Skip to content

fix: move tmpdir for SAA to one that always exists #1799

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 1, 2025
Merged

fix: move tmpdir for SAA to one that always exists #1799

merged 2 commits into from
Oct 1, 2025

Conversation

tomashley
Copy link
Contributor

Sometimes at boot, saa is very quick to start and begins writing to the /tmp dir, that is then subseqently remounted losing any work

@tomashley tomashley requested review from a team as code owners September 22, 2025 16:17
cynicaljoy
cynicaljoy reviewed Sep 22, 2025
View reviewed changes
Copy link

@cynicaljoy cynicaljoy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with a permanent disk do we need to worry about SAA temp files usage eating up the disk?

@jfroche
Copy link
Collaborator

jfroche commented Sep 22, 2025
edited
Loading

After=systemd-tmpfiles-setup.service would wait for /tmp to be mounted or
using PrivateTmp=yes might help for this as it adds a dependency on systemd-tmpfiles-setup.service and also hardens the service (https://github.com/systemd/systemd/blob/278953167d27731f46fcb56d77807d522d2ad9d2/src/core/unit.c#L1314C64-L1314C94) ?

@tomashley
Copy link
Contributor Author

After=systemd-tmpfiles-setup.service would wait for /tmp to be mounted or using PrivateTmp=yes might help for this as it adds a dependency on systemd-tmpfiles-setup.service and also hardens the service (https://github.com/systemd/systemd/blob/278953167d27731f46fcb56d77807d522d2ad9d2/src/core/unit.c#L1314C64-L1314C94) ?

I've tried both of these options and neither works.
There is already After tmp.mount and this still causes failures when running. It seems that at some point tmp is remounted.

The issue is that saa is wrapping a salt-ssh command that is forked and doesn't respect/cannot operate within the isolation of the systemd tmpdir.

The environment variable here is purposefully being passed down to the salt-ssh process. I would prefer to keep this setting for tmpfiles passed through to salt

@hunleyd hunleyd requested a review from cynicaljoy October 1, 2025 16:51
@tomashley tomashley merged commit ea44fc5 into develop Oct 1, 2025
14 checks passed
@tomashley tomashley deleted the tom/saa/tmpdir branch October 1, 2025 17:02
hunleyd added a commit that referenced this pull request Oct 6, 2025
@hunleyd
Merge branch 'develop' of github.com:supabase/postgres into INDATA-152
351819f 
* 'develop' of github.com:supabase/postgres: (29 commits)
  refactor(ansible): bring our ansible up to modern ansible-lint standards (#1818)
  fix: update Dockerfiles for changes to postgis multiversion (#1817)
  refactor(ansible): bring our ansible up to modern ansible-lint standards (#1813)
  feat: support multiple versions of the postgis extension (#1667)
  Update pgsql-http to handle semver (#1816)
  feat: add retry policy for auth service routes (#1782)
  refactor(ansible): bring our ansible up to modern ansible-lint standards (#1811)
  fix: move tmpdir for SAA to one that always exists (#1799)
  refactor(ansible): bring our ansible up to modern ansible-lint standards (#1810)
  refactor(ansible): bring our ansible up to modern ansible-lint standards (#1809)
  refactor(ansible): bring our ansible up to modern ansible-lint standards (#1807)
  build: automatically cancel old tests/build on new push (#1808)
  refactor(ansible): bring our ansible up to modern ansible-lint standards (#1804)
  docs: small adjust (#1806)
  docs: getting started guide in README (#1805)
  fix: templating of SAA service file
  fix: adjust the qemu vars filename
  refactor(ansible): bring our ansible up to modern ansible-lint standards
  feat: support multiple versions of the http extension (#1664)
  feat: supply a slightly different supabase-admin-agent configuration for qemu artifacts
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samrose samrose samrose approved these changes

@cynicaljoy cynicaljoy Awaiting requested review from cynicaljoy

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tomashley @jfroche @samrose @cynicaljoy