diff --git a/amazon-arm64.pkr.hcl b/amazon-arm64.pkr.hcl index 884a8944b..49cf6c1a0 100644 --- a/amazon-arm64.pkr.hcl +++ b/amazon-arm64.pkr.hcl @@ -243,7 +243,8 @@ build { "DOCKER_USER=${var.docker_user}", "DOCKER_PASSWD=${var.docker_passwd}", "DOCKER_IMAGE=${var.docker_image}", - "DOCKER_IMAGE_TAG=${var.docker_image_tag}" + "DOCKER_IMAGE_TAG=${var.docker_image_tag}", + "POSTGRES_SUPABASE_VERSION=${var.postgres-version}" ] use_env_var_file = true script = "ebssurrogate/scripts/surrogate-bootstrap.sh" diff --git a/ansible/files/envoy_config/lds.yaml b/ansible/files/envoy_config/lds.yaml index d1af58493..84acfc041 100644 --- a/ansible/files/envoy_config/lds.yaml +++ b/ansible/files/envoy_config/lds.yaml @@ -3,8 +3,9 @@ resources: name: http_listener address: socket_address: - address: 0.0.0.0 + address: '::' port_value: 80 + ipv4_compat: true filter_chains: - filters: &ref_1 - name: envoy.filters.network.http_connection_manager @@ -295,8 +296,9 @@ resources: name: https_listener address: socket_address: - address: 0.0.0.0 + address: '::' port_value: 443 + ipv4_compat: true filter_chains: - filters: *ref_1 transport_socket: diff --git a/ansible/files/kong_config/kong.conf.j2 b/ansible/files/kong_config/kong.conf.j2 index 54ce718c2..39067575e 100644 --- a/ansible/files/kong_config/kong.conf.j2 +++ b/ansible/files/kong_config/kong.conf.j2 @@ -4,4 +4,4 @@ declarative_config = /etc/kong/kong.yml # plugins defined in the dockerfile plugins = request-transformer,cors,key-auth,http-log -proxy_listen = 0.0.0.0:80 reuseport backlog=16384, 0.0.0.0:443 http2 ssl reuseport backlog=16834 +proxy_listen = 0.0.0.0:80 reuseport backlog=16384, 0.0.0.0:443 http2 ssl reuseport backlog=16834, [::]:80 reuseport backlog=16384, [::]:443 http2 ssl reuseport backlog=16384 diff --git a/ansible/files/pgbouncer_config/pgbouncer.ini.j2 b/ansible/files/pgbouncer_config/pgbouncer.ini.j2 index bad7eb46f..e4518c007 100644 --- a/ansible/files/pgbouncer_config/pgbouncer.ini.j2 +++ b/ansible/files/pgbouncer_config/pgbouncer.ini.j2 @@ -51,7 +51,7 @@ pidfile = /var/run/pgbouncer/pgbouncer.pid ;;; ;; IP address or * which means all IPs -listen_addr = 0.0.0.0 +listen_addr = * listen_port = 6543 ;; Unix socket is also used for -R. diff --git a/ansible/files/postgresql_config/pg_hba.conf.j2 b/ansible/files/postgresql_config/pg_hba.conf.j2 index ec23777a2..9cafd4146 100755 --- a/ansible/files/postgresql_config/pg_hba.conf.j2 +++ b/ansible/files/postgresql_config/pg_hba.conf.j2 @@ -89,3 +89,6 @@ host all all 10.0.0.0/8 scram-sha-256 host all all 172.16.0.0/12 scram-sha-256 host all all 192.168.0.0/16 scram-sha-256 host all all 0.0.0.0/0 scram-sha-256 + +# IPv6 external connections +host all all ::0/0 scram-sha-256 diff --git a/ansible/tasks/setup-supabase-internal.yml b/ansible/tasks/setup-supabase-internal.yml index 9235e04d8..c33aefb71 100644 --- a/ansible/tasks/setup-supabase-internal.yml +++ b/ansible/tasks/setup-supabase-internal.yml @@ -29,6 +29,10 @@ shell: "/tmp/aws/install --update" become: true +- name: AWS CLI - configure ipv6 support for s3 + shell: | + aws configure set default.s3.use_dualstack_endpoint true + - name: install Vector for logging become: yes apt: diff --git a/ansible/tasks/setup-system.yml b/ansible/tasks/setup-system.yml index 7235cd48c..860d75cc2 100644 --- a/ansible/tasks/setup-system.yml +++ b/ansible/tasks/setup-system.yml @@ -132,6 +132,7 @@ copy: content: | 127.0.0.1 localhost + ::1 localhost dest: /etc/hosts mode: 0644 owner: root diff --git a/ansible/vars.yml b/ansible/vars.yml index 20a21653b..c59c7a396 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -46,7 +46,7 @@ postgres_exporter_release_checksum: arm64: sha256:29ba62d538b92d39952afe12ee2e1f4401250d678ff4b354ff2752f4321c87a0 amd64: sha256:cb89fc5bf4485fb554e0d640d9684fae143a4b2d5fa443009bd29c59f9129e84 -adminapi_release: 0.59.0 +adminapi_release: 0.61.0 adminmgr_release: 0.14.3 # Postgres Extensions diff --git a/common.vars.pkr.hcl b/common.vars.pkr.hcl index 988f688e9..85183cdc3 100644 --- a/common.vars.pkr.hcl +++ b/common.vars.pkr.hcl @@ -1 +1 @@ -postgres-version = "15.1.0.155" +postgres-version = "15.1.1.2" diff --git a/docker/all-in-one/etc/kong/kong.conf b/docker/all-in-one/etc/kong/kong.conf index 312913510..8c0c93649 100644 --- a/docker/all-in-one/etc/kong/kong.conf +++ b/docker/all-in-one/etc/kong/kong.conf @@ -5,7 +5,7 @@ declarative_config = /etc/kong/kong.yml plugins = request-transformer,cors,key-auth,basic-auth,http-log,ip-restriction,rate-limiting admin_listen = off -proxy_listen = 0.0.0.0:80 reuseport backlog=16384, 0.0.0.0:443 http2 ssl reuseport backlog=16834 +proxy_listen = 0.0.0.0:80 reuseport backlog=16384, 0.0.0.0:443 http2 ssl reuseport backlog=16834, [::]:80 reuseport backlog=16384, [::]:443 http2 ssl reuseport backlog=16348 nginx_http_log_format = custom_log '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time $request_length' nginx_http_client_body_buffer_size = 512k diff --git a/docker/all-in-one/etc/pgbouncer/pgbouncer.ini b/docker/all-in-one/etc/pgbouncer/pgbouncer.ini index 8f42ecf48..5a36ac197 100644 --- a/docker/all-in-one/etc/pgbouncer/pgbouncer.ini +++ b/docker/all-in-one/etc/pgbouncer/pgbouncer.ini @@ -50,7 +50,7 @@ pidfile = /var/run/pgbouncer/pgbouncer.pid ;;; ;; IP address or * which means all IPs -listen_addr = 0.0.0.0 +listen_addr = * listen_port = 6543 ;; Unix socket is also used for -R. diff --git a/docker/all-in-one/etc/postgresql/pg_hba.conf b/docker/all-in-one/etc/postgresql/pg_hba.conf index ec23777a2..9cafd4146 100755 --- a/docker/all-in-one/etc/postgresql/pg_hba.conf +++ b/docker/all-in-one/etc/postgresql/pg_hba.conf @@ -89,3 +89,6 @@ host all all 10.0.0.0/8 scram-sha-256 host all all 172.16.0.0/12 scram-sha-256 host all all 192.168.0.0/16 scram-sha-256 host all all 0.0.0.0/0 scram-sha-256 + +# IPv6 external connections +host all all ::0/0 scram-sha-256 diff --git a/ebssurrogate/scripts/chroot-bootstrap.sh b/ebssurrogate/scripts/chroot-bootstrap.sh index ed035b698..4b7ceaf8d 100755 --- a/ebssurrogate/scripts/chroot-bootstrap.sh +++ b/ebssurrogate/scripts/chroot-bootstrap.sh @@ -89,11 +89,6 @@ EOF localedef -i en_US -f UTF-8 en_US.UTF-8 } -# Disable IPV6 for ufw -function disable_ufw_ipv6 { - sed -i 's/IPV6=yes/IPV6=no/g' /etc/default/ufw -} - function install_packages_for_build { apt-get install -y --no-install-recommends linux-libc-dev \ acl \ @@ -126,19 +121,7 @@ GRUB_DEFAULT=0 GRUB_TIMEOUT=0 GRUB_TIMEOUT_STYLE="hidden" GRUB_DISTRIBUTOR="Supabase postgresql" -GRUB_CMDLINE_LINUX_DEFAULT="nomodeset console=tty1 console=ttyS0 ipv6.disable=1" -EOF -} - -function setup_grub_conf_amd64 { - mkdir -p /etc/default/grub.d - -cat << EOF > /etc/default/grub.d/50-aws-settings.cfg -GRUB_RECORDFAIL_TIMEOUT=0 -GRUB_TIMEOUT=0 -GRUB_CMDLINE_LINUX_DEFAULT=" root=/dev/nvme0n1p2 rootfstype=ext4 rw noatime,nodiratime,discard console=tty1 console=ttyS0 ip=dhcp tsc=reliable net.ifnames=0 quiet module_blacklist=psmouse,input_leds,autofs4 ipv6.disable=1 nvme_core.io_timeout=4294967295 systemd.hostname=ubuntu ipv6.disable=1" -GRUB_TERMINAL=console -GRUB_DISABLE_LINUX_UUID=true +GRUB_CMDLINE_LINUX_DEFAULT="nomodeset console=tty1 console=ttyS0 ipv6.disable=0" EOF } @@ -215,7 +198,6 @@ setup_hostname create_admin_account set_default_target setup_eth0_interface -disable_ufw_ipv6 disable_sshd_passwd_auth disable_fsck #setup_ccache diff --git a/ebssurrogate/scripts/surrogate-bootstrap.sh b/ebssurrogate/scripts/surrogate-bootstrap.sh index 60d154d96..a24e1d35e 100755 --- a/ebssurrogate/scripts/surrogate-bootstrap.sh +++ b/ebssurrogate/scripts/surrogate-bootstrap.sh @@ -182,6 +182,7 @@ function setup_chroot_environment { cp /tmp/chroot-bootstrap.sh /mnt/tmp/chroot-bootstrap.sh chroot /mnt /tmp/chroot-bootstrap.sh rm -f /mnt/tmp/chroot-bootstrap.sh + echo "${POSTGRES_SUPABASE_VERSION}" > /mnt/root/supabase-release # Copy the nvme identification script into /sbin inside the chroot mkdir -p /mnt/sbin diff --git a/testinfra/test_ami.py b/testinfra/test_ami.py index ce7cec185..15bec6329 100644 --- a/testinfra/test_ami.py +++ b/testinfra/test_ami.py @@ -104,7 +104,7 @@ openapi-mode = "ignore-privileges" db-use-legacy-gucs = true admin-server-port = 3001 -server-host = "localhost" +server-host = "*6" db-pool-acquisition-timeout = 10 max-rows = 1000 db-extra-search-path = "public, extensions"