS=chown -R postgres:postgres /data/postgresql/17/web-universe-main-dev/coordinator
[INFO] β
Data directory cleaned and permissions fixed
[INFO] 4οΈβ£ Creating pgBackRest spool directory...
[2026-02-05 06:58:45 UTC] USER=www-data EUID=0 PID=82343 ACTION=fsop ARGS=mkdir -p /var/spool/pgbackrest
[2026-02-05 06:58:45 UTC] USER=www-data EUID=0 PID=82352 ACTION=fsop ARGS=chown postgres:postgres /var/spool/pgbackrest
[INFO] β
Spool directory created
[INFO] 4οΈβ£.5οΈβ£ Ensuring PostgreSQL coordinator is running...
[2026-02-05 06:58:45 UTC] USER=www-data EUID=0 PID=82371 ACTION=passthru ARGS=sudo -u postgres test -f /data/postgresql/17/web-universe-main-dev/coordinator/PG_VERSION
[2026-02-05 06:58:45 UTC] USER=www-data EUID=0 PID=82392 ACTION=passthru ARGS=systemctl is-active --quiet postgresql@web-universe-main-dev-coordinator.service
[INFO] β
Coordinator is already running
[INFO] 5οΈβ£ Initializing pgBackRest stanza...
[2026-02-05 06:58:45 UTC] USER=www-data EUID=0 PID=82424 ACTION=fsop ARGS=rm -rf /var/lib/pgbackrest/backup/web-universe-main-dev/archive/web-universe-main-dev-coordinator
[2026-02-05 06:58:45 UTC] USER=www-data EUID=0 PID=82433 ACTION=fsop ARGS=rm -rf /var/lib/pgbackrest/backup/web-universe-main-dev/backup/web-universe-main-dev-coordinator
[INFO] Creating stanza: web-universe-main-dev-coordinator...
2026-02-05 06:58:46.042 P00 INFO: stanza-create command begin 2.56.0: --exec-id=82467-00532f24 --log-level-console=info --log-level-file=debug --pg1-path=/data/postgresql/17/web-universe-main-dev/coordinator --pg1-port=5432 --pg1-socket-path=/var/run/postgresql-web-universe-main-dev-coordinator --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/var/lib/pgbackrest/backup/web-universe-main-dev --stanza=web-universe-main-dev-coordinator
2026-02-05 06:58:46.063 P00 INFO: stanza-create for stanza 'web-universe-main-dev-coordinator' on repo1
[INFO] β
Stanza created successfully
[INFO] 6οΈβ£ Configuring WAL archiving in PostgreSQL...
[INFO] Updating coordinator postgresql.conf...
ALTER SYSTEM
ALTER SYSTEM
ALTER SYSTEM
ALTER SYSTEM
pg_reload_conf
----------------
t
(1 row)
[INFO] β
WAL archiving configured for coordinator
[INFO] 7οΈβ£ Restarting PostgreSQL to enable archive_mode...
[INFO] Stopping PostgreSQL...
[2026-02-05 06:58:46 UTC] USER=www-data EUID=0 PID=82483 ACTION=passthru ARGS=systemctl stop postgresql@web-universe-main-dev-coordinator.service
[INFO] Starting PostgreSQL with archive_mode enabled...
[2026-02-05 06:58:48 UTC] USER=www-data EUID=0 PID=82545 ACTION=passthru ARGS=systemctl start postgresql@web-universe-main-dev-coordinator.service
[INFO] β
PostgreSQL restarted successfully
[INFO] β
archive_mode is now enabled
[INFO] Verifying pgBackRest stanza with archive_mode enabled...
[2026-02-05 06:58:52 UTC] USER=www-data EUID=0 PID=82743 ACTION=passthru ARGS=sudo -u postgres pgbackrest --stanza=web-universe-main-dev-coordinator --log-level-console=info check
2026-02-05 06:58:52.487 P00 INFO: check command begin 2.56.0: --exec-id=82750-1c0b10e1 --log-level-console=info --log-level-file=debug --pg1-path=/data/postgresql/17/web-universe-main-dev/coordinator --pg1-port=5432 --pg1-socket-path=/var/run/postgresql-web-universe-main-dev-coordinator --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/var/lib/pgbackrest/backup/web-universe-main-dev --stanza=web-universe-main-dev-coordinator
2026-02-05 06:58:52.504 P00 INFO: check repo1 configuration (primary)
2026-02-05 06:58:52.561 P00 INFO: check repo1 archive for WAL (primary)
2026-02-05 06:58:52.862 P00 INFO: WAL segment 000000010000000000000004 successfully archived to '/var/lib/pgbackrest/backup/web-universe-main-dev/archive/web-universe-main-dev-coordinator/17-1/0000000100000000/000000010000000000000004-a773298a897aea9978bd72b6c3db420b17520a5c.lz4' on repo1
2026-02-05 06:58:52.862 P00 INFO: check command end: completed successfully (378ms)
[INFO] β
Stanza verification passed
[INFO] 8οΈβ£ Creating backup automation scripts...
[2026-02-05 06:58:52 UTC] USER=www-data EUID=0 PID=82780 ACTION=fsop ARGS=sed -i s|__STANZA_NAME__|web-universe-main-dev-coordinator|g /usr/local/bin/pgbackrest-full-backup-web-universe-main-dev.sh
[2026-02-05 06:58:52 UTC] USER=www-data EUID=0 PID=82789 ACTION=fsop ARGS=chmod 755 /usr/local/bin/pgbackrest-full-backup-web-universe-main-dev.sh
[2026-02-05 06:58:53 UTC] USER=www-data EUID=0 PID=82807 ACTION=fsop ARGS=sed -i s|__STANZA_NAME__|web-universe-main-dev-coordinator|g /usr/local/bin/pgbackrest-diff-backup-web-universe-main-dev.sh
[2026-02-05 06:58:53 UTC] USER=www-data EUID=0 PID=82816 ACTION=fsop ARGS=chmod 755 /usr/local/bin/pgbackrest-diff-backup-web-universe-main-dev.sh
[INFO] β
Backup scripts created
[INFO] 9οΈβ£ Setting up cron jobs for automated backups...
[2026-02-05 06:58:53 UTC] USER=www-data EUID=0 PID=82834 ACTION=fsop ARGS=chmod 644 /etc/cron.d/pgbackrest-web-universe-main-dev
[INFO] β
Cron jobs configured
[INFO] Schedule:
[INFO] - Full backup: Sundays at 2:00 AM
[INFO] - Differential backup: Mon-Sat at 2:00 AM
[INFO] π Creating restore documentation...
[2026-02-05 06:58:53 UTC] USER=www-data EUID=0 PID=82852 ACTION=fsop ARGS=sed -i s|__STANZA_NAME__|web-universe-main-dev-coordinator|g /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[2026-02-05 06:58:53 UTC] USER=www-data EUID=0 PID=82861 ACTION=fsop ARGS=sed -i s|__ENV_ID__|web-universe-main-dev|g /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[2026-02-05 06:58:53 UTC] USER=www-data EUID=0 PID=82870 ACTION=fsop ARGS=sed -i s|__DATA_DIR__|/data/postgresql/17/web-universe-main-dev/coordinator|g /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[2026-02-05 06:58:53 UTC] USER=www-data EUID=0 PID=82884 ACTION=fsop ARGS=chmod 644 /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[2026-02-05 06:58:53 UTC] USER=www-data EUID=0 PID=82903 ACTION=fsop ARGS=chown postgres:postgres /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[INFO] β
Restore documentation created at: /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[INFO] 1οΈβ£1οΈβ£ Taking first full backup...
[INFO] Verifying PostgreSQL coordinator service is active...
[INFO] Waiting for PostgreSQL to be ready...
[INFO] PostgreSQL coordinator is ready
[INFO] Initializing pgbackrest stanza...
2026-02-05 06:58:53.420 P00 INFO: start command begin 2.56.0: --exec-id=82950-02dd8f9b --log-level-console=info --log-level-file=debug --stanza=web-universe-main-dev-coordinator
2026-02-05 06:58:53.420 P00 WARN: stop file does not exist for stanza web-universe-main-dev-coordinator
2026-02-05 06:58:53.420 P00 INFO: start command end: completed successfully (8ms)
[INFO] Upgrading stanza to match current PostgreSQL system-id...
2026-02-05 06:58:53.482 P00 INFO: stanza-upgrade command begin 2.56.0: --exec-id=82962-2458c132 --log-level-console=info --log-level-file=debug --no-online --pg1-path=/data/postgresql/17/web-universe-main-dev/coordinator --pg1-port=5432 --pg1-socket-path=/var/run/postgresql-web-universe-main-dev-coordinator --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/var/lib/pgbackrest/backup/web-universe-main-dev --stanza=web-universe-main-dev-coordinator
2026-02-05 06:58:53.483 P00 INFO: stanza-upgrade for stanza 'web-universe-main-dev-coordinator' on repo1
2026-02-05 06:58:53.483 P00 INFO: stanza 'web-universe-main-dev-coordinator' on repo1 is already up to date
2026-02-05 06:58:53.483 P00 INFO: stanza-upgrade command end: completed successfully (4ms)
[INFO] This may take a few minutes depending on database size...
[2026-02-05 06:58:53 UTC] USER=www-data EUID=0 PID=82976 ACTION=fsop ARGS=chown postgres:postgres /var/log/pgbackrest/initial-backup-20260205-065853.log
[2026-02-05 06:58:53 UTC] USER=www-data EUID=0 PID=82985 ACTION=fsop ARGS=chmod 644 /var/log/pgbackrest/initial-backup-20260205-065853.log
[INFO] Running backup (timeout: 10 minutes)...
[2026-02-05 06:58:57 UTC] USER=www-data EUID=0 PID=83088 ACTION=fsop ARGS=cp /tmp/pgbackrest-backup-82107.log /var/log/pgbackrest/initial-backup-20260205-065853.log
[INFO] β
Initial full backup completed successfully
[INFO] Log: /var/log/pgbackrest/initial-backup-20260205-065853.log
2026-02-05 06:58:56.959 P00 INFO: new backup label = 20260205-065853F
2026-02-05 06:58:57.028 P00 INFO: full backup size = 33.5MB, file total = 1441
2026-02-05 06:58:57.029 P00 INFO: backup command end: completed successfully (3369ms)
2026-02-05 06:58:57.029 P00 INFO: expire command begin 2.56.0: --exec-id=83002-d834d529 --log-level-console=info --log-level-file=debug --repo1-cipher-pass=<redacted> --repo1-cipher-type=aes-256-cbc --repo1-path=/var/lib/pgbackrest/backup/web-universe-main-dev --repo1-retention-diff=4 --repo1-retention-full=4 --stanza=web-universe-main-dev-coordinator
2026-02-05 06:58:57.029 P00 INFO: expire command end: completed successfully (0ms)
[INFO] Current backups:
stanza: web-universe-main-dev-coordinator
status: ok
cipher: aes-256-cbc
db (current)
wal archive min/max (17): 000000010000000000000004/000000010000000000000004
full backup: 20260205-065853F
timestamp start/stop: 2026-02-05 06:58:53+00 / 2026-02-05 06:58:56+00
wal start/stop: 000000010000000000000005 / 000000010000000000000005
database size: 33.5MB, database backup size: 33.5MB
repo1: backup set size: 5.4MB, backup size: 5.4MB
[INFO] π Checking for worker configurations...
[INFO] βΉοΈ No worker identifier provided - skipping worker backup setup
[INFO] (Run with 'worker-01', 'worker-02', etc. to configure worker backups)
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] β
Backup setup complete!
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] β
Completed steps:
[INFO] 1. pgBackRest installed and configured
[INFO] 2. WAL archiving enabled (archive_mode=on)
[INFO] 3. PostgreSQL restarted with new settings
[INFO] 4. pgBackRest stanza initialized and verified
[INFO] 5. Initial full backup completed
[INFO] 6. Automated backup cron jobs configured
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Configuration Details:
[INFO] Coordinator:
[INFO] Stanza: web-universe-main-dev-coordinator
[INFO] Schedule: Full: Sun 2AM, Diff: Mon-Sat 2AM
[INFO] Common:
[INFO] Backup dir: /var/lib/pgbackrest/backup/web-universe-main-dev
[INFO] Archive dir: /var/lib/pgbackrest/archive/web-universe-main-dev
[INFO] Config: /etc/pgbackrest/pgbackrest.conf
[INFO] Restore guide: /var/lib/pgbackrest/RESTORE_INSTRUCTIONS_web-universe-main-dev.md
[INFO] Retention:
[INFO] Full backups: 4 (keep last 4 full backups)
[INFO] Differential: 4 (keep last 4 diff per full)
[INFO] Archive WAL: Auto-managed by pgBackRest
[INFO] Manual commands:
[INFO] Coordinator: sudo -u postgres pgbackrest --stanza=web-universe-main-dev-coordinator backup
[INFO] List all backups: sudo -u postgres pgbackrest info
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32mβ[0m β
Backup setup completed for coordinator and all workers
[0;34m[INFO][0m Skipping 06-distribute-tables-canary.sh (test script - set RUN_TESTS=true to enable)
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Executing step: 07-distribute-tables.sh
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:58:58 UTC] USER=unknown EUID=33 PID=83206 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/metrics
[2026-02-05 06:58:58 UTC] USER=unknown EUID=33 PID=83213 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/metrics
[2026-02-05 06:58:58 UTC] USER=unknown EUID=33 PID=83220 ACTION=fsop ARGS=mkdir -p /var/log/fastorder/audit
[2026-02-05 06:58:58 UTC] USER=unknown EUID=33 PID=83227 ACTION=fsop ARGS=chmod 777 /var/log/fastorder/audit
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CITUS TABLE DISTRIBUTION
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m π Secure connection established
[0;34m[INFO][0m Host: db-web-universe-main-dev-postgresql-coordinator.fastorder.com:5432
[0;34m[INFO][0m Database: fastorder_web_universe_main_dev_db
[0;34m[INFO][0m SSL: verify-full (TLS 1.2+)
[0;34m[INFO][0m Timeouts: statement=120s, idle_tx=300s
[0;34m[INFO][0m π Running preflight checks...
[0;34m[INFO][0m Testing database connectivity...
[0;32m[OK][0m β
Database connection successful
[0;32m[OK][0m β
Connected to correct database: fastorder_web_universe_main_dev_db
[0;34m[INFO][0m Checking Citus extension in database fastorder_web_universe_main_dev_db...
[0;32m[OK][0m Citus version: 13.2-1
[0;34m[INFO][0m Checking worker registration...
[0;32m[OK][0m Registered workers: 1
[0;34m[INFO][0m Worker nodes:
[0;34m[INFO][0m nodename | nodeport | isactive | noderole
[0;34m[INFO][0m -------------------------------------------------------------+----------+----------+----------
[0;34m[INFO][0m db-web-universe-main-dev-postgresql-worker-01.fastorder.com | 5432 | t | primary
[0;34m[INFO][0m (1 row)
[0;34m[INFO][0m
[0;34m[INFO][0m π Starting table distribution...
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Distributing: auth.login_account
[0;34m[INFO][0m Description: User authentication table - distributed by region for tenant isolation
[0;34m[INFO][0m Shard key: region_hint
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m βοΈ Table does not exist, skipping
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;32m[OK][0m β
All tables distributed successfully!
[0;34m[INFO][0m βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m π Citus Cluster Summary:
[0;34m[INFO][0m Distributed tables:
[0;34m[INFO][0m table | type | shard_key | shards | size
[0;34m[INFO][0m -------+------+-----------+--------+------
[0;34m[INFO][0m (0 rows)
[0;34m[INFO][0m
[0;34m[INFO][0m Worker capacity:
[0;34m[INFO][0m worker | total_shards | total_size
[0;34m[INFO][0m --------+--------------+------------
[0;34m[INFO][0m (0 rows)
[0;34m[INFO][0m
[0;32m[OK][0m Citus table distribution complete
[0;34m[INFO][0m Skipping 08-distribute-tables-rollback.sh (rollback script - run manually only)
[0;34m[INFO][0m Skipping 09-distribute-tables-test.sh (test script - set RUN_TESTS=true to enable)
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Executing step: 10-setup-cdc.sh
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m CDC PIPELINE SETUP (Debezium + Elasticsearch Sink)
[0;34m[INFO][0m ββββββββββββββββββββββββββββββββββββββββββββββββββ
[0;34m[INFO][0m Log file: /var/log/fastorder/cdc/10-setup-cdc-*.log
[0;34m[INFO][0m Running CDC setup for identifier: coordinator
[2026-02-05 06:59:03] ==========================================
[2026-02-05 06:59:03] CDC SETUP SCRIPT STARTED
[2026-02-05 06:59:03] Log file: /var/log/fastorder/cdc/10-setup-cdc-20260205_065903.log
[2026-02-05 06:59:03] ==========================================
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[2026-02-05 06:59:03] βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:59:03] CDC Pipeline Setup (Debezium + ES Sink)
[2026-02-05 06:59:03] βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:59:03] Environment: web-universe-main-dev
[2026-02-05 06:59:03] Identifier: coordinator
[2026-02-05 06:59:03] Service: web
[2026-02-05 06:59:03] βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:59:03] π CDC_BASE_DIR exists: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/10-setup-cdc
[2026-02-05 06:59:03] Looking for service folder: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/10-setup-cdc/web
[2026-02-05 06:59:03]
[2026-02-05 06:59:03] π Found CDC configuration for service: web
[2026-02-05 06:59:03] Scanning for subservice directories in: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/10-setup-cdc/web
[2026-02-05 06:59:03] Found subservice: config, checking for steps at: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/10-setup-cdc/web/config/steps
[2026-02-05 06:59:03]
[2026-02-05 06:59:03] βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:59:03] Setting up CDC for: web/config
[2026-02-05 06:59:03] βββββββββββββββββββββββββββββββββββββββ
[2026-02-05 06:59:03] Found 3 step script(s) in /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/10-setup-cdc/web/config/steps
[2026-02-05 06:59:03]
[2026-02-05 06:59:03] π§ Running: 01-setup-config-cdc.sh
[2026-02-05 06:59:03] Full path: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/10-setup-cdc/web/config/steps/01-setup-config-cdc.sh
[2026-02-05 06:59:03] Executing directly (script is executable)
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Config CDC Setup - Automatic Role Detection
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Service: web
[INFO] Zone: universe
[INFO] Branch: main
[INFO] Environment: dev
[INFO] Identifier: coordinator
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Service 'web' requires config.* schema
[INFO] CDC Role for web in zone universe: master
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] CONTROL PLANE MASTER (zone=universe)
[INFO] Setting up Debezium CDC Publisher
[INFO] ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Executing Debezium config setup...
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Debezium Config CDC Master Setup
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Environment: web-universe-main-dev
[INFO] PostgreSQL Host: db-web-universe-main-dev-postgresql.fastorder.com
[INFO] Database: fastorder_web_universe_main_dev_db
[INFO] Connector: debezium-web-universe-main-dev-config
[INFO] Kafka Connect: eventbus-web-universe-main-dev-kafka-connect.fastorder.com:8083
[INFO] SSL Cert Dir: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator (on Kafka Connect host)
[INFO] SSL Key File: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der
[INFO] Topic Prefix: cdc.web_universe_main_dev
[INFO] Replication Slot: dbz_web_universe_main_dev_config
[INFO] Tables: config.public_defaults,config.feature_flags,config.config_version
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Step 1: Creating PostgreSQL publication for config tables...
[INFO] Creating publication: cdc_pub_web_config
CREATE PUBLICATION
[INFO] Setting REPLICA IDENTITY FULL for config tables...
ALTER TABLE
ALTER TABLE
ALTER TABLE
[INFO] Step 2: Creating replication slot...
[INFO] Creating replication slot: dbz_web_universe_main_dev_config
(dbz_web_universe_main_dev_config,0/600E210)
[INFO] Step 3: Registering Debezium connector with Kafka Connect...
[INFO] Creating new connector: debezium-web-universe-main-dev-config
[INFO] Sending connector configuration to Kafka Connect...
[ERROR] Failed to register Debezium connector
[ERROR] Response: {"error_code":400,"message":"Connector configuration is invalid and contains the following 1 error(s):\nError while validating connector config: FATAL: password authentication failed for user \"debezium_user\"\nYou can also find the above list of errors at the endpoint `/connector-plugins/{connectorType}/config/validate`"}
[ OK ] Debezium config CDC master setup complete
[INFO] No topology.json found at /opt/fastorder/state/web-universe-main-dev/topology.json - skipping merge
[INFO]
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Config CDC Setup Complete
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Service Capabilities: web-universe-main-dev
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Service: web
Zone: universe
Branch: main
Environment: dev
Config Schema: β
YES
Redis Cache: β
YES
CDC Role: master
CDC Master Configuration:
Debezium: debezium-web-universe-main-dev-config
Topic Prefix: cdc.web_universe_main_dev
Repl Slot: dbz_web_universe_main_dev_config
Tables: config.public_defaults,config.feature_flags,config.config_version
Required Schemas: config tenant dashboard environment resource service item company communication ai
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO]
[INFO] Log file: /var/log/fastorder/cdc/config-cdc-20260205_065903.log
[ OK ] Config CDC setup finished successfully
[2026-02-05 06:59:26] β
Completed: 01-setup-config-cdc.sh
[2026-02-05 06:59:26]
[2026-02-05 06:59:26] π§ Running: 02-setup-debezium-config.sh
[2026-02-05 06:59:26] Full path: /opt/fastorder/bash/scripts/env_app_setup/setup/05-db/engine/postgresql/steps/10-setup-cdc/web/config/steps/02-setup-debezium-config.sh
[2026-02-05 06:59:26] Executing directly (script is executable)
[INFO] Loaded environment: web-universe-main-dev (svc=web zone=universe env=dev ip=142.93.238.16)
β Centralized Secrets Manager library loaded
Location: /opt/fastorder/bash/infra_core/secrets/secrets-vault.sh
Functions: PostgreSQL (build_pg_secret_name, get_pg_credentials, set_pg_credentials)
Elasticsearch (build_es_secret_name, get_es_credentials, set_es_credentials)
Provider: aws
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Debezium Config CDC Master Setup
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Environment: web-universe-main-dev
[INFO] PostgreSQL Host: db-web-universe-main-dev-postgresql.fastorder.com
[INFO] Database: fastorder_web_universe_main_dev_db
[INFO] Connector: debezium-web-universe-main-dev-config
[INFO] Kafka Connect: eventbus-web-universe-main-dev-kafka-connect.fastorder.com:8083
[INFO] SSL Cert Dir: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator (on Kafka Connect host)
[INFO] SSL Key File: /etc/fastorder/postgresql/certs/web-universe-main-dev/coordinator/debezium_user_pk8.der
[INFO] Topic Prefix: cdc.web_universe_main_dev
[INFO] Replication Slot: dbz_web_universe_main_dev_config
[INFO] Tables: config.public_defaults,config.feature_flags,config.config_version
[INFO] βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[INFO] Step 1: Creating PostgreSQL publication for config tables...
[INFO] Publication cdc_pub_web_config already exists
[INFO] Setting REPLICA IDENTITY FULL for config tables...
ALTER TABLE
ALTER TABLE
ALTER TABLE
[INFO] Step 2: Creating replication slot...
[INFO] Replication slot dbz_web_universe_main_dev_config already exists
[INFO] Step 3: Registering Debezium connector with Kafka Connect...
[INFO] Creating new connector: debezium-web-universe-main-dev-config
[INFO] Sending connector configuration to Kafka Connect...
[ERROR] Failed to register Debezium connector
[ERROR] Response: {"error_code":400,"message":"Connector configuration is invalid and contains the following 1 error(s):\nError while validating connector config: FATAL: password authentication failed for user \"debezium_user\"\nYou can also find the above list of errors at the endpoint `/connector-plugins/{connectorType}/config/validate`"}
[2026-02-05 06:59:48] β FAILED: 02-setup-debezium-config.sh (exit code: 1)
[2026-02-05 06:59:48] β CRITICAL: This is a required step for CDC pipeline. Aborting.
[0;31m[ERROR][0m β Database infrastructure (postgresql) setup failed with exit code: 1
β³ This step is pending and will execute after the previous steps complete successfully.
Loading logs...