fix: pgml symlinks and postgres permissions

[MauAraujo]

Ticket(s) Closed

N/A

What

This PR aims to fix the issue seen when trying to use paradedb.embed while deploying with the helm chart. It fixes the postgres user group which was incorrectly set to 26 (tape group), and finally, installs barman, which is the final missing piece to get backups fully working.

Why

Because while testing, we ran into the issue:

RuntimeError: Failed to import transformers.models.pegasus.modeling_pegasus because of the following
error (look up to see its traceback):
Failed to import transformers.generation.utils because of the following error 
(look up to see its traceback):
[Errno 30] Read-only file system: '/var/lib/postgresql/.triton'

This happens because the CloudNative operator mounts the root filesystem as read only:

Automatically set readOnlyRootFilesystem security context for pods

The operator doesn't directly expose a way to modify the pod Security Context, or volume mounts. I experimented setting TRANSFORMERS_CACHE and HF_HOME, but they aren't respected by pgml. So, the only viable solution left is to symlink to the read write volume, or remove pgml.

In addition, I discovered that we were setting the postgres user group to 26, which is assigned to the tape group, and not postgres, which is set to 999 by the official image.

Finally, I take this chance to add the barman binaries to get backups fully working.

How

• Change postgres group from 26 to 999
• Install barman package
• Create symlinks for the .triton and .cache directories

Tests

Tested it works when deploying with the operator, and all steps in the quickstart work.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment

Name	Status	Preview	Comments	Updated (UTC)
paradedb	⬜️ Ignored (Inspect)	Visit Preview		Oct 31, 2023 11:06pm

[philippemnoel]

lgtm!