From fa85934538e81f1513938049db9ee6724f7c7867 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Mon, 27 Oct 2025 13:04:28 -0400 Subject: [PATCH 01/14] refactor(ansible): bring our ansible up to modern ansible-lint standards --- ansible/tasks/stage2-setup-postgres.yml | 543 +++++++++++++----------- 1 file changed, 297 insertions(+), 246 deletions(-) diff --git a/ansible/tasks/stage2-setup-postgres.yml b/ansible/tasks/stage2-setup-postgres.yml index 74da50a57..b0fd0701e 100644 --- a/ansible/tasks/stage2-setup-postgres.yml +++ b/ansible/tasks/stage2-setup-postgres.yml @@ -1,260 +1,311 @@ -# - name: Install openjdk11 for pljava from nix binary cache -# become: yes -# shell: | -# sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install nixpkgs#openjdk11" -# It was decided to leave pljava disabled at https://github.com/supabase/postgres/pull/690 therefore removing this task - - name: Check psql_version and modify supautils.conf and postgresql.conf if necessary block: - - name: Check if psql_version is psql_orioledb-17 - set_fact: + - name: Check if psql_version is psql_orioledb-17 and if psql_version is psql_15 or psql_17 + ansible.builtin.set_fact: is_psql_oriole: "{{ psql_version in ['psql_orioledb-17'] }}" - - - name: Check if psql_version is psql_17 - set_fact: is_psql_17: "{{ psql_version in ['psql_17'] }}" - - - name: Check if psql_version is psql_15 - set_fact: is_psql_15: "{{ psql_version in ['psql_15'] }}" - - name: Remove specified extensions from postgresql.conf if orioledb-17 or 17 build - ansible.builtin.command: - cmd: > - sed -i 's/ timescaledb,//g' - /etc/postgresql/postgresql.conf - when: is_psql_oriole or is_psql_17 and stage2_nix - become: yes - - - name: Remove specified extensions from supautils.conf if orioledb-17 or 17 build - ansible.builtin.command: - cmd: > - sed -i 's/ timescaledb,//g; s/ plv8,//g' - /etc/postgresql-custom/supautils.conf - when: is_psql_oriole or is_psql_17 and stage2_nix - become: yes - - - name: Remove db_user_namespace from postgresql.conf if orioledb-17 or 17 build - ansible.builtin.command: - cmd: > - sed -i 's/db_user_namespace = off/#db_user_namespace = off/g;' - /etc/postgresql/postgresql.conf - when: is_psql_oriole or is_psql_17 and stage2_nix - become: yes - - - name: Append orioledb to shared_preload_libraries append within closing quote - ansible.builtin.command: - cmd: > - sed -i 's/\(shared_preload_libraries.*\)'\''\(.*\)$/\1, orioledb'\''\2/' - /etc/postgresql/postgresql.conf - when: is_psql_oriole and stage2_nix - become: yes - - - name: Add default_table_access_method setting - ansible.builtin.lineinfile: - path: /etc/postgresql/postgresql.conf - line: "default_table_access_method = 'orioledb'" - state: present - when: is_psql_oriole and stage2_nix - become: yes + - name: Execute tasks when (is_psql_oriole or is_psql_17) and stage2_nix + become: true + when: + - (is_psql_oriole or is_psql_17) + - stage2_nix + block: + - name: Remove specified extensions from postgresql.conf if orioledb-17 or 17 build + ansible.builtin.replace: + path: '/etc/postgresql/postgresql.conf' + regexp: '\ timescaledb,' + replace: '' + + - name: Remove specified extensions from supautils.conf if orioledb-17 or 17 build + ansible.builtin.replace: + path: '/etc/postgresql-custom/supautils.conf' + regexp: "{{ regex_item }}" + loop: + - '\ timescaledb,' + - '\ plv8,' + loop_control: + loop_var: 'regex_item' + + - name: Remove db_user_namespace from postgresql.conf if orioledb-17 or 17 build + ansible.builtin.replace: + path: '//etc/pdev/resql/post' + regexp: 'db_user_namespace\ =\ off' + replace: '#db_user_namespace\ =\ off' + + - name: Execute things when is_psql_oriole and stage2_nix + become: true + when: + - is_psql_oriole + - stage2_nix + block: + - name: Append orioledb to shared_preload_libraries append within closing quote + ansible.builtin.replace: + path: '/etc/postgresql/postgresql.conf' + regexp: "(shared_preload_libraries).*(\\'.*)\\'" + replace: "\\1 = \\2, orioledb\\'" + + - name: Add default_table_access_method setting + ansible.builtin.lineinfile: + line: "default_table_access_method = 'orioledb'" + path: '/etc/postgresql/postgresql.conf' + state: 'present' - - name: Add ORIOLEDB_ENABLED environment variable - ansible.builtin.lineinfile: - path: /etc/environment - line: 'ORIOLEDB_ENABLED=true' - when: is_psql_oriole and stage2_nix - become: yes - -- name: Install Postgres from nix binary cache - become: yes - shell: | - sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#{{psql_version}}/bin" - when: stage2_nix - -- name: Install pg_prove from nix binary cache - become: yes - shell: | - sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#pg_prove" - when: stage2_nix - -- name: Install supabase-groonga from nix binary cache - become: yes - shell: | - sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#supabase-groonga" - when: stage2_nix - -- name: Install debug symbols for postgres version - become: yes - shell: | - sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#{{postgresql_version}}_debug" - when: stage2_nix - -- name: Install source files for postgresql version - become: yes - shell: | - sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#{{postgresql_version}}_src" - when: stage2_nix - -- name: Set ownership and permissions for /etc/ssl/private - become: yes - file: - path: /etc/ssl/private - owner: root - group: postgres - mode: '0750' - when: stage2_nix - -- name: Set permissions for postgresql.env - become: yes - file: - path: /etc/environment.d/postgresql.env - owner: postgres - group: postgres - mode: '0644' - when: stage2_nix - -- name: Ensure /usr/lib/postgresql/bin directory exists - file: - path: /usr/lib/postgresql/bin - state: directory - owner: postgres - group: postgres - when: stage2_nix - -- name: Ensure /usr/lib/postgresql/share directory exists - file: - path: /usr/lib/postgresql/share/postgresql - state: directory - owner: postgres - group: postgres - when: stage2_nix - -- name: Ensure /usr/lib/postgresql/share/contrib directory exists - file: - path: /usr/lib/postgresql/share/postgresql/contrib - state: directory - owner: postgres - group: postgres - when: stage2_nix - -- name: Ensure /usr/lib/postgresql/share/timezonesets directory exists - file: - path: /usr/lib/postgresql/share/postgresql/timezonesets - state: directory - owner: postgres - group: postgres - when: stage2_nix - -- name: Ensure /usr/lib/postgresql/share/tsearch_data directory exists - file: - path: /usr/lib/postgresql/share/postgresql/tsearch_data - state: directory - owner: postgres - group: postgres - when: stage2_nix - -- name: Ensure /usr/lib/postgresql/share/extension directory exists - file: - path: /usr/lib/postgresql/share/postgresql/extension - state: directory - owner: postgres - group: postgres - when: stage2_nix - -- name: import pgsodium_getkey script - template: - src: files/pgsodium_getkey_readonly.sh.j2 - dest: "/usr/lib/postgresql/bin/pgsodium_getkey.sh" - owner: postgres - group: postgres - mode: 0700 - when: stage2_nix - -- name: Create symbolic links from /var/lib/postgresql/.nix-profile/bin to /usr/lib/postgresql/bin - shell: >- - find /var/lib/postgresql/.nix-profile/bin/ -maxdepth 1 -type f,l -exec sh -c 'ln -s "$0" "{{ item }}/$(basename $0)"' {} \; - loop: - - /usr/lib/postgresql/bin - - /usr/bin - become: yes - when: stage2_nix - -- name: Check if /usr/bin/pg_config exists - stat: - path: /usr/bin/pg_config - register: pg_config_stat - when: stage2_nix - -- name: Remove existing /usr/bin/pg_config if it is not a symlink - file: - path: /usr/bin/pg_config - state: absent - when: pg_config_stat.stat.exists and not pg_config_stat.stat.islnk and stage2_nix - become: yes - -- name: Ensure postgres user has ownership of symlink - shell: >- - find /var/lib/postgresql/.nix-profile/bin/ -maxdepth 1 -type f,l -exec chown postgres:postgres "/usr/bin/$(basename {})" \; - become: yes - when: stage2_nix - -- name: Create symbolic links from /var/lib/postgresql/.nix-profile/share/postgresql to /usr/lib/postgresql/share/postgresql - shell: >- - find /var/lib/postgresql/.nix-profile/share/postgresql/ -maxdepth 1 -type f,l -exec sh -c 'ln -s "$0" "/usr/lib/postgresql/share/postgresql/$(basename $0)"' {} \; - become: yes - when: stage2_nix - -- name: Create symbolic links from /var/lib/postgresql/.nix-profile/share/postgresql/extension to /usr/lib/postgresql/share/postgresql/extension - shell: >- - find /var/lib/postgresql/.nix-profile/share/postgresql/extension/ -maxdepth 1 -type f,l -exec sh -c 'ln -s "$0" "/usr/lib/postgresql/share/postgresql/extension/$(basename $0)"' {} \; - become: yes - when: stage2_nix - -- name: create destination directory - file: - path: /usr/lib/postgresql/share/postgresql/contrib/ - state: directory - recurse: yes - when: stage2_nix - -# PostGIS contrib linking removed - PostGIS doesn't install to contrib directory -# It installs extensions to /share/postgresql/extension/ which is already linked above - -- name: Create symbolic links from /var/lib/postgresql/.nix-profile/share/postgresql/timezonesets to /usr/lib/postgresql/share/postgresql/timeszonesets - shell: >- - find /var/lib/postgresql/.nix-profile/share/postgresql/timezonesets/ -maxdepth 1 -type f,l -exec sh -c 'ln -s "$0" "/usr/lib/postgresql/share/postgresql/timezonesets/$(basename $0)"' {} \; - become: yes - when: stage2_nix - -- name: Create symbolic links from /var/lib/postgresql/.nix-profile/share/postgresql/tsearch_data to /usr/lib/postgresql/share/postgresql/tsearch_data - shell: >- - find /var/lib/postgresql/.nix-profile/share/postgresql/tsearch_data/ -maxdepth 1 -type f,l -exec sh -c 'ln -s "$0" "/usr/lib/postgresql/share/postgresql/tsearch_data/$(basename $0)"' {} \; - become: yes - when: stage2_nix - -- set_fact: - pg_bindir: "/usr/lib/postgresql/bin" - when: stage2_nix + - name: Add ORIOLEDB_ENABLED environment variable + ansible.builtin.lineinfile: + line: 'ORIOLEDB_ENABLED=true' + path: '/etc/environment' + +- name: Execute things when stage2_nix + become: true + when: + - stage2_nix + block: + - name: Install packages from nix binary cache + ansible.builtin.shell: | + sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#{{ nix_item }}" + loop: + - "{{ psql_version }}/bin" + - pg_prove + - supabase-groonga + - "{{ postgresql_version }}_debug" + - "{{ postgresql_version }}_src" + loop_control: + loop_var: 'nix_item' + + - name: Set ownership and permissions for file and dirs + ansible.builtin.file: + group: 'postgres' + mode: "{{ file_item['mode'] | default('0755', true) }}" + owner: "{{ file_item['owner'] | default('postgres', true) }}" + path: "{{ file_item['path'] }}" + state: "{{ file_item['state'] | default('directory', true) }}" + loop: + - { mode: '0750', path: '/etc/ssl/private', owner: 'root' } + - { mode: '0644', path: '/etc/environment.d/postgresql.env' , state: 'file'} + - { path: '/usr/lib/postgresql/bin' } + - { path: '/usr/lib/postgresql/share/postgresql' } + - { path: '/usr/lib/postgresql/share/postgresql/contrib' } + - { path: '/usr/lib/postgresql/share/postgresql/timezonesets' } + - { path: '/usr/lib/postgresql/share/postgresql/tsearch_data' } + - { path: '/usr/lib/postgresql/share/postgresql/extension' } + + - name: import pgsodium_getkey script + ansible.builtin.template: + dest: '/usr/lib/postgresql/bin/pgsodium_getkey.sh' + group: 'postgres' + mode: '0700' + owner: 'postgres' + src: 'files/pgsodium_getkey_readonly.sh.j2' + + - name: Find all files in /var/lib/postgresql/.nix-profile/bin/ + ansible.builtin.find: + depth: 1 + file_type: 'file' + path: '/var/lib/postgresql/.nix-profile/bin/' + register: 'nix_files' + + - name: Find all the symlinks in /var/lib/postgresql/.nix-profile/bin/ + ansible.builtin.find: + depth: 1 + file_type: 'link' + path: '/var/lib/postgresql/.nix-profile/bin/' + register: 'nix_links' + + - name: Create symlinks for Nix files into /usr/lib/postgresql/bin + ansible.builtin.file: + group: 'postgres' + owner: 'postgres' + path: "/usr/lib/postgresql/bin/{{ file_item['path'] | basename }}" + src: "{{ file_item['path'] }}" + state: 'link' + loop: "{{ nix_files['files'] }}" + loop_control: + loop_var: 'file_item' + + - name: Create symlinks for Nix files into /usr/bin + ansible.builtin.file: + group: 'postgres' + owner: 'postgres' + path: "/usr/bin/{{ file_item['path'] | basename }}" + src: "{{ file_item['path'] }}" + state: 'link' + loop: "{{ nix_files['files'] }}" + loop_control: + loop_var: 'file_item' + + - name: Create symlinks for Nix symlinks into /usr/lib/postgresql/bin + ansible.builtin.file: + group: 'postgres' + owner: 'postgres' + path: "/usr/lib/postgresql/bin/{{ link_item['path'] | basename }}" + src: "{{ link_item['path'] }}" + state: 'link' + loop: "{{ nix_links['files'] }}" + loop_control: + loop_var: 'link_item' + + - name: Create symlinks for Nix files into /usr/bin + ansible.builtin.file: + group: 'postgres' + owner: 'postgres' + path: "/usr/bin/{{ link_item['path'] | basename }}" + src: "{{ link_item['path'] }}" + state: 'link' + loop: "{{ nix_links['files'] }}" + loop_control: + loop_var: 'link_item' + + # this task should be redundant, no? + - name: Force /usr/bin/pg_config to be a symlink + ansible.builtin.file: + force: true + path: '/usr/bin/pg_config' + src: '/var/lib/postgresql/.nix-profile/bin/pg_config' + state: 'link' + + - name: Find all links in /var/lib/postgresql/.nix-profile/share/{postgresql,extension, timezonesets, tsearch_data} + ansible.builtin.find: + depth: 1 + file_type: 'link' + path: "/var/lib/postgresql/.nix-profile/share/{{ share_item }}" + loop: + - postgresql + - extension + - timezonesets + - tsearch_data + loop_control: + loop_var ' share_item' + register: "{{ share_item }}_links" + + - name: Find all files in /var/lib/postgresql/.nix-profile/share/{postgresql,extension, timezonesets, tsearch_data} + ansible.builtin.find: + depth: 1 + file_type: 'file' + path: "/var/lib/postgresql/.nix-profile/share/{{ share_item }}" + loop: + - postgresql + - extension + - timezonesets + - tsearch_data + loop_control: + loop_var ' share_item' + register: "{{ share_item }}_files" + + - name: Create symlinks for PG share links into /usr/lib/postgresql/share/postgresql + ansible.builtin.file: + group: 'postgres' + owner: 'postgres' + path: "/usr/lib/postgresql/share/postgresql/{{ link_item['path'] | basename }}" + src: "{{ link_item['path'] }}" + state: 'link' + loop: "{{ postgresql_links['files'] }}" + loop_control: + loop_var: 'link_item' + + - name: Create symlinks for PG share files into /usr/lib/postgresql/share/postgresql + ansible.builtin.file: + group: 'postgres' + owner: 'postgres' + path: "/usr/lib/postgresql/share/postgresql/{{ file_item['path'] | basename }}" + src: "{{ file_item['path'] }}" + state: 'link' + loop: "{{ postgresql_files['files'] }}" + loop_control: + loop_var: 'file_item' + + - name: Create symlinks for PG share links into /usr/lib/postgresql/share/extension + ansible.builtin.file: + group: 'postgres' + owner: 'postgres' + path: "/usr/share/postgresql/share/extension/{{ link_item['path'] | basename }}" + src: "{{ link_item['path'] }}" + state: 'link' + loop: "{{ extension_links['files'] }}" + loop_control: + loop_var: 'link_item' + + - name: Create symlinks for PG share files into /usr/lib/postgresql/share/extension + ansible.builtin.file: + group: 'postgres' + owner: 'postgres' + path: "/usr/lib/postgresql/share/extension/{{ file_item['path'] | basename }}" + src: "{{ file_item['path'] }}" + state: 'link' + loop: "{{ extension_files['files'] }}" + loop_control: + loop_var: 'file_item' + + - name: Create symlinks for PG share links into /usr/lib/postgresql/share/timezonesets + ansible.builtin.file: + group: 'postgres' + owner: 'postgres' + path: "/usr/lib/postgresql/share/timezonesets/{{ link_item['path'] | basename }}" + src: "{{ link_item['path'] }}" + state: 'link' + loop: "{{ timezonesets_links['files'] }}" + loop_control: + loop_var: 'link_item' + + - name: Create symlinks for PG share files into /usr/lib/postgresql/share/timezonesets + ansible.builtin.file: + group: 'postgres' + owner: 'postgres' + path: "/usr/lib/postgresql/share/timezonesets/{{ file_item['path'] | basename }}" + src: "{{ file_item['path'] }}" + state: 'link' + loop: "{{ timezonesets_files['files'] }}" + loop_control: + loop_var: 'file_item' + + - name: Create symlinks for PG share links into /usr/lib/postgresql/share/tsearch_data + ansible.builtin.file: + group: 'postgres' + owner: 'postgres' + path: "/usr/lib/postgresql/share/tsearch_data/{{ link_item['path'] | basename }}" + src: "{{ link_item['path'] }}" + state: 'link' + loop: "{{ tsearch_data_links['files'] }}" + loop_control: + loop_var: 'link_item' + + - name: Create symlinks for PG share files into /usr/lib/postgresql/share/tsearch_data + ansible.builtin.file: + group: 'postgres' + owner: 'postgres' + path: "/usr/lib/postgresql/share/tsearch_data/{{ file_item['path'] | basename }}" + src: "{{ file_item['path'] }}" + state: 'link' + loop: "{{ tsearch_data_files['files'] }}" + loop_control: + loop_var: 'file_item' + + - name: create destination directory + ansible.builtin.file: + path: '/usr/lib/postgresql/share/postgresql/contrib/' + recurse: true + state: 'directory' + + - name: Set the PG bin dir as a fact + ansible.builtin.set_fact: + pg_bindir: '/usr/lib/postgresql/bin' -- name: pgsodium - set pgsodium.getkey_script - become: yes - lineinfile: - path: /etc/postgresql/postgresql.conf - state: present # script is expected to be placed by finalization tasks for different target platforms - line: pgsodium.getkey_script= '{{ pg_bindir }}/pgsodium_getkey.sh' - when: stage2_nix + - name: pgsodium - set pgsodium.getkey_script + ansible.builtin.lineinfile: + line: "pgsodium.getkey_script= '{{ pg_bindir }}/pgsodium_getkey.sh'" + path: '/etc/postgresql/postgresql.conf' + state: 'present' -- name: Create symbolic link for pgsodium_getkey script - file: - src: "/usr/lib/postgresql/bin/pgsodium_getkey.sh" - dest: "/usr/lib/postgresql/share/postgresql/extension/pgsodium_getkey" - state: link - become: yes - when: stage2_nix + - name: Create symbolic link for pgsodium_getkey script + ansible.builtin.file: + dest: '/usr/lib/postgresql/share/postgresql/extension/pgsodium_getkey' + src: '/usr/lib/postgresql/bin/pgsodium_getkey.sh' + state: 'link' - name: Append GRN_PLUGINS_DIR to /etc/environment.d/postgresql.env ansible.builtin.lineinfile: - path: /etc/environment.d/postgresql.env line: 'GRN_PLUGINS_DIR=/var/lib/postgresql/.nix-profile/lib/groonga/plugins' - become: yes + path: '/etc/environment.d/postgresql.env' + become: true From 309d4fdc8e6d35d57e039a7b027cc9eedfbaf1fa Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Mon, 27 Oct 2025 13:32:04 -0400 Subject: [PATCH 02/14] fix(stage2-setup-postgres): typo fixup --- ansible/tasks/stage2-setup-postgres.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/stage2-setup-postgres.yml b/ansible/tasks/stage2-setup-postgres.yml index b0fd0701e..e022d82a2 100644 --- a/ansible/tasks/stage2-setup-postgres.yml +++ b/ansible/tasks/stage2-setup-postgres.yml @@ -176,7 +176,7 @@ - timezonesets - tsearch_data loop_control: - loop_var ' share_item' + loop_var: 'share_item' register: "{{ share_item }}_links" - name: Find all files in /var/lib/postgresql/.nix-profile/share/{postgresql,extension, timezonesets, tsearch_data} From f673e002bab20a1bbc9163f66877913336c437b9 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Mon, 27 Oct 2025 13:59:14 -0400 Subject: [PATCH 03/14] fix(stage2-setup-postgres): lazy eval means we trip over variable naming rules --- ansible/tasks/stage2-setup-postgres.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/ansible/tasks/stage2-setup-postgres.yml b/ansible/tasks/stage2-setup-postgres.yml index e022d82a2..8fb656adf 100644 --- a/ansible/tasks/stage2-setup-postgres.yml +++ b/ansible/tasks/stage2-setup-postgres.yml @@ -177,7 +177,7 @@ - tsearch_data loop_control: loop_var: 'share_item' - register: "{{ share_item }}_links" + register: "_{{ share_item }}_links" - name: Find all files in /var/lib/postgresql/.nix-profile/share/{postgresql,extension, timezonesets, tsearch_data} ansible.builtin.find: @@ -191,7 +191,7 @@ - tsearch_data loop_control: loop_var ' share_item' - register: "{{ share_item }}_files" + register: _"{{ share_item }}_files" - name: Create symlinks for PG share links into /usr/lib/postgresql/share/postgresql ansible.builtin.file: @@ -200,7 +200,7 @@ path: "/usr/lib/postgresql/share/postgresql/{{ link_item['path'] | basename }}" src: "{{ link_item['path'] }}" state: 'link' - loop: "{{ postgresql_links['files'] }}" + loop: "_{{ postgresql_links['files'] }}" loop_control: loop_var: 'link_item' @@ -211,7 +211,7 @@ path: "/usr/lib/postgresql/share/postgresql/{{ file_item['path'] | basename }}" src: "{{ file_item['path'] }}" state: 'link' - loop: "{{ postgresql_files['files'] }}" + loop: "_{{ postgresql_files['files'] }}" loop_control: loop_var: 'file_item' @@ -222,7 +222,7 @@ path: "/usr/share/postgresql/share/extension/{{ link_item['path'] | basename }}" src: "{{ link_item['path'] }}" state: 'link' - loop: "{{ extension_links['files'] }}" + loop: "_{{ extension_links['files'] }}" loop_control: loop_var: 'link_item' @@ -233,7 +233,7 @@ path: "/usr/lib/postgresql/share/extension/{{ file_item['path'] | basename }}" src: "{{ file_item['path'] }}" state: 'link' - loop: "{{ extension_files['files'] }}" + loop: "_{{ extension_files['files'] }}" loop_control: loop_var: 'file_item' @@ -244,7 +244,7 @@ path: "/usr/lib/postgresql/share/timezonesets/{{ link_item['path'] | basename }}" src: "{{ link_item['path'] }}" state: 'link' - loop: "{{ timezonesets_links['files'] }}" + loop: "_{{ timezonesets_links['files'] }}" loop_control: loop_var: 'link_item' @@ -255,7 +255,7 @@ path: "/usr/lib/postgresql/share/timezonesets/{{ file_item['path'] | basename }}" src: "{{ file_item['path'] }}" state: 'link' - loop: "{{ timezonesets_files['files'] }}" + loop: "_{{ timezonesets_files['files'] }}" loop_control: loop_var: 'file_item' @@ -266,7 +266,7 @@ path: "/usr/lib/postgresql/share/tsearch_data/{{ link_item['path'] | basename }}" src: "{{ link_item['path'] }}" state: 'link' - loop: "{{ tsearch_data_links['files'] }}" + loop: "_{{ tsearch_data_links['files'] }}" loop_control: loop_var: 'link_item' @@ -277,7 +277,7 @@ path: "/usr/lib/postgresql/share/tsearch_data/{{ file_item['path'] | basename }}" src: "{{ file_item['path'] }}" state: 'link' - loop: "{{ tsearch_data_files['files'] }}" + loop: "_{{ tsearch_data_files['files'] }}" loop_control: loop_var: 'file_item' From 113abe71dbbd527b3c448e8765e33081c61cb617 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Mon, 27 Oct 2025 15:36:02 -0400 Subject: [PATCH 04/14] fix(stage2-setup-postgres): more playing w/ the variable evaluation --- ansible/tasks/stage2-setup-postgres.yml | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/ansible/tasks/stage2-setup-postgres.yml b/ansible/tasks/stage2-setup-postgres.yml index 8fb656adf..898196fc5 100644 --- a/ansible/tasks/stage2-setup-postgres.yml +++ b/ansible/tasks/stage2-setup-postgres.yml @@ -177,7 +177,9 @@ - tsearch_data loop_control: loop_var: 'share_item' - register: "_{{ share_item }}_links" + register: "{{ reg_var }}" + vars: + reg_var: "{{ share_item }}_links" - name: Find all files in /var/lib/postgresql/.nix-profile/share/{postgresql,extension, timezonesets, tsearch_data} ansible.builtin.find: @@ -191,7 +193,9 @@ - tsearch_data loop_control: loop_var ' share_item' - register: _"{{ share_item }}_files" + register: "{{ reg_var }}" + vars: + reg_var: "{{ share_item }}_files" - name: Create symlinks for PG share links into /usr/lib/postgresql/share/postgresql ansible.builtin.file: @@ -200,7 +204,7 @@ path: "/usr/lib/postgresql/share/postgresql/{{ link_item['path'] | basename }}" src: "{{ link_item['path'] }}" state: 'link' - loop: "_{{ postgresql_links['files'] }}" + loop: "{{ postgresql_links['files'] }}" loop_control: loop_var: 'link_item' @@ -211,7 +215,7 @@ path: "/usr/lib/postgresql/share/postgresql/{{ file_item['path'] | basename }}" src: "{{ file_item['path'] }}" state: 'link' - loop: "_{{ postgresql_files['files'] }}" + loop: "{{ postgresql_files['files'] }}" loop_control: loop_var: 'file_item' @@ -222,7 +226,7 @@ path: "/usr/share/postgresql/share/extension/{{ link_item['path'] | basename }}" src: "{{ link_item['path'] }}" state: 'link' - loop: "_{{ extension_links['files'] }}" + loop: "{{ extension_links['files'] }}" loop_control: loop_var: 'link_item' @@ -233,7 +237,7 @@ path: "/usr/lib/postgresql/share/extension/{{ file_item['path'] | basename }}" src: "{{ file_item['path'] }}" state: 'link' - loop: "_{{ extension_files['files'] }}" + loop: "{{ extension_files['files'] }}" loop_control: loop_var: 'file_item' @@ -244,7 +248,7 @@ path: "/usr/lib/postgresql/share/timezonesets/{{ link_item['path'] | basename }}" src: "{{ link_item['path'] }}" state: 'link' - loop: "_{{ timezonesets_links['files'] }}" + loop: "{{ timezonesets_links['files'] }}" loop_control: loop_var: 'link_item' @@ -255,7 +259,7 @@ path: "/usr/lib/postgresql/share/timezonesets/{{ file_item['path'] | basename }}" src: "{{ file_item['path'] }}" state: 'link' - loop: "_{{ timezonesets_files['files'] }}" + loop: "{{ timezonesets_files['files'] }}" loop_control: loop_var: 'file_item' @@ -266,7 +270,7 @@ path: "/usr/lib/postgresql/share/tsearch_data/{{ link_item['path'] | basename }}" src: "{{ link_item['path'] }}" state: 'link' - loop: "_{{ tsearch_data_links['files'] }}" + loop: "{{ tsearch_data_links['files'] }}" loop_control: loop_var: 'link_item' @@ -277,7 +281,7 @@ path: "/usr/lib/postgresql/share/tsearch_data/{{ file_item['path'] | basename }}" src: "{{ file_item['path'] }}" state: 'link' - loop: "_{{ tsearch_data_files['files'] }}" + loop: "{{ tsearch_data_files['files'] }}" loop_control: loop_var: 'file_item' From b9ec11803a16787a940c83e800759e8f8181d4a6 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Mon, 27 Oct 2025 16:03:07 -0400 Subject: [PATCH 05/14] fix(stage2-setup-postgres): fine, you win. we won't loop, and we'll do it the long, slow ass way --- ansible/tasks/stage2-setup-postgres.yml | 72 ++++++++++++++++--------- 1 file changed, 48 insertions(+), 24 deletions(-) diff --git a/ansible/tasks/stage2-setup-postgres.yml b/ansible/tasks/stage2-setup-postgres.yml index 898196fc5..892955749 100644 --- a/ansible/tasks/stage2-setup-postgres.yml +++ b/ansible/tasks/stage2-setup-postgres.yml @@ -165,37 +165,61 @@ src: '/var/lib/postgresql/.nix-profile/bin/pg_config' state: 'link' - - name: Find all links in /var/lib/postgresql/.nix-profile/share/{postgresql,extension, timezonesets, tsearch_data} + - name: Find all links in /var/lib/postgresql/.nix-profile/share/postgresql ansible.builtin.find: depth: 1 file_type: 'link' - path: "/var/lib/postgresql/.nix-profile/share/{{ share_item }}" - loop: - - postgresql - - extension - - timezonesets - - tsearch_data - loop_control: - loop_var: 'share_item' - register: "{{ reg_var }}" - vars: - reg_var: "{{ share_item }}_links" + path: '/var/lib/postgresql/.nix-profile/share/postgresql' + register: 'postgresql_links' + + - name: Find all links in /var/lib/postgresql/.nix-profile/share/extension + ansible.builtin.find: + depth: 1 + file_type: 'link' + path: '/var/lib/postgresql/.nix-profile/share/extension' + register: 'extension_links' + + - name: Find all links in /var/lib/postgresql/.nix-profile/share/timezonesets + ansible.builtin.find: + depth: 1 + file_type: 'link' + path: '/var/lib/postgresql/.nix-profile/share/timezonesets' + register: 'timezonesets_links' + + - name: Find all links in /var/lib/postgresql/.nix-profile/share/tsearch_data + ansible.builtin.find: + depth: 1 + file_type: 'link' + path: '/var/lib/postgresql/.nix-profile/share/tsearch_data' + register: 'tsearch_data_links' - - name: Find all files in /var/lib/postgresql/.nix-profile/share/{postgresql,extension, timezonesets, tsearch_data} + - name: Find all files in /var/lib/postgresql/.nix-profile/share/postgresql ansible.builtin.find: depth: 1 file_type: 'file' - path: "/var/lib/postgresql/.nix-profile/share/{{ share_item }}" - loop: - - postgresql - - extension - - timezonesets - - tsearch_data - loop_control: - loop_var ' share_item' - register: "{{ reg_var }}" - vars: - reg_var: "{{ share_item }}_files" + path: '/var/lib/postgresql/.nix-profile/share/postgresql' + register: 'postgresql_files' + + - name: Find all files in /var/lib/postgresql/.nix-profile/share/extension + ansible.builtin.find: + depth: 1 + file_type: 'file' + path: '/var/lib/postgresql/.nix-profile/share/extension' + register: 'extension_files' + + - name: Find all files in /var/lib/postgresql/.nix-profile/share/timezonesets + ansible.builtin.find: + depth: 1 + file_type: 'file' + path: '/var/lib/postgresql/.nix-profile/share/timezonesets' + register: 'timezonesets_files' + + - name: Find all files in /var/lib/postgresql/.nix-profile/share/tsearch_data + ansible.builtin.find: + depth: 1 + file_type: 'file' + path: '/var/lib/postgresql/.nix-profile/share/tsearch_data' + register: 'tsearch_data_files' - name: Create symlinks for PG share links into /usr/lib/postgresql/share/postgresql ansible.builtin.file: From f634b889a666c0a8d3bd46db1f1242d30255e4aa Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Tue, 28 Oct 2025 08:59:41 -0400 Subject: [PATCH 06/14] fix(stage2-setup-postgres): when moving stuff around it hekps to move loop_var with it. sigh --- ansible/tasks/stage2-setup-postgres.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/tasks/stage2-setup-postgres.yml b/ansible/tasks/stage2-setup-postgres.yml index 892955749..dd921b3ec 100644 --- a/ansible/tasks/stage2-setup-postgres.yml +++ b/ansible/tasks/stage2-setup-postgres.yml @@ -90,6 +90,8 @@ - { path: '/usr/lib/postgresql/share/postgresql/timezonesets' } - { path: '/usr/lib/postgresql/share/postgresql/tsearch_data' } - { path: '/usr/lib/postgresql/share/postgresql/extension' } + loop_control: + loop_var: 'file_item' - name: import pgsodium_getkey script ansible.builtin.template: From c22b0a3e617acbb641858df307dccd5136d5b287 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Tue, 28 Oct 2025 09:41:29 -0400 Subject: [PATCH 07/14] fix(stage2-setup-postgres): not sure how i munged that path so badly. i blame the drugs --- ansible/tasks/stage2-setup-postgres.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/stage2-setup-postgres.yml b/ansible/tasks/stage2-setup-postgres.yml index dd921b3ec..682a22d41 100644 --- a/ansible/tasks/stage2-setup-postgres.yml +++ b/ansible/tasks/stage2-setup-postgres.yml @@ -30,7 +30,7 @@ - name: Remove db_user_namespace from postgresql.conf if orioledb-17 or 17 build ansible.builtin.replace: - path: '//etc/pdev/resql/post' + path: '/etc/postgresql/postgresql.conf' regexp: 'db_user_namespace\ =\ off' replace: '#db_user_namespace\ =\ off' From cb12bb55fb8f2a9a34110cfd20de6599315b4839 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Tue, 28 Oct 2025 10:35:31 -0400 Subject: [PATCH 08/14] fix(stage2-setup-postgres): force overwriting --- ansible/tasks/stage2-setup-postgres.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/tasks/stage2-setup-postgres.yml b/ansible/tasks/stage2-setup-postgres.yml index 682a22d41..cb0475763 100644 --- a/ansible/tasks/stage2-setup-postgres.yml +++ b/ansible/tasks/stage2-setup-postgres.yml @@ -225,6 +225,7 @@ - name: Create symlinks for PG share links into /usr/lib/postgresql/share/postgresql ansible.builtin.file: + force: true group: 'postgres' owner: 'postgres' path: "/usr/lib/postgresql/share/postgresql/{{ link_item['path'] | basename }}" From 8caec8b24dbe1cc5a10b95a0b333827618e9284d Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Tue, 28 Oct 2025 10:53:19 -0400 Subject: [PATCH 09/14] fix(stage2-setup-postgres): stop making things harder and just symlink parent dirs --- ansible/tasks/stage2-setup-postgres.yml | 142 +----------------------- 1 file changed, 3 insertions(+), 139 deletions(-) diff --git a/ansible/tasks/stage2-setup-postgres.yml b/ansible/tasks/stage2-setup-postgres.yml index cb0475763..4042631cd 100644 --- a/ansible/tasks/stage2-setup-postgres.yml +++ b/ansible/tasks/stage2-setup-postgres.yml @@ -167,150 +167,14 @@ src: '/var/lib/postgresql/.nix-profile/bin/pg_config' state: 'link' - - name: Find all links in /var/lib/postgresql/.nix-profile/share/postgresql - ansible.builtin.find: - depth: 1 - file_type: 'link' - path: '/var/lib/postgresql/.nix-profile/share/postgresql' - register: 'postgresql_links' - - - name: Find all links in /var/lib/postgresql/.nix-profile/share/extension - ansible.builtin.find: - depth: 1 - file_type: 'link' - path: '/var/lib/postgresql/.nix-profile/share/extension' - register: 'extension_links' - - - name: Find all links in /var/lib/postgresql/.nix-profile/share/timezonesets - ansible.builtin.find: - depth: 1 - file_type: 'link' - path: '/var/lib/postgresql/.nix-profile/share/timezonesets' - register: 'timezonesets_links' - - - name: Find all links in /var/lib/postgresql/.nix-profile/share/tsearch_data - ansible.builtin.find: - depth: 1 - file_type: 'link' - path: '/var/lib/postgresql/.nix-profile/share/tsearch_data' - register: 'tsearch_data_links' - - - name: Find all files in /var/lib/postgresql/.nix-profile/share/postgresql - ansible.builtin.find: - depth: 1 - file_type: 'file' - path: '/var/lib/postgresql/.nix-profile/share/postgresql' - register: 'postgresql_files' - - - name: Find all files in /var/lib/postgresql/.nix-profile/share/extension - ansible.builtin.find: - depth: 1 - file_type: 'file' - path: '/var/lib/postgresql/.nix-profile/share/extension' - register: 'extension_files' - - - name: Find all files in /var/lib/postgresql/.nix-profile/share/timezonesets - ansible.builtin.find: - depth: 1 - file_type: 'file' - path: '/var/lib/postgresql/.nix-profile/share/timezonesets' - register: 'timezonesets_files' - - - name: Find all files in /var/lib/postgresql/.nix-profile/share/tsearch_data - ansible.builtin.find: - depth: 1 - file_type: 'file' - path: '/var/lib/postgresql/.nix-profile/share/tsearch_data' - register: 'tsearch_data_files' - - - name: Create symlinks for PG share links into /usr/lib/postgresql/share/postgresql + - name: Create symlinks for PG share links into /usr/lib/postgresql/share ansible.builtin.file: force: true group: 'postgres' owner: 'postgres' - path: "/usr/lib/postgresql/share/postgresql/{{ link_item['path'] | basename }}" - src: "{{ link_item['path'] }}" + path: '/usr/lib/postgresql/share' + src: '/var/lib/postgresql/.nix-profile/share' state: 'link' - loop: "{{ postgresql_links['files'] }}" - loop_control: - loop_var: 'link_item' - - - name: Create symlinks for PG share files into /usr/lib/postgresql/share/postgresql - ansible.builtin.file: - group: 'postgres' - owner: 'postgres' - path: "/usr/lib/postgresql/share/postgresql/{{ file_item['path'] | basename }}" - src: "{{ file_item['path'] }}" - state: 'link' - loop: "{{ postgresql_files['files'] }}" - loop_control: - loop_var: 'file_item' - - - name: Create symlinks for PG share links into /usr/lib/postgresql/share/extension - ansible.builtin.file: - group: 'postgres' - owner: 'postgres' - path: "/usr/share/postgresql/share/extension/{{ link_item['path'] | basename }}" - src: "{{ link_item['path'] }}" - state: 'link' - loop: "{{ extension_links['files'] }}" - loop_control: - loop_var: 'link_item' - - - name: Create symlinks for PG share files into /usr/lib/postgresql/share/extension - ansible.builtin.file: - group: 'postgres' - owner: 'postgres' - path: "/usr/lib/postgresql/share/extension/{{ file_item['path'] | basename }}" - src: "{{ file_item['path'] }}" - state: 'link' - loop: "{{ extension_files['files'] }}" - loop_control: - loop_var: 'file_item' - - - name: Create symlinks for PG share links into /usr/lib/postgresql/share/timezonesets - ansible.builtin.file: - group: 'postgres' - owner: 'postgres' - path: "/usr/lib/postgresql/share/timezonesets/{{ link_item['path'] | basename }}" - src: "{{ link_item['path'] }}" - state: 'link' - loop: "{{ timezonesets_links['files'] }}" - loop_control: - loop_var: 'link_item' - - - name: Create symlinks for PG share files into /usr/lib/postgresql/share/timezonesets - ansible.builtin.file: - group: 'postgres' - owner: 'postgres' - path: "/usr/lib/postgresql/share/timezonesets/{{ file_item['path'] | basename }}" - src: "{{ file_item['path'] }}" - state: 'link' - loop: "{{ timezonesets_files['files'] }}" - loop_control: - loop_var: 'file_item' - - - name: Create symlinks for PG share links into /usr/lib/postgresql/share/tsearch_data - ansible.builtin.file: - group: 'postgres' - owner: 'postgres' - path: "/usr/lib/postgresql/share/tsearch_data/{{ link_item['path'] | basename }}" - src: "{{ link_item['path'] }}" - state: 'link' - loop: "{{ tsearch_data_links['files'] }}" - loop_control: - loop_var: 'link_item' - - - name: Create symlinks for PG share files into /usr/lib/postgresql/share/tsearch_data - ansible.builtin.file: - group: 'postgres' - owner: 'postgres' - path: "/usr/lib/postgresql/share/tsearch_data/{{ file_item['path'] | basename }}" - src: "{{ file_item['path'] }}" - state: 'link' - loop: "{{ tsearch_data_files['files'] }}" - loop_control: - loop_var: 'file_item' - name: create destination directory ansible.builtin.file: From ecaabdab5c7c122586bf3f08416a3de1a7bf2fb4 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Tue, 28 Oct 2025 11:40:11 -0400 Subject: [PATCH 10/14] fix(stage2-setup-postgres): nuke the dir so we can recreate it as a symlink --- ansible/tasks/stage2-setup-postgres.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ansible/tasks/stage2-setup-postgres.yml b/ansible/tasks/stage2-setup-postgres.yml index 4042631cd..7f7675639 100644 --- a/ansible/tasks/stage2-setup-postgres.yml +++ b/ansible/tasks/stage2-setup-postgres.yml @@ -167,9 +167,13 @@ src: '/var/lib/postgresql/.nix-profile/bin/pg_config' state: 'link' + - name: Nuke /usr/lib/postgresql/share so we can recreate it as a symlink + ansible.builtin.file: + path: '/usr/lib/postgresql/share' + state: 'absent' + - name: Create symlinks for PG share links into /usr/lib/postgresql/share ansible.builtin.file: - force: true group: 'postgres' owner: 'postgres' path: '/usr/lib/postgresql/share' From cbd5986eb9983250c8b5fb3ec3d6b2aac479293b Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Tue, 28 Oct 2025 12:36:47 -0400 Subject: [PATCH 11/14] test(test-image): cat the pg conf file to stdout so i can see wtf is going on --- ansible/tasks/test-image.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/tasks/test-image.yml b/ansible/tasks/test-image.yml index a0d3b2b78..2bb32be2d 100644 --- a/ansible/tasks/test-image.yml +++ b/ansible/tasks/test-image.yml @@ -33,6 +33,11 @@ failed_when: verify_result.rc != 0 when: debpkg_mode or stage2_nix +- command: cat /etc/postgresql/postgresql.config + register: pgconf +- debug: + msg: "{{ pgconf.stdout }}" + - name: Start Postgres Database to load all extensions. become: yes become_user: postgres From fccdaaa57ce4808e5f12a5b98a7b86a95ebc6c96 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Tue, 28 Oct 2025 13:22:05 -0400 Subject: [PATCH 12/14] test(test-image): don't let nvim autocomplete conf to config, damnit --- ansible/tasks/test-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/test-image.yml b/ansible/tasks/test-image.yml index 2bb32be2d..85b254ab0 100644 --- a/ansible/tasks/test-image.yml +++ b/ansible/tasks/test-image.yml @@ -33,7 +33,7 @@ failed_when: verify_result.rc != 0 when: debpkg_mode or stage2_nix -- command: cat /etc/postgresql/postgresql.config +- command: cat /etc/postgresql/postgresql.conf register: pgconf - debug: msg: "{{ pgconf.stdout }}" From ef928623379985e6b52f667b38bd36239696925f Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Tue, 28 Oct 2025 14:10:39 -0400 Subject: [PATCH 13/14] fix(stage2-setup-postgres): the replacement isn't a regex so don't treat it as one --- ansible/tasks/stage2-setup-postgres.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/stage2-setup-postgres.yml b/ansible/tasks/stage2-setup-postgres.yml index 7f7675639..178ef0d43 100644 --- a/ansible/tasks/stage2-setup-postgres.yml +++ b/ansible/tasks/stage2-setup-postgres.yml @@ -44,7 +44,7 @@ ansible.builtin.replace: path: '/etc/postgresql/postgresql.conf' regexp: "(shared_preload_libraries).*(\\'.*)\\'" - replace: "\\1 = \\2, orioledb\\'" + replace: "\\1 = \\2, orioledb'" - name: Add default_table_access_method setting ansible.builtin.lineinfile: From 452bce85806a1549c5249d7138f62be574466c83 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Tue, 28 Oct 2025 15:06:51 -0400 Subject: [PATCH 14/14] test(test-image): remove my debug output s things are sorted out now --- ansible/tasks/test-image.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/ansible/tasks/test-image.yml b/ansible/tasks/test-image.yml index 85b254ab0..a0d3b2b78 100644 --- a/ansible/tasks/test-image.yml +++ b/ansible/tasks/test-image.yml @@ -33,11 +33,6 @@ failed_when: verify_result.rc != 0 when: debpkg_mode or stage2_nix -- command: cat /etc/postgresql/postgresql.conf - register: pgconf -- debug: - msg: "{{ pgconf.stdout }}" - - name: Start Postgres Database to load all extensions. become: yes become_user: postgres