From 89f5000235e0e260e8c2fbf1a42825cf5b0bd11b Mon Sep 17 00:00:00 2001
From: Dragos Andriciuc <dragos.andriciuc@percona.com>
Date: Thu, 28 Aug 2025 15:13:19 +0300
Subject: [PATCH] Update Patroni config file (#551)

The original config file was taken from
[here](https://github.com/jobinau/pgscripts/blob/main/patroni/patroni.yml)
and it is currently replaced with a more "up to date" version
[here](https://github.com/Percona-Lab/pg_tde-demo-cluster/blob/bbb1df011f79667e7d8960191a775da90574e2c5/templates/patroni.yml.j2).
---
 .../docs/index/tde-limitations.md             | 62 +++++++++++--------
 1 file changed, 35 insertions(+), 27 deletions(-)

diff --git a/contrib/pg_tde/documentation/docs/index/tde-limitations.md b/contrib/pg_tde/documentation/docs/index/tde-limitations.md
index 5b4e4328722..fb9e5de0b49 100644
--- a/contrib/pg_tde/documentation/docs/index/tde-limitations.md
+++ b/contrib/pg_tde/documentation/docs/index/tde-limitations.md
@@ -34,17 +34,13 @@ The following is a Percona-tested example configuration.
     ```yaml
     # Example Patroni configuration file maintained by Percona
     # Source: https://github.com/jobinau/pgscripts/blob/main/patroni/patroni.yml
-    scope: postgres
-    namespace: /db/
-    name: postgresql0
-
+    scope: tde
+    name: pg1
     restapi:
       listen: 0.0.0.0:8008
-      connect_address: 127.0.0.1:8008
-
-    etcd:
-      host: 127.0.0.1:2379
-
+      connect_address: pg1:8008
+    etcd3:
+      host: etcd1:2379
     bootstrap:
       dcs:
         ttl: 30
@@ -55,27 +51,29 @@ The following is a Percona-tested example configuration.
           use_pg_rewind: true
           use_slots: true
           parameters:
-            max_connections: 100
-            shared_buffers: 1GB
-            wal_level: replica
-            hot_standby: "on"
-            wal_keep_size: 256MB
-            max_wal_senders: 10
-            max_replication_slots: 10
-
+            archive_command: "/lib/postgresql/17/bin/pg_tde_archive_decrypt %f %p \"pgbackrest --stanza=tde archive-push %%p\""
+            archive_timeout: 600s
+            archive_mode: "on"
+            logging_collector: "on"
+            restore_command: "/lib/postgresql/17/bin/pg_tde_restore_encrypt %f %p \"pgbackrest --stanza=tde archive-get %%f \\\"%%p\\\"\""
+          pg_hba:
+            - local all all peer
+            - host all all 0.0.0.0/0 scram-sha-256
+            - host all all ::/0 scram-sha-256
+            - local replication all peer
+            - host replication all 0.0.0.0/0 scram-sha-256
+            - host replication all ::/0 scram-sha-256
       initdb:
-      - encoding: UTF8
-      - data-checksums
-
-      pg_hba:
-      - host replication replicator 127.0.0.1/32 md5
-      - host all all 0.0.0.0/0 md5
-
+        - encoding: UTF8
+        - data-checksums
+        - set: shared_preload_libraries=pg_tde
+      post_init: /usr/local/bin/setup_cluster.sh
     postgresql:
       listen: 0.0.0.0:5432
-      connect_address: 127.0.0.1:5432
-      data_dir: /var/lib/postgresql/data
-      bin_dir: /usr/lib/postgresql/14/bin
+      connect_address: pg1:5432
+      data_dir: /var/lib/postgresql/patroni-17
+      bin_dir: /lib/postgresql/17/bin
+      pgpass: /var/lib/postgresql/patronipass
       authentication:
         replication:
           username: replicator
@@ -83,6 +81,16 @@ The following is a Percona-tested example configuration.
         superuser:
           username: postgres
           password: secretpassword
+      parameters:
+        unix_socket_directories: /tmp
+        # Use unix_socket_directories: /var/run/postgresql for Debian/Ubuntu distributions
+    watchdog:
+      mode: off
+    tags:
+      nofailover: false
+      noloadbalance: false
+      clonefrom: false
+      nosync: false
     ```
 
 !!! warning