chore: setup docker extension task

Author: sweatybridge

.github/workflows/ami-release.yml

@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - develop
+      - ansi-dock
     paths:
       - '.github/workflows/ami-release.yml'
       - 'common.vars.pkr.hcl'
@@ -25,7 +26,7 @@ jobs:
 
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - id: args
         uses: mikefarah/yq@master
@@ -48,10 +49,10 @@ jobs:
           cache-to: type=gha,mode=max
       - name: Extract built packages
         run: |
-          mkdir -p ansible/extensions/packages
-          docker save supabase/postgres:extensions | tar xv -C ansible/extensions
-          for layer in ansible/extensions/*/layer.tar; do
-            tar xvf "$layer" -C ansible/extensions/packages --strip-components 1
+          mkdir -p /tmp/extensions ansible/files/extensions
+          docker save supabase/postgres:extensions | tar xv -C /tmp/extensions
+          for layer in /tmp/extensions/*/layer.tar; do
+            tar xvf "$layer" -C ansible/files/extensions --strip-components 1
           done
 
       - name: Build AMI
@@ -82,7 +83,7 @@ jobs:
       - name: Upload pg binaries to s3 staging
         run: |
           aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz
-    
+
       - name: configure aws credentials - prod
         uses: aws-actions/configure-aws-credentials@v1
         with:
@@ -100,7 +101,7 @@ jobs:
       - name: Upload pg binaries to s3 prod
         run: |
           aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz
-    
+
       - name: Create release
         uses: softprops/action-gh-release@v1
         with:

Dockerfile

@@ -179,7 +179,7 @@ RUN ./configure --with-sfcgal
 RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \
     make -j$(nproc)
 # Create debian package
-RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --requires=libgeos-c1v5,libproj19,libjson-c5,libprotobuf-c1,libgdal28 --nodoc
+RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --requires=libgeos-c1v5,libproj15,libjson-c4,libprotobuf-c1,libgdal26 --nodoc
 
 FROM ppa as postgis
 # Latest available is 3.3.2
@@ -818,7 +818,7 @@ RUN arch=$([ "$TARGETARCH" = "arm64" ] && echo "aarch64" || echo "$TARGETARCH")
 # Collect extension packages
 ####################
 FROM scratch as extensions
-COPY --from=postgis /tmp/*.deb /tmp/
+COPY --from=postgis-source /tmp/*.deb /tmp/
 COPY --from=pgrouting-source /tmp/*.deb /tmp/
 COPY --from=pgtap-source /tmp/*.deb /tmp/
 COPY --from=pg_cron-source /tmp/*.deb /tmp/

ansible/playbook.yml

@@ -30,9 +30,6 @@
     - name: Install Postgres from source
       import_tasks: tasks/setup-postgres.yml
 
-    - name: Install Postgres extensions
-      import_tasks: tasks/setup-extensions.yml
-
     - name: Install PgBouncer
       import_tasks: tasks/setup-pgbouncer.yml
       tags:
@@ -79,7 +76,7 @@
       become: yes
       become_user: postgres
       shell:
-        cmd: /usr/bin/pg_ctl -D /var/lib/postgresql/data start
+        cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data start
       when: ebssurrogate_mode
 
     - name: Adjust APT update intervals
@@ -138,25 +135,14 @@
         update_cache: yes
         cache_valid_time: 3600
 
-    # Put PG binaries in a directory under $PATH
-    - name: Find all files in /usr/lib/postgresql/bin
-      find:
-        paths: /usr/lib/postgresql/bin
-      register: postgresql_bin
-
     - name: Clean out build dependencies
       import_tasks: tasks/clean-build-dependencies.yml
 
-    - name: Create symbolic links for Postgres binaries to /usr/bin/
-      become: yes
-      shell:
-        cmd: "for fl in /usr/lib/postgresql/bin/* ; do ln -sf $fl /usr/bin/$(basename $fl) ; done"
-
     - name: Restart Postgres Database without Systemd
       become: yes
       become_user: postgres
       shell:
-        cmd: /usr/bin/pg_ctl -D /var/lib/postgresql/data restart "-o -c shared_preload_libraries='pg_tle'"
+        cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data restart -o "-c shared_preload_libraries='pg_tle'"
       when: ebssurrogate_mode
 
     - name: Run migrations
@@ -168,7 +154,7 @@
       become: yes
       become_user: postgres
       shell:
-        cmd: /usr/bin/pg_ctl -D /var/lib/postgresql/data stop
+        cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data stop
       when: ebssurrogate_mode
 
     - name: Run unit tests

ansible/tasks/setup-docker.yml

@@ -0,0 +1,42 @@
+- name: Copy extension packages
+  copy:
+    src: files/extensions/
+    dest: /tmp/extensions/
+
+- name: Install extensions
+  apt:
+    deb: "/tmp/extensions/{{ item | basename }}"
+  with_fileglob: "files/extensions/*.deb"
+
+- name: pg_cron - set cron.database_name
+  become: yes
+  lineinfile:
+    path: /etc/postgresql/postgresql.conf
+    state: present
+    line: cron.database_name = 'postgres'
+
+- name: pgsodium - determine postgres bin directory
+  shell: pg_config --bindir
+  register: pg_bindir_output
+- set_fact:
+    pg_bindir: "{{ pg_bindir_output.stdout }}"
+
+- name: pgsodium - set pgsodium.getkey_script
+  become: yes
+  lineinfile:
+    path: /etc/postgresql/postgresql.conf
+    state: present
+    # script is expected to be placed by finalization tasks for different target platforms
+    line: pgsodium.getkey_script= '{{ pg_bindir }}/pgsodium_getkey.sh'
+
+- name: auto_explain - set auto_explain.log_min_duration
+  become: yes
+  lineinfile:
+    path: /etc/postgresql/postgresql.conf
+    state: present
+    line: auto_explain.log_min_duration = 10s
+
+- name: Cleanup - extension packages
+  file:
+    path: /tmp/extensions
+    state: absent

ansible/tasks/setup-postgres.yml

@@ -1,127 +1,35 @@
 # Downloading dependencies
-- name: Postgres dependencies
+- name: GPG dependencies
   apt:
-    pkg:
-      - build-essential
-      - pkg-config
-      - libreadline-dev
-      - zlib1g-dev
-      - flex
-      - bison
-      - libxml2-dev
-      - libxslt-dev
-      - libssl-dev
-      - libsystemd-dev
-      - libxml2-utils
-      - uuid-dev
-      - xsltproc
-      - ssl-cert
-      - liblz4-dev
-      - libicu-dev
-
-- name: Download LLVM & Clang
-  apt:
-    pkg:
-      - llvm-11-dev
-      - clang-11
-  when: ansible_distribution_version != "18.04"
+    name: gnupg
 
-- name: Download LLVM & Clang - Ubuntu 18.04
-  apt:
-    pkg:
-      - llvm-12-dev
-      - clang-12
-  when: ansible_distribution_version == "18.04"
+- name: Add Postgres GPG key
+  apt_key:
+    keyserver: keyserver.ubuntu.com
+    id: B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8
 
-- name: Download GCC 10
+- name: Add Postgres PPA
+  apt_repository:
+    repo: "deb https://apt-archive.postgresql.org/pub/repos/apt {{ ansible_distribution_release }}-pgdg-archive main"
+    state: present
+
+- name: Postgres - install commons
   apt:
-    pkg:
-      - gcc-10
-      - g++-10
+    name: postgresql-common
+    state: latest
+    update_cache: yes
 
-- name: Switch to GCC 10
+- name: Do not create main cluster
   shell:
-    cmd: update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-10 100 --slave /usr/bin/g++ g++ /usr/bin/g++-10 --slave /usr/bin/gcov gcov /usr/bin/gcov-10
+    cmd: sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf
 
-# Setup permissions
-- name: Update permissions for /var/tmp directory
-  file:
-    path: /var/tmp/
-    owner: root
-    group: root
-    mode: '1777'
-  become: yes
+- name: Postgres - install server
+  apt:
+    name: postgresql-{{ postgresql_major }}={{ postgresql_release }}-1.pgdg20.04+1
 
-# Building Postgres from source
-- name: Postgres - download latest release
-  get_url:
-    url: https://ftp.postgresql.org/pub/source/v{{ postgresql_release }}/postgresql-{{ postgresql_release }}.tar.gz
-    dest: /tmp
-    checksum: "{{ postgresql_release_checksum }}"
-    timeout: 60
-
-- name: Postgres - unpack archive
-  unarchive:
-    remote_src: yes
-    src: /tmp/postgresql-{{ postgresql_release }}.tar.gz
-    dest: /tmp
-
-- name: Setting CFLAGS (arm)
-  set_fact:
-    cflags: "-moutline-atomics -mtune=native -march=native -mcpu=native -fsigned-char -O2"
-  when: platform == "arm64" and ansible_distribution_version != "18.04"
-
-- name: Setting CFLAGS (arm) - Ubuntu 18.04
-  set_fact:
-    cflags: "-moutline-atomics -fsigned-char -O2"
-  when: platform == "arm64" and ansible_distribution_version == "18.04"
-
-- name: Setting CFLAGS (x86)
-  set_fact:
-    cflags: "-fsigned-char"
-  when: platform == "amd64"
-
-- name: Setting LLVM_CONFIG
-  set_fact:
-    llvm_config: "/usr/bin/llvm-config-11"
-    clang: "/usr/bin/clang-11"
-  when: ansible_distribution_version != "18.04"
-
-- name: Setting LLVM_CONFIG - Ubuntu 18.04
-  set_fact:
-    llvm_config: "/usr/bin/llvm-config-12"
-    clang: "/usr/bin/clang-12"
-  when: ansible_distribution_version == "18.04"
-
-- name: Postgres - configure
+- name: Create symlink to /usr/lib/postgresql/bin
   shell:
-    cmd: CFLAGS='{{ cflags }}' LLVM_CONFIG='{{ llvm_config }}' CLANG='{{ clang }}' ./configure --with-llvm --with-openssl --with-systemd --with-uuid=e2fs --with-libxml --with-icu --with-lz4 --exec-prefix=/usr/lib/postgresql --datarootdir=/var/lib/postgresql
-    chdir: /tmp/postgresql-{{ postgresql_release }}
-
-- name: Postgres - build
-  community.general.make:
-    target: world-bin
-    chdir: /tmp/postgresql-{{ postgresql_release }}
-    jobs: "{{ parallel_jobs | default(omit) }}"
-
-- name: Postgres - install
-  make:
-    target: install-world-bin
-    chdir: /tmp/postgresql-{{ postgresql_release }}
-
-- name: Create postgres group
-  group:
-    name: postgres
-    state: present
-
-# Create postgres user
-- name: Create postgres user
-  user:
-    name: postgres
-    shell: /bin/false
-    comment: Postgres user
-    group: postgres
-    groups: postgres,ssl-cert
+    cmd: ln -s /usr/lib/postgresql/{{ postgresql_major }}/bin /usr/lib/postgresql/bin
 
 - name: Create relevant directories
   file:
@@ -131,8 +39,7 @@
     owner: postgres
     group: postgres
   with_items:
-    - '/etc/postgresql'
-    - '/etc/postgresql-custom'
+    - '/home/postgres'
     - '/var/log/postgresql'
     - '/var/lib/postgresql'
 
@@ -181,19 +88,9 @@
     dest: /etc/postgresql/pg_ident.conf
     group: postgres
 
-- name: Find all files in /usr/lib/postgresql/bin
-  find:
-    paths: /usr/lib/postgresql/bin
-  register: postgresql_bin
-
-- name: Create symbolic links for Postgres binaries to /usr/bin/
-  become: yes
-  file:
-    src: "{{ item.path }}"
-    path: "/usr/bin/{{ item.path | basename }}"
-    state: link
-    force: yes
-  with_items: "{{ postgresql_bin.files }}"
+# Install extensions before init
+- name: Install Postgres extensions
+  import_tasks: tasks/setup-docker.yml
 
 # init DB
 - name: Create directory on data volume

ansible/tasks/test-image.yml

@@ -14,7 +14,7 @@
   become: yes
   become_user: postgres
   shell:
-    cmd: /usr/bin/pg_ctl -D /var/lib/postgresql/data start "-o -c config_file=/etc/postgresql/postgresql.conf"
+    cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data start "-o -c config_file=/etc/postgresql/postgresql.conf"
   when: ebssurrogate_mode
 
 - name: Run Unit tests (with filename unit-test-*) on Postgres Database
@@ -49,19 +49,9 @@
     state: absent
     autoremove: yes
 
-- name: Get pg_config file details
-  ansible.builtin.stat:
-    path: /usr/bin/pg_config
-  register: st
-
-- name: Ensure pg_config points to our install of PG
-  ansible.builtin.fail:
-    msg: "Incorrect symlink for pg_config"
-  when: st.stat.lnk_target != '/usr/lib/postgresql/bin/pg_config'
-
 - name: Stop Postgres Database
   become: yes
   become_user: postgres
   shell:
-    cmd: /usr/bin/pg_ctl -D /var/lib/postgresql/data stop
+    cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data stop
   when: ebssurrogate_mode

common.vars.pkr.hcl

@@ -1 +1 @@
-postgres-version = "15.1.0.84"
+postgres-version = "15.1.0.85-rc0"