Skip to content

PostgreSQL 16 migration, bootstrap fixes, and Ubuntu Noble export-tuf support#5

Merged
phaus merged 6 commits intomasterfrom
pg16-and-bootstrap-fixes
Apr 16, 2026
Merged

PostgreSQL 16 migration, bootstrap fixes, and Ubuntu Noble export-tuf support#5
phaus merged 6 commits intomasterfrom
pg16-and-bootstrap-fixes

Conversation

@phaus
Copy link
Copy Markdown
Member

@phaus phaus commented Apr 16, 2026

Summary

This PR contains all fixes required to successfully bootstrap a 7-node Flynn cluster on Ubuntu 24.04 (Noble) with PostgreSQL 16. The cluster completes full bootstrap including all system services.

Changes

PostgreSQL 16 Compatibility (postgresql)

  • Replace wal_keep_segments with wal_keep_size=2048 (removed in PG13)
  • Replace wal_level=hot_standby with wal_level=replica
  • Set password_encryption=md5 (PG16 defaults to scram-sha-256)
  • Replace recovery.conf with standby.signal and config-based recovery settings
  • Use pg_ctl promote instead of promote_trigger_file (removed in PG16)
  • GRANT ALL ON SCHEMA public TO PUBLIC in template1 (PG15+ restriction)
  • Use CREATE DATABASE ... OWNER in postgres API

Controller Fixes (controller)

  • Replace RETURNS OPAQUE with RETURNS trigger in 4 migration functions (OPAQUE type removed in PG16)
  • Skip macOS resource fork files (._*) in JSON schema loader to prevent container crashes

Flannel VXLAN Fix (flannel)

  • Store desired MAC in vxlanDevice struct and re-apply after Configure()LinkSetUp() which resets the hardware address, causing VXLAN routing failures

TUF Client Fix (host)

  • Call Update() after TUF client initialization so metadata is current for layer verification

Migration Fix (pkg/postgres)

  • Propagate CREATE TABLE errors in schema_migrations instead of silently ignoring, which caused nil pointer panics

Export-TUF Overhaul (script/export-tuf)

  • Add ExtraDirs map for copying directories into SquashFS layers (controller JSON schemas)
  • Add --package-layer-dir and PackageScript for pre-built package layers
  • Add --skip-base-layers to skip rebuilding base OS layers
  • Remap /bin/ to /usr/bin/ for Ubuntu Noble (merged /bin symlink)
  • Use GitHub Releases URLs for layer downloads (GitHub Pages can't serve Git LFS files)
  • Filter macOS ._* files from directory copies
  • Add Noble cloud image base detection

Testing

Full 7-node cluster bootstrap completes successfully with all services healthy:
discoverd, flannel, postgres (3 instances), controller, scheduler, router, blobstore, gitreceive, tarreceive, redis, mariadb, mongodb, logaggregator, taffy, status.

root added 6 commits April 16, 2026 22:24
postgresql: migrate to PostgreSQL 16 compatibility
c540b45 
- Replace wal_keep_segments with wal_keep_size=2048 (removed in PG13)
- Replace wal_level=hot_standby with wal_level=replica
- Set password_encryption=md5 (PG16 defaults to scram-sha-256)
- Replace recovery.conf with standby.signal and config-based recovery settings
- Use pg_ctl promote instead of promote_trigger_file (removed in PG16)
- Grant ALL ON SCHEMA public TO PUBLIC in template1 (PG15+ restriction)
- Use CREATE DATABASE ... OWNER in postgres API
controller: fix PG16 trigger functions and schema loading
2ec1148 
- Replace RETURNS OPAQUE with RETURNS trigger in 4 migration functions
  (OPAQUE type removed in PG16)
- Skip macOS resource fork files (._*) in JSON schema loader to prevent
  parse errors in containers
flannel: fix VXLAN MAC address reset after LinkSetUp
aec8805 
- Store desired MAC in vxlanDevice struct
- Re-apply deterministic MAC after Configure()->LinkSetUp() which resets
  the hardware address, causing VXLAN routing failures
host: call TUF client Update() after initialization
4b4de5f 
- Without Update(), the TUF client has stale metadata and fails to
  verify downloaded layer targets
migrate: propagate CREATE TABLE errors instead of silently ignoring
06bf70c 
- schema_migrations CREATE TABLE failure was swallowed, causing nil
  pointer panics later when the table didn't exist
export-tuf: add ExtraDirs, package layers, and Ubuntu Noble support
fbf2929 
- Add ExtraDirs map to imageSpec for copying directories into layers
  (used for controller JSON schema files)
- Add --package-layer-dir and PackageScript for pre-built package layers
- Add --skip-base-layers to skip rebuilding base OS layers
- Remap /bin/ to /usr/bin/ for Ubuntu Noble (merged /bin symlink)
- Use GitHub Releases URLs for layer downloads instead of GitHub Pages
- Filter macOS resource fork files (._*) from directory copies
- Add isUbuntuNobleBase() detection for Noble cloud images
@phaus phaus merged commit 3746a1e into master Apr 16, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@phaus