From 979efb554ad01266812771ac15b6826c27d23ac3 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 13:13:40 -0500 Subject: [PATCH 01/24] feat: wip advance to ubuntu 24.04 --- .github/workflows/ami-release-nix.yml | 8 +- ...ublish-nix-pgupgrade-bin-flake-version.yml | 4 +- .github/workflows/testinfra-nix.yml | 4 +- Dockerfile-15 | 2 +- Dockerfile-orioledb-17 | 2 +- README.md | 2 +- amazon-arm64-nix.pkr.hcl | 4 +- ansible/tasks/setup-postgres.yml | 2 +- ansible/tasks/setup-postgrest.yml | 4 +- ansible/vars.yml | 18 +- docker/Dockerfile | 4 +- ebssurrogate/files/sources-arm64.cfg | 20 +- ebssurrogate/files/sources.cfg | 20 +- .../scripts/surrogate-bootstrap-nix.sh | 2 +- ebssurrogate/scripts/surrogate-bootstrap.sh | 324 ++++++++++++++++++ scripts/99-img_check.sh | 2 +- testinfra/README.md | 4 +- tests/pg_upgrade/debug.sh | 2 +- 18 files changed, 376 insertions(+), 52 deletions(-) create mode 100755 ebssurrogate/scripts/surrogate-bootstrap.sh diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index 31089218d..7ef8c9023 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -40,8 +40,8 @@ jobs: include: - runner: arm-runner arch: arm64 - ubuntu_release: focal - ubuntu_version: 20.04 + ubuntu_release: noble + ubuntu_version: 24.04 mcpu: neoverse-n1 runs-on: ${{ matrix.runner }} timeout-minutes: 150 @@ -122,7 +122,7 @@ jobs: - name: Upload nix flake revision to s3 staging run: | - aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz + aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz - name: configure aws credentials - prod uses: aws-actions/configure-aws-credentials@v4 @@ -141,7 +141,7 @@ jobs: - name: Upload nix flake revision to s3 prod run: | - aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz + aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz - name: Create release uses: softprops/action-gh-release@v2 diff --git a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml index bec85166e..d949fff01 100644 --- a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml +++ b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml @@ -66,7 +66,7 @@ jobs: - name: Upload pg_upgrade scripts to s3 staging run: | - aws s3 cp /tmp/pg_upgrade_bin.tar.gz "s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz" + aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz - name: Slack Notification on Failure if: ${{ failure() }} @@ -113,7 +113,7 @@ jobs: - name: Upload pg_upgrade scripts to s3 prod run: | - aws s3 cp /tmp/pg_upgrade_bin.tar.gz "s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz" + aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz - name: Slack Notification on Failure if: ${{ failure() }} diff --git a/.github/workflows/testinfra-nix.yml b/.github/workflows/testinfra-nix.yml index c486dfc34..0ab2a0448 100644 --- a/.github/workflows/testinfra-nix.yml +++ b/.github/workflows/testinfra-nix.yml @@ -34,8 +34,8 @@ jobs: include: - runner: arm-runner arch: arm64 - ubuntu_release: focal - ubuntu_version: 20.04 + ubuntu_release: noble + ubuntu_version: 24.04 mcpu: neoverse-n1 runs-on: ${{ matrix.runner }} timeout-minutes: 150 diff --git a/Dockerfile-15 b/Dockerfile-15 index b7f48977e..c733d2f9b 100644 --- a/Dockerfile-15 +++ b/Dockerfile-15 @@ -38,7 +38,7 @@ ARG index_advisor_release=0.2.0 ARG supautils_release=2.2.0 ARG wal_g_release=2.0.1 -FROM ubuntu:focal as base +FROM ubuntu:noble as base RUN apt update -y && apt install -y \ curl \ diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17 index fe9b902cb..59f3d2abf 100644 --- a/Dockerfile-orioledb-17 +++ b/Dockerfile-orioledb-17 @@ -39,7 +39,7 @@ ARG index_advisor_release=0.2.0 ARG supautils_release=2.2.0 ARG wal_g_release=3.0.5 -FROM ubuntu:focal as base +FROM ubuntu:noble as base RUN apt update -y && apt install -y \ curl \ diff --git a/README.md b/README.md index d7b106cf8..f851ff814 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to - ✅ Postgres [postgresql-15.8](https://www.postgresql.org/docs/15/index.html) - ✅ Postgres [postgresql-17.4](https://www.postgresql.org/docs/17/index.html) - ✅ Postgres [orioledb-postgresql-17_5](https://github.com/orioledb/orioledb) -- ✅ Ubuntu 20.04 (Focal Fossa). +- ✅ Ubuntu 20.04 (Noble Numbat). - ✅ [wal_level](https://www.postgresql.org/docs/current/runtime-config-wal.html) = logical and [max_replication_slots](https://www.postgresql.org/docs/current/runtime-config-replication.html) = 5. Ready for replication. - ✅ [Large Systems Extensions](https://github.com/aws/aws-graviton-getting-started#building-for-graviton-and-graviton2). Enabled for ARM images. ## Extensions diff --git a/amazon-arm64-nix.pkr.hcl b/amazon-arm64-nix.pkr.hcl index e460dfc72..1673af6cc 100644 --- a/amazon-arm64-nix.pkr.hcl +++ b/amazon-arm64-nix.pkr.hcl @@ -1,6 +1,6 @@ variable "ami" { type = string - default = "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-arm64-server-*" + default = "ubuntu/images/hvm-ssd/ubuntu-noble-24.04-arm64-server-*" } variable "profile" { @@ -115,7 +115,7 @@ source "amazon-ebssurrogate" "source" { #secret_key = "${var.aws_secret_key}" force_deregister = var.force-deregister - # Use latest official ubuntu focal ami owned by Canonical. + # Use latest official ubuntu noble ami owned by Canonical. source_ami_filter { filters = { virtualization-type = "hvm" diff --git a/ansible/tasks/setup-postgres.yml b/ansible/tasks/setup-postgres.yml index a1b7e6c7f..2fe302488 100644 --- a/ansible/tasks/setup-postgres.yml +++ b/ansible/tasks/setup-postgres.yml @@ -23,7 +23,7 @@ - name: Postgres - install server apt: - name: postgresql-{{ postgresql_major }}={{ postgresql_release }}-1.pgdg20.04+1 + name: postgresql-{{ postgresql_major }}={{ postgresql_release }}-1.pgdg24.04+1 install_recommends: no when: debpkg_mode diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index a98d1990f..279c72ec5 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -8,7 +8,7 @@ - name: PostgREST - add Postgres PPA apt_repository: - repo: "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg {{ postgresql_major }}" + repo: "deb http://apt.postgresql.org/pub/repos/apt/ noble-pgdg {{ postgresql_major }}" state: present - name: PostgREST - update apt cache @@ -30,7 +30,7 @@ - name: PostgREST - remove Postgres PPA apt_repository: - repo: "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg {{ postgresql_major }}" + repo: "deb http://apt.postgresql.org/pub/repos/apt/ noble-pgdg {{ postgresql_major }}" state: absent - name: postgis - ensure dependencies do not get autoremoved diff --git a/ansible/vars.yml b/ansible/vars.yml index 630bdee62..4b703ec6a 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -9,9 +9,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.0.1.59-orioledb" - postgres17: "17.4.1.009" - postgres15: "15.8.1.066" + postgresorioledb-17: "17.0.1.58-orioledb-noble-1" + postgres17: "17.4.1.008-noble-1" + postgres15: "15.8.1.065-noble-1" # Non Postgres Extensions pgbouncer_release: "1.19.0" @@ -31,18 +31,18 @@ aws_cli_release: "2.23.11" salt_minion_version: 3007 -golang_version: "1.19.3" +golang_version: "1.22.11" golang_version_checksum: - arm64: sha256:99de2fe112a52ab748fb175edea64b313a0c8d51d6157dba683a6be163fd5eab - amd64: sha256:74b9640724fd4e6bb0ed2a1bc44ae813a03f1e72a4c76253e2d5c015494430ba + arm64: sha256:0fc88d966d33896384fbde56e9a8d80a305dc17a9f48f1832e061724b1719991 + amd64: sha256:9ebfcab26801fa4cf0627c6439db7a4da4d3c6766142a3dd83508240e4f21031 envoy_release: 1.28.0 envoy_release_checksum: sha1:b0a06e9cfb170f1993f369beaa5aa9d7ec679ce5 envoy_hot_restarter_release_checksum: sha1:6d43b89d266fb2427a4b51756b649883b0617eda -kong_release_target: focal # if it works, it works -kong_deb: kong_2.8.1_arm64.deb -kong_deb_checksum: sha1:2086f6ccf8454fe64435252fea4d29d736d7ec61 +kong_release_target: noble +kong_deb: kong_3.9.0_arm64.deb +kong_deb_checksum: sha1:f458c8b183f79cffae4cd84c989cea4a4ecaaaba nginx_release: 1.22.0 nginx_release_checksum: sha1:419efb77b80f165666e2ee406ad8ae9b845aba93 diff --git a/docker/Dockerfile b/docker/Dockerfile index 116377b5d..53a96029e 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,8 +1,8 @@ -ARG ubuntu_release=focal +ARG ubuntu_release=noble FROM ubuntu:${ubuntu_release} as base ARG ubuntu_release=flocal -ARG ubuntu_release_no=20.04 +ARG ubuntu_release_no=24.04 ARG postgresql_major=15 ARG postgresql_release=${postgresql_major}.1 diff --git a/ebssurrogate/files/sources-arm64.cfg b/ebssurrogate/files/sources-arm64.cfg index a2363773e..eed6c0f16 100644 --- a/ebssurrogate/files/sources-arm64.cfg +++ b/ebssurrogate/files/sources-arm64.cfg @@ -1,10 +1,10 @@ -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal main restricted -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-updates main restricted -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal universe -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-updates universe -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal multiverse -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-updates multiverse -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-backports main restricted universe multiverse -deb http://ports.ubuntu.com/ubuntu-ports focal-security main restricted -deb http://ports.ubuntu.com/ubuntu-ports focal-security universe -deb http://ports.ubuntu.com/ubuntu-ports focal-security multiverse +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble main restricted +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-updates main restricted +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble universe +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-updates universe +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble multiverse +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-updates multiverse +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-backports main restricted universe multiverse +deb http://ports.ubuntu.com/ubuntu-ports noble-security main restricted +deb http://ports.ubuntu.com/ubuntu-ports noble-security universe +deb http://ports.ubuntu.com/ubuntu-ports noble-security multiverse diff --git a/ebssurrogate/files/sources.cfg b/ebssurrogate/files/sources.cfg index ec3011807..a27be052f 100644 --- a/ebssurrogate/files/sources.cfg +++ b/ebssurrogate/files/sources.cfg @@ -1,10 +1,10 @@ -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal main restricted -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-updates main restricted -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal universe -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-updates universe -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal multiverse -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-updates multiverse -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse -deb http://security.ubuntu.com/ubuntu focal-security main restricted -deb http://security.ubuntu.com/ubuntu focal-security universe -deb http://security.ubuntu.com/ubuntu focal-security multiverse +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble main restricted +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-updates main restricted +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble universe +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-updates universe +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble multiverse +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-updates multiverse +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-backports main restricted universe multiverse +deb http://security.ubuntu.com/ubuntu noble-security main restricted +deb http://security.ubuntu.com/ubuntu noble-security universe +deb http://security.ubuntu.com/ubuntu noble-security multiverse diff --git a/ebssurrogate/scripts/surrogate-bootstrap-nix.sh b/ebssurrogate/scripts/surrogate-bootstrap-nix.sh index 39b8f4e82..965b1e07b 100755 --- a/ebssurrogate/scripts/surrogate-bootstrap-nix.sh +++ b/ebssurrogate/scripts/surrogate-bootstrap-nix.sh @@ -148,7 +148,7 @@ EOF } function setup_chroot_environment { - UBUNTU_VERSION=$(lsb_release -cs) # 'focal' for Ubuntu 20.04 + UBUNTU_VERSION=$(lsb_release -cs) # 'noble' for Ubuntu 24.04 # Bootstrap Ubuntu into /mnt debootstrap --arch ${ARCH} --variant=minbase "$UBUNTU_VERSION" /mnt diff --git a/ebssurrogate/scripts/surrogate-bootstrap.sh b/ebssurrogate/scripts/surrogate-bootstrap.sh new file mode 100755 index 000000000..ccb108ac6 --- /dev/null +++ b/ebssurrogate/scripts/surrogate-bootstrap.sh @@ -0,0 +1,324 @@ +#!/usr/bin/env bash +# +# This script creates filesystem and setups up chrooted +# enviroment for further processing. It also runs +# ansible playbook and finally does system cleanup. +# +# Adapted from: https://github.com/jen20/packer-ubuntu-zfs + +set -o errexit +set -o pipefail +set -o xtrace + +if [ $(dpkg --print-architecture) = "amd64" ]; +then + ARCH="amd64"; +else + ARCH="arm64"; +fi + +function waitfor_boot_finished { + export DEBIAN_FRONTEND=noninteractive + + echo "args: ${ARGS}" + # Wait for cloudinit on the surrogate to complete before making progress + while [[ ! -f /var/lib/cloud/instance/boot-finished ]]; do + echo 'Waiting for cloud-init...' + sleep 1 + done +} + +function install_packages { + # Setup Ansible on host VM + apt-get update && sudo apt-get install software-properties-common -y + add-apt-repository --yes --update ppa:ansible/ansible && sudo apt-get install ansible -y + ansible-galaxy collection install community.general + + # Update apt and install required packages + apt-get update + apt-get install -y \ + gdisk \ + e2fsprogs \ + debootstrap \ + nvme-cli +} + +# Partition the new root EBS volume +function create_partition_table { + + if [ "${ARCH}" = "arm64" ]; then + parted --script /dev/xvdf \ + mklabel gpt \ + mkpart UEFI 1MiB 100MiB \ + mkpart ROOT 100MiB 100% + set 1 esp on \ + set 1 boot on + parted --script /dev/xvdf print + else + sgdisk -Zg -n1:0:4095 -t1:EF02 -c1:GRUB -n2:0:0 -t2:8300 -c2:EXT4 /dev/xvdf + fi + + sleep 2 +} + +function device_partition_mappings { + # NVMe EBS launch device mappings (symlinks): /dev/nvme*n* to /dev/xvd* + declare -A blkdev_mappings + for blkdev in $(nvme list | awk '/^\/dev/ { print $1 }'); do # /dev/nvme*n* + # Mapping info from disk headers + header=$(nvme id-ctrl --raw-binary "${blkdev}" | cut -c3073-3104 | tr -s ' ' | sed 's/ $//g' | sed 's!/dev/!!') + mapping="/dev/${header%%[0-9]}" # normalize sda1 => sda + + # Create /dev/xvd* device symlink + if [[ ! -z "$mapping" ]] && [[ -b "${blkdev}" ]] && [[ ! -L "${mapping}" ]]; then + ln -s "$blkdev" "$mapping" + + blkdev_mappings["$blkdev"]="$mapping" + fi + done + + create_partition_table + + # NVMe EBS launch device partition mappings (symlinks): /dev/nvme*n*p* to /dev/xvd*[0-9]+ + declare -A partdev_mappings + for blkdev in "${!blkdev_mappings[@]}"; do # /dev/nvme*n* + mapping="${blkdev_mappings[$blkdev]}" + + # Create /dev/xvd*[0-9]+ partition device symlink + for partdev in "${blkdev}"p*; do + partnum=${partdev##*p} + if [[ ! -L "${mapping}${partnum}" ]]; then + ln -s "${blkdev}p${partnum}" "${mapping}${partnum}" + + partdev_mappings["${blkdev}p${partnum}"]="${mapping}${partnum}" + fi + done + done +} + + +#Download and install latest e2fsprogs for fast_commit feature,if required. +function format_and_mount_rootfs { + mkfs.ext4 -m0.1 /dev/xvdf2 + + mount -o noatime,nodiratime /dev/xvdf2 /mnt + if [ "${ARCH}" = "arm64" ]; then + mkfs.fat -F32 /dev/xvdf1 + mkdir -p /mnt/boot/efi + sleep 2 + mount /dev/xvdf1 /mnt/boot/efi + fi + + mkfs.ext4 /dev/xvdh + mkdir -p /mnt/data + mount -o defaults,discard /dev/xvdh /mnt/data +} + +function create_swapfile { + fallocate -l 1G /mnt/swapfile + chmod 600 /mnt/swapfile + mkswap /mnt/swapfile +} + +function format_build_partition { + mkfs.ext4 -O ^has_journal /dev/xvdc +} +function pull_docker { + apt-get install -y docker.io + docker run -itd --name ccachedata "${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG}" sh + docker exec -itd ccachedata mkdir -p /build/ccache +} + +# Create fstab +function create_fstab { + FMT="%-42s %-11s %-5s %-17s %-5s %s" +cat > "/mnt/etc/fstab" << EOF +$(printf "${FMT}" "# DEVICE UUID" "MOUNTPOINT" "TYPE" "OPTIONS" "DUMP" "FSCK") +$(findmnt -no SOURCE /mnt | xargs blkid -o export | awk -v FMT="${FMT}" '/^UUID=/ { printf(FMT, $0, "/", "ext4", "defaults,discard", "0", "1" ) }') +$(findmnt -no SOURCE /mnt/boot/efi | xargs blkid -o export | awk -v FMT="${FMT}" '/^UUID=/ { printf(FMT, $0, "/boot/efi", "vfat", "umask=0077", "0", "1" ) }') +$(findmnt -no SOURCE /mnt/data | xargs blkid -o export | awk -v FMT="${FMT}" '/^UUID=/ { printf(FMT, $0, "/data", "ext4", "defaults,discard", "0", "2" ) }') +$(printf "$FMT" "/swapfile" "none" "swap" "sw" "0" "0") +EOF + unset FMT +} + +function setup_chroot_environment { + UBUNTU_VERSION=$(lsb_release -cs) # 'noble' for Ubuntu 24.04 + + # Bootstrap Ubuntu into /mnt + debootstrap --arch ${ARCH} --variant=minbase "$UBUNTU_VERSION" /mnt + + # Update ec2-region + REGION=$(curl --silent --fail http://169.254.169.254/latest/meta-data/placement/availability-zone | sed -E 's|[a-z]+$||g') + sed -i "s/REGION/${REGION}/g" /tmp/sources.list + cp /tmp/sources.list /mnt/etc/apt/sources.list + + if [ "${ARCH}" = "arm64" ]; then + create_fstab + fi + + # Create mount points and mount the filesystem + mkdir -p /mnt/{dev,proc,sys} + mount --rbind /dev /mnt/dev + mount --rbind /proc /mnt/proc + mount --rbind /sys /mnt/sys + + # Create build mount point and mount + mkdir -p /mnt/tmp + mount /dev/xvdc /mnt/tmp + chmod 777 /mnt/tmp + + # Copy apparmor profiles + chmod 644 /tmp/apparmor_profiles/* + cp -r /tmp/apparmor_profiles /mnt/tmp/ + + # Copy migrations + cp -r /tmp/migrations /mnt/tmp/ + + # Copy unit tests + cp -r /tmp/unit-tests /mnt/tmp/ + + # Copy the bootstrap script into place and execute inside chroot + cp /tmp/chroot-bootstrap.sh /mnt/tmp/chroot-bootstrap.sh + chroot /mnt /tmp/chroot-bootstrap.sh + rm -f /mnt/tmp/chroot-bootstrap.sh + echo "${POSTGRES_SUPABASE_VERSION}" > /mnt/root/supabase-release + + # Copy the nvme identification script into /sbin inside the chroot + mkdir -p /mnt/sbin + cp /tmp/ebsnvme-id /mnt/sbin/ebsnvme-id + chmod +x /mnt/sbin/ebsnvme-id + + # Copy the udev rules for identifying nvme devices into the chroot + mkdir -p /mnt/etc/udev/rules.d + cp /tmp/70-ec2-nvme-devices.rules \ + /mnt/etc/udev/rules.d/70-ec2-nvme-devices.rules + + #Copy custom cloud-init + rm -f /mnt/etc/cloud/cloud.cfg + cp /tmp/cloud.cfg /mnt/etc/cloud/cloud.cfg + + sleep 2 +} + +function download_ccache { + docker cp ccachedata:/build/ccache/. /mnt/tmp/ccache +} + +function execute_playbook { + +tee /etc/ansible/ansible.cfg < Date: Wed, 22 Jan 2025 13:37:31 -0500 Subject: [PATCH 02/24] fix; missing gp3 on image string --- amazon-arm64-nix.pkr.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/amazon-arm64-nix.pkr.hcl b/amazon-arm64-nix.pkr.hcl index 1673af6cc..f625ac4af 100644 --- a/amazon-arm64-nix.pkr.hcl +++ b/amazon-arm64-nix.pkr.hcl @@ -1,6 +1,6 @@ variable "ami" { type = string - default = "ubuntu/images/hvm-ssd/ubuntu-noble-24.04-arm64-server-*" + default = "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-arm64-server-*" } variable "profile" { From 61ae79d4fedb24ac88dd028ce36b995c27839170 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 14:01:00 -0500 Subject: [PATCH 03/24] chore: non-interactive --- ebssurrogate/scripts/chroot-bootstrap-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ebssurrogate/scripts/chroot-bootstrap-nix.sh b/ebssurrogate/scripts/chroot-bootstrap-nix.sh index cda6bd2aa..88871fc1e 100755 --- a/ebssurrogate/scripts/chroot-bootstrap-nix.sh +++ b/ebssurrogate/scripts/chroot-bootstrap-nix.sh @@ -58,7 +58,7 @@ function update_install_packages { apt-get upgrade -y # Install OpenSSH and other packages - sudo add-apt-repository universe + sudo add-apt-repository universe -y apt-get update apt-get install -y --no-install-recommends \ openssh-server \ From aa5cd03bcf7d1781995e7a13247a35aa69e2241c Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 14:31:54 -0500 Subject: [PATCH 04/24] chore: set hostname in dhcp client --- ebssurrogate/scripts/chroot-bootstrap-nix.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ebssurrogate/scripts/chroot-bootstrap-nix.sh b/ebssurrogate/scripts/chroot-bootstrap-nix.sh index 88871fc1e..3a14dd0d4 100755 --- a/ebssurrogate/scripts/chroot-bootstrap-nix.sh +++ b/ebssurrogate/scripts/chroot-bootstrap-nix.sh @@ -157,8 +157,7 @@ function disable_fsck { # Don't request hostname during boot but set hostname function setup_hostname { - sed -i 's/gethostname()/ubuntu /g' /etc/dhcp/dhclient.conf - sed -i 's/host-name,//g' /etc/dhcp/dhclient.conf + sudo sed -i 's/hostname: .*/hostname: "ubuntu"/g' /etc/netplan/*.yaml echo "ubuntu" > /etc/hostname chmod 644 /etc/hostname } From 93e1358ea70425d5239c824fb9eb4f91cb9d6fe4 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 14:45:46 -0500 Subject: [PATCH 05/24] chore: conform to new networking approach --- ebssurrogate/scripts/chroot-bootstrap-nix.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ebssurrogate/scripts/chroot-bootstrap-nix.sh b/ebssurrogate/scripts/chroot-bootstrap-nix.sh index 3a14dd0d4..ef5f0e071 100755 --- a/ebssurrogate/scripts/chroot-bootstrap-nix.sh +++ b/ebssurrogate/scripts/chroot-bootstrap-nix.sh @@ -157,9 +157,12 @@ function disable_fsck { # Don't request hostname during boot but set hostname function setup_hostname { - sudo sed -i 's/hostname: .*/hostname: "ubuntu"/g' /etc/netplan/*.yaml echo "ubuntu" > /etc/hostname chmod 644 /etc/hostname + # Set the hostname + + # Prevent cloud-init from changing the hostname + sed -i 's/^preserve_hostname: false/preserve_hostname: true/' /etc/cloud/cloud.cfg } # Set options for the default interface From d429c3f2ca1e6aa20cacf7da1223d83e30cf2da0 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 15:21:53 -0500 Subject: [PATCH 06/24] ore: reverse he sha values --- ansible/vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 4b703ec6a..a83641c5b 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -33,8 +33,8 @@ salt_minion_version: 3007 golang_version: "1.22.11" golang_version_checksum: - arm64: sha256:0fc88d966d33896384fbde56e9a8d80a305dc17a9f48f1832e061724b1719991 - amd64: sha256:9ebfcab26801fa4cf0627c6439db7a4da4d3c6766142a3dd83508240e4f21031 + arm64: sha256:9ebfcab26801fa4cf0627c6439db7a4da4d3c6766142a3dd83508240e4f21031 + amd64: sha256:0fc88d966d33896384fbde56e9a8d80a305dc17a9f48f1832e061724b1719991 envoy_release: 1.28.0 envoy_release_checksum: sha1:b0a06e9cfb170f1993f369beaa5aa9d7ec679ce5 From ddad78cfc35eda708a96998e821744c5ef08358a Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 15:40:43 -0500 Subject: [PATCH 07/24] chore: fix kong address --- ansible/tasks/setup-kong.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/setup-kong.yml b/ansible/tasks/setup-kong.yml index b34f96e78..592d2ec99 100644 --- a/ansible/tasks/setup-kong.yml +++ b/ansible/tasks/setup-kong.yml @@ -12,7 +12,7 @@ - name: Kong - download deb package get_url: - url: "https://packages.konghq.com/public/gateway-28/deb/ubuntu/pool/{{ kong_release_target }}/main/k/ko/kong_2.8.1/{{ kong_deb }}" + url: "https://packages.konghq.com/public/gateway-2839/deb/ubuntu/pool/{{ kong_release_target }}/main/k/ko/kong_3.9.0/{{ kong_deb }}" dest: /tmp/kong.deb checksum: "{{ kong_deb_checksum }}" From 692ceb9effc5e2d4cc909bc6c5a7cad7a422af95 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 15:58:39 -0500 Subject: [PATCH 08/24] ore: typo in url --- ansible/tasks/setup-kong.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/setup-kong.yml b/ansible/tasks/setup-kong.yml index 592d2ec99..21c173a80 100644 --- a/ansible/tasks/setup-kong.yml +++ b/ansible/tasks/setup-kong.yml @@ -12,7 +12,7 @@ - name: Kong - download deb package get_url: - url: "https://packages.konghq.com/public/gateway-2839/deb/ubuntu/pool/{{ kong_release_target }}/main/k/ko/kong_3.9.0/{{ kong_deb }}" + url: "https://packages.konghq.com/public/gateway-39/deb/ubuntu/pool/{{ kong_release_target }}/main/k/ko/kong_3.9.0/{{ kong_deb }}" dest: /tmp/kong.deb checksum: "{{ kong_deb_checksum }}" From 68bdebf4045f76f3385418e3c6fee6f26116d2c6 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 16:18:31 -0500 Subject: [PATCH 09/24] chore: drop old removals --- scripts/90-cleanup.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/scripts/90-cleanup.sh b/scripts/90-cleanup.sh index f2e19686d..c7fcf0c24 100644 --- a/scripts/90-cleanup.sh +++ b/scripts/90-cleanup.sh @@ -24,10 +24,8 @@ elif [ -n "$(command -v apt-get)" ]; then autoconf \ autotools-dev \ cmake-data \ - cpp-8 \ cpp-9 \ cpp-10 \ - gcc-8 \ gcc-9 \ gcc-10 \ git \ @@ -36,7 +34,6 @@ elif [ -n "$(command -v apt-get)" ]; then libicu-dev \ libcgal-dev \ libgcc-9-dev \ - libgcc-8-dev \ ansible add-apt-repository --yes --remove ppa:ansible/ansible From d265fa77c8ef8b322b4652c5e81e6f0b238bcc4c Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 19:59:20 -0500 Subject: [PATCH 10/24] chore: remove defunct package --- scripts/90-cleanup.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/90-cleanup.sh b/scripts/90-cleanup.sh index c7fcf0c24..644e5f7f6 100644 --- a/scripts/90-cleanup.sh +++ b/scripts/90-cleanup.sh @@ -39,8 +39,7 @@ elif [ -n "$(command -v apt-get)" ]; then add-apt-repository --yes --remove ppa:ansible/ansible source /etc/os-release - apt-get -y remove --purge linux-headers-5.11.0-1021-aws - + apt-get -y update apt-get -y upgrade apt-get -y autoremove From a229a66ffdd078988b59d8a26eff2f73d7a2ddc3 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 23 Jan 2025 13:55:34 -0500 Subject: [PATCH 11/24] chore: restore wal-g build approach --- ansible/tasks/setup-wal-g.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/ansible/tasks/setup-wal-g.yml b/ansible/tasks/setup-wal-g.yml index a05106ede..fa8b6b09c 100644 --- a/ansible/tasks/setup-wal-g.yml +++ b/ansible/tasks/setup-wal-g.yml @@ -58,7 +58,6 @@ owner: wal-g group: wal-g mode: '0664' - when: stage2_nix - name: Move custom wal-g.conf file to /etc/postgresql-custom/wal-g.conf template: @@ -67,7 +66,6 @@ mode: 0664 owner: postgres group: postgres - when: stage2_nix - name: Add script to be run for restore_command template: @@ -76,7 +74,6 @@ mode: 0500 owner: postgres group: postgres - when: stage2_nix - name: Add helper script for wal_fetch.sh template: @@ -84,7 +81,6 @@ dest: /root/wal_change_ownership.sh mode: 0700 owner: root - when: stage2_nix - name: Include /etc/postgresql-custom/wal-g.conf in postgresql.conf become: yes From 489c3f1f69a4925856b5e6365b2e5dd709448eb9 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 23 Jan 2025 15:01:46 -0500 Subject: [PATCH 12/24] chore: in 24.04 legacy gnats no longer present in ubuntu --- ansible/files/permission_check.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/files/permission_check.py b/ansible/files/permission_check.py index 5bf421018..ebdd83f32 100644 --- a/ansible/files/permission_check.py +++ b/ansible/files/permission_check.py @@ -151,6 +151,11 @@ def check_nixbld_users(): print("All nixbld users are in the 'nixbld' group.") +<<<<<<< HEAD +======= +# Define usernames for which you want to compare results +usernames = ["postgres", "ubuntu", "root", "daemon", "bin", "sys", "sync", "games","man","lp","mail","news","uucp","proxy","www-data","backup","list","irc","nobody","systemd-network","systemd-resolve","systemd-timesync","messagebus","ec2-instance-connect","sshd","wal-g","pgbouncer","gotrue","envoy","kong","nginx","vector","adminapi","postgrest","tcpdump","systemd-coredump"] +>>>>>>> b4a0e8c8 (chore: in 24.04 legacy gnats no longer present in ubuntu) def main(): parser = argparse.ArgumentParser( From ee64087fe90680f0258b8077d8011ec13baaeda4 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 23 Jan 2025 19:55:02 -0500 Subject: [PATCH 13/24] chore: permission check and restore kong original version --- ansible/files/permission_check.py | 7 ++++--- ansible/tasks/setup-kong.yml | 2 +- ansible/vars.yml | 6 +++--- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/ansible/files/permission_check.py b/ansible/files/permission_check.py index ebdd83f32..d88f32b5d 100644 --- a/ansible/files/permission_check.py +++ b/ansible/files/permission_check.py @@ -90,9 +90,6 @@ ], "postgrest": [{"groupname": "postgrest", "username": "postgrest"}], "tcpdump": [{"groupname": "tcpdump", "username": "tcpdump"}], - "systemd-coredump": [ - {"groupname": "systemd-coredump", "username": "systemd-coredump"} - ], } @@ -154,8 +151,12 @@ def check_nixbld_users(): <<<<<<< HEAD ======= # Define usernames for which you want to compare results +<<<<<<< HEAD usernames = ["postgres", "ubuntu", "root", "daemon", "bin", "sys", "sync", "games","man","lp","mail","news","uucp","proxy","www-data","backup","list","irc","nobody","systemd-network","systemd-resolve","systemd-timesync","messagebus","ec2-instance-connect","sshd","wal-g","pgbouncer","gotrue","envoy","kong","nginx","vector","adminapi","postgrest","tcpdump","systemd-coredump"] >>>>>>> b4a0e8c8 (chore: in 24.04 legacy gnats no longer present in ubuntu) +======= +usernames = ["postgres", "ubuntu", "root", "daemon", "bin", "sys", "sync", "games","man","lp","mail","news","uucp","proxy","www-data","backup","list","irc","nobody","systemd-network","systemd-resolve","systemd-timesync","messagebus","ec2-instance-connect","sshd","wal-g","pgbouncer","gotrue","envoy","kong","nginx","vector","adminapi","postgrest","tcpdump"] +>>>>>>> ec20fb3b (chore: permission check and restore kong original version) def main(): parser = argparse.ArgumentParser( diff --git a/ansible/tasks/setup-kong.yml b/ansible/tasks/setup-kong.yml index 21c173a80..b34f96e78 100644 --- a/ansible/tasks/setup-kong.yml +++ b/ansible/tasks/setup-kong.yml @@ -12,7 +12,7 @@ - name: Kong - download deb package get_url: - url: "https://packages.konghq.com/public/gateway-39/deb/ubuntu/pool/{{ kong_release_target }}/main/k/ko/kong_3.9.0/{{ kong_deb }}" + url: "https://packages.konghq.com/public/gateway-28/deb/ubuntu/pool/{{ kong_release_target }}/main/k/ko/kong_2.8.1/{{ kong_deb }}" dest: /tmp/kong.deb checksum: "{{ kong_deb_checksum }}" diff --git a/ansible/vars.yml b/ansible/vars.yml index a83641c5b..af7d4379f 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -40,9 +40,9 @@ envoy_release: 1.28.0 envoy_release_checksum: sha1:b0a06e9cfb170f1993f369beaa5aa9d7ec679ce5 envoy_hot_restarter_release_checksum: sha1:6d43b89d266fb2427a4b51756b649883b0617eda -kong_release_target: noble -kong_deb: kong_3.9.0_arm64.deb -kong_deb_checksum: sha1:f458c8b183f79cffae4cd84c989cea4a4ecaaaba +kong_release_target: focal +kong_deb: kong_2.8.1_arm64.deb +kong_deb_checksum: sha1:2086f6ccf8454fe64435252fea4d29d736d7ec61 nginx_release: 1.22.0 nginx_release_checksum: sha1:419efb77b80f165666e2ee406ad8ae9b845aba93 From 2da96f5eaf7b4c3af10aed0db8938692cc9e578f Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 23 Jan 2025 22:37:15 -0500 Subject: [PATCH 14/24] chore: log output to debug --- testinfra/test_ami_nix.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py index 4d354fac3..d7dd69601 100644 --- a/testinfra/test_ami_nix.py +++ b/testinfra/test_ami_nix.py @@ -292,6 +292,9 @@ def get_ssh_connection(instance_ip, ssh_identity_file, max_retries=10): ) def is_healthy(host, instance_ip, ssh_identity_file) -> bool: + postgres_logs = host.run("journalctl -u postgresql") + logger.warning(f"PostgreSQL logs: {postgres_logs.stdout}") + health_checks = [ ( "postgres", From c7671444a74529849817bd9bc7b12539176a48eb Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Fri, 24 Jan 2025 00:18:50 -0500 Subject: [PATCH 15/24] chore: checks --- testinfra/test_ami_nix.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py index d7dd69601..1ed2c3883 100644 --- a/testinfra/test_ami_nix.py +++ b/testinfra/test_ami_nix.py @@ -292,8 +292,17 @@ def get_ssh_connection(instance_ip, ssh_identity_file, max_retries=10): ) def is_healthy(host, instance_ip, ssh_identity_file) -> bool: - postgres_logs = host.run("journalctl -u postgresql") - logger.warning(f"PostgreSQL logs: {postgres_logs.stdout}") + status_checks = [ + "dpkg -l | grep postgresql", + "systemctl status postgresql", + "ls -la /var/lib/postgresql", + "ps aux | grep postgres" + ] + + for check in status_checks: + result = host.run(check) + logger.warning(f"{check} output: {result.stdout}") + health_checks = [ ( From 3bd1741d67e918d72124a2ce4807d751bcd3dc57 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 28 Jan 2025 16:05:43 -0500 Subject: [PATCH 16/24] chore: increase wait time before health checks. --- testinfra/test_ami_nix.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py index 1ed2c3883..13ef737a4 100644 --- a/testinfra/test_ami_nix.py +++ b/testinfra/test_ami_nix.py @@ -246,6 +246,9 @@ def gzip_then_base64_encode(s: str) -> str: )[0] instance.wait_until_running() + # Increase wait time before starting health checks + sleep(30) # Wait for 30 seconds to allow services to start + ec2logger = EC2InstanceConnectLogger(debug=False) temp_key = EC2InstanceConnectKey(ec2logger.get_logger()) ec2ic = boto3.client("ec2-instance-connect", region_name="ap-southeast-1") From fa3b9f51c755ffbfc42d04570e0f2a005defebb1 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 28 Jan 2025 16:13:12 -0500 Subject: [PATCH 17/24] chore: try to increase logging on postgres --- testinfra/test_ami_nix.py | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py index 13ef737a4..c0d79c9d9 100644 --- a/testinfra/test_ami_nix.py +++ b/testinfra/test_ami_nix.py @@ -295,12 +295,30 @@ def get_ssh_connection(instance_ip, ssh_identity_file, max_retries=10): ) def is_healthy(host, instance_ip, ssh_identity_file) -> bool: - status_checks = [ - "dpkg -l | grep postgresql", - "systemctl status postgresql", - "ls -la /var/lib/postgresql", - "ps aux | grep postgres" + postgres_diagnostics = [ + "sudo tail -n 50 /var/log/postgresql/postgresql-*.log", # Get recent PostgreSQL logs + "sudo -u postgres /usr/bin/pg_isready -U postgres -v", # Verbose pg_isready + "sudo systemctl status postgresql", # Get service status + "sudo journalctl -u postgresql --no-pager -n 50", # Get journal logs + "ps aux | grep postgres", # Check running processes + "sudo ls -la /var/lib/postgresql/*/main/", # Check data directory permissions + "sudo cat /var/lib/postgresql/*/main/postmaster.pid", # Check if PID file exists + "sudo -u postgres psql -c 'SELECT version();' || true" # Try to connect and get version ] + + logger.warning("Running PostgreSQL diagnostic checks...") + for check in postgres_diagnostics: + try: + result = host.run(check) + logger.warning(f"\n=== {check} ===\nReturn code: {result.rc}\nOutput:\n{result.stdout}\nErrors:\n{result.stderr}") + except Exception as e: + logger.warning(f"Failed to run {check}: {str(e)}") + status_checks = [ + "dpkg -l | grep postgresql", + "systemctl status postgresql", + "ls -la /var/lib/postgresql", + "ps aux | grep postgres" + ] for check in status_checks: result = host.run(check) From 39b5c545f8d2cbf95dc0eef906842e750b8e6ab7 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 11 Feb 2025 13:45:30 -0500 Subject: [PATCH 18/24] chore: post rebase cleanup --- ansible/files/permission_check.py | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/ansible/files/permission_check.py b/ansible/files/permission_check.py index d88f32b5d..ed1b541f2 100644 --- a/ansible/files/permission_check.py +++ b/ansible/files/permission_check.py @@ -40,7 +40,6 @@ "backup": [{"groupname": "backup", "username": "backup"}], "list": [{"groupname": "list", "username": "list"}], "irc": [{"groupname": "irc", "username": "irc"}], - "gnats": [{"groupname": "gnats", "username": "gnats"}], "nobody": [{"groupname": "nogroup", "username": "nobody"}], "systemd-network": [ {"groupname": "systemd-network", "username": "systemd-network"} @@ -148,15 +147,7 @@ def check_nixbld_users(): print("All nixbld users are in the 'nixbld' group.") -<<<<<<< HEAD -======= -# Define usernames for which you want to compare results -<<<<<<< HEAD -usernames = ["postgres", "ubuntu", "root", "daemon", "bin", "sys", "sync", "games","man","lp","mail","news","uucp","proxy","www-data","backup","list","irc","nobody","systemd-network","systemd-resolve","systemd-timesync","messagebus","ec2-instance-connect","sshd","wal-g","pgbouncer","gotrue","envoy","kong","nginx","vector","adminapi","postgrest","tcpdump","systemd-coredump"] ->>>>>>> b4a0e8c8 (chore: in 24.04 legacy gnats no longer present in ubuntu) -======= usernames = ["postgres", "ubuntu", "root", "daemon", "bin", "sys", "sync", "games","man","lp","mail","news","uucp","proxy","www-data","backup","list","irc","nobody","systemd-network","systemd-resolve","systemd-timesync","messagebus","ec2-instance-connect","sshd","wal-g","pgbouncer","gotrue","envoy","kong","nginx","vector","adminapi","postgrest","tcpdump"] ->>>>>>> ec20fb3b (chore: permission check and restore kong original version) def main(): parser = argparse.ArgumentParser( @@ -192,7 +183,6 @@ def main(): "backup", "list", "irc", - "gnats", "nobody", "systemd-network", "systemd-resolve", @@ -209,7 +199,6 @@ def main(): "adminapi", "postgrest", "tcpdump", - "systemd-coredump", ] if not qemu_artifact: usernames.append("ec2-instance-connect") From 5286e279f8968931086cec852d3f681d23e814a6 Mon Sep 17 00:00:00 2001 From: samrose Date: Tue, 1 Apr 2025 21:04:43 -0400 Subject: [PATCH 19/24] Update README.md Co-authored-by: Div Arora --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f851ff814..608de9844 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to - ✅ Postgres [postgresql-15.8](https://www.postgresql.org/docs/15/index.html) - ✅ Postgres [postgresql-17.4](https://www.postgresql.org/docs/17/index.html) - ✅ Postgres [orioledb-postgresql-17_5](https://github.com/orioledb/orioledb) -- ✅ Ubuntu 20.04 (Noble Numbat). +- ✅ Ubuntu 24.04 (Noble Numbat). - ✅ [wal_level](https://www.postgresql.org/docs/current/runtime-config-wal.html) = logical and [max_replication_slots](https://www.postgresql.org/docs/current/runtime-config-replication.html) = 5. Ready for replication. - ✅ [Large Systems Extensions](https://github.com/aws/aws-graviton-getting-started#building-for-graviton-and-graviton2). Enabled for ARM images. ## Extensions From 1edd84ea2e42f9355a1ef11c9767da6a87b0ad30 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 1 Apr 2025 21:18:43 -0400 Subject: [PATCH 20/24] chore: restore function --- ebssurrogate/scripts/chroot-bootstrap-nix.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ebssurrogate/scripts/chroot-bootstrap-nix.sh b/ebssurrogate/scripts/chroot-bootstrap-nix.sh index ef5f0e071..cda6bd2aa 100755 --- a/ebssurrogate/scripts/chroot-bootstrap-nix.sh +++ b/ebssurrogate/scripts/chroot-bootstrap-nix.sh @@ -58,7 +58,7 @@ function update_install_packages { apt-get upgrade -y # Install OpenSSH and other packages - sudo add-apt-repository universe -y + sudo add-apt-repository universe apt-get update apt-get install -y --no-install-recommends \ openssh-server \ @@ -157,12 +157,10 @@ function disable_fsck { # Don't request hostname during boot but set hostname function setup_hostname { + sed -i 's/gethostname()/ubuntu /g' /etc/dhcp/dhclient.conf + sed -i 's/host-name,//g' /etc/dhcp/dhclient.conf echo "ubuntu" > /etc/hostname chmod 644 /etc/hostname - # Set the hostname - - # Prevent cloud-init from changing the hostname - sed -i 's/^preserve_hostname: false/preserve_hostname: true/' /etc/cloud/cloud.cfg } # Set options for the default interface From ae33f6c0c753984622f81d995cebdf7a35738a7c Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 1 Apr 2025 21:20:24 -0400 Subject: [PATCH 21/24] chore: remove unused file --- ebssurrogate/scripts/surrogate-bootstrap.sh | 324 -------------------- 1 file changed, 324 deletions(-) delete mode 100755 ebssurrogate/scripts/surrogate-bootstrap.sh diff --git a/ebssurrogate/scripts/surrogate-bootstrap.sh b/ebssurrogate/scripts/surrogate-bootstrap.sh deleted file mode 100755 index ccb108ac6..000000000 --- a/ebssurrogate/scripts/surrogate-bootstrap.sh +++ /dev/null @@ -1,324 +0,0 @@ -#!/usr/bin/env bash -# -# This script creates filesystem and setups up chrooted -# enviroment for further processing. It also runs -# ansible playbook and finally does system cleanup. -# -# Adapted from: https://github.com/jen20/packer-ubuntu-zfs - -set -o errexit -set -o pipefail -set -o xtrace - -if [ $(dpkg --print-architecture) = "amd64" ]; -then - ARCH="amd64"; -else - ARCH="arm64"; -fi - -function waitfor_boot_finished { - export DEBIAN_FRONTEND=noninteractive - - echo "args: ${ARGS}" - # Wait for cloudinit on the surrogate to complete before making progress - while [[ ! -f /var/lib/cloud/instance/boot-finished ]]; do - echo 'Waiting for cloud-init...' - sleep 1 - done -} - -function install_packages { - # Setup Ansible on host VM - apt-get update && sudo apt-get install software-properties-common -y - add-apt-repository --yes --update ppa:ansible/ansible && sudo apt-get install ansible -y - ansible-galaxy collection install community.general - - # Update apt and install required packages - apt-get update - apt-get install -y \ - gdisk \ - e2fsprogs \ - debootstrap \ - nvme-cli -} - -# Partition the new root EBS volume -function create_partition_table { - - if [ "${ARCH}" = "arm64" ]; then - parted --script /dev/xvdf \ - mklabel gpt \ - mkpart UEFI 1MiB 100MiB \ - mkpart ROOT 100MiB 100% - set 1 esp on \ - set 1 boot on - parted --script /dev/xvdf print - else - sgdisk -Zg -n1:0:4095 -t1:EF02 -c1:GRUB -n2:0:0 -t2:8300 -c2:EXT4 /dev/xvdf - fi - - sleep 2 -} - -function device_partition_mappings { - # NVMe EBS launch device mappings (symlinks): /dev/nvme*n* to /dev/xvd* - declare -A blkdev_mappings - for blkdev in $(nvme list | awk '/^\/dev/ { print $1 }'); do # /dev/nvme*n* - # Mapping info from disk headers - header=$(nvme id-ctrl --raw-binary "${blkdev}" | cut -c3073-3104 | tr -s ' ' | sed 's/ $//g' | sed 's!/dev/!!') - mapping="/dev/${header%%[0-9]}" # normalize sda1 => sda - - # Create /dev/xvd* device symlink - if [[ ! -z "$mapping" ]] && [[ -b "${blkdev}" ]] && [[ ! -L "${mapping}" ]]; then - ln -s "$blkdev" "$mapping" - - blkdev_mappings["$blkdev"]="$mapping" - fi - done - - create_partition_table - - # NVMe EBS launch device partition mappings (symlinks): /dev/nvme*n*p* to /dev/xvd*[0-9]+ - declare -A partdev_mappings - for blkdev in "${!blkdev_mappings[@]}"; do # /dev/nvme*n* - mapping="${blkdev_mappings[$blkdev]}" - - # Create /dev/xvd*[0-9]+ partition device symlink - for partdev in "${blkdev}"p*; do - partnum=${partdev##*p} - if [[ ! -L "${mapping}${partnum}" ]]; then - ln -s "${blkdev}p${partnum}" "${mapping}${partnum}" - - partdev_mappings["${blkdev}p${partnum}"]="${mapping}${partnum}" - fi - done - done -} - - -#Download and install latest e2fsprogs for fast_commit feature,if required. -function format_and_mount_rootfs { - mkfs.ext4 -m0.1 /dev/xvdf2 - - mount -o noatime,nodiratime /dev/xvdf2 /mnt - if [ "${ARCH}" = "arm64" ]; then - mkfs.fat -F32 /dev/xvdf1 - mkdir -p /mnt/boot/efi - sleep 2 - mount /dev/xvdf1 /mnt/boot/efi - fi - - mkfs.ext4 /dev/xvdh - mkdir -p /mnt/data - mount -o defaults,discard /dev/xvdh /mnt/data -} - -function create_swapfile { - fallocate -l 1G /mnt/swapfile - chmod 600 /mnt/swapfile - mkswap /mnt/swapfile -} - -function format_build_partition { - mkfs.ext4 -O ^has_journal /dev/xvdc -} -function pull_docker { - apt-get install -y docker.io - docker run -itd --name ccachedata "${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG}" sh - docker exec -itd ccachedata mkdir -p /build/ccache -} - -# Create fstab -function create_fstab { - FMT="%-42s %-11s %-5s %-17s %-5s %s" -cat > "/mnt/etc/fstab" << EOF -$(printf "${FMT}" "# DEVICE UUID" "MOUNTPOINT" "TYPE" "OPTIONS" "DUMP" "FSCK") -$(findmnt -no SOURCE /mnt | xargs blkid -o export | awk -v FMT="${FMT}" '/^UUID=/ { printf(FMT, $0, "/", "ext4", "defaults,discard", "0", "1" ) }') -$(findmnt -no SOURCE /mnt/boot/efi | xargs blkid -o export | awk -v FMT="${FMT}" '/^UUID=/ { printf(FMT, $0, "/boot/efi", "vfat", "umask=0077", "0", "1" ) }') -$(findmnt -no SOURCE /mnt/data | xargs blkid -o export | awk -v FMT="${FMT}" '/^UUID=/ { printf(FMT, $0, "/data", "ext4", "defaults,discard", "0", "2" ) }') -$(printf "$FMT" "/swapfile" "none" "swap" "sw" "0" "0") -EOF - unset FMT -} - -function setup_chroot_environment { - UBUNTU_VERSION=$(lsb_release -cs) # 'noble' for Ubuntu 24.04 - - # Bootstrap Ubuntu into /mnt - debootstrap --arch ${ARCH} --variant=minbase "$UBUNTU_VERSION" /mnt - - # Update ec2-region - REGION=$(curl --silent --fail http://169.254.169.254/latest/meta-data/placement/availability-zone | sed -E 's|[a-z]+$||g') - sed -i "s/REGION/${REGION}/g" /tmp/sources.list - cp /tmp/sources.list /mnt/etc/apt/sources.list - - if [ "${ARCH}" = "arm64" ]; then - create_fstab - fi - - # Create mount points and mount the filesystem - mkdir -p /mnt/{dev,proc,sys} - mount --rbind /dev /mnt/dev - mount --rbind /proc /mnt/proc - mount --rbind /sys /mnt/sys - - # Create build mount point and mount - mkdir -p /mnt/tmp - mount /dev/xvdc /mnt/tmp - chmod 777 /mnt/tmp - - # Copy apparmor profiles - chmod 644 /tmp/apparmor_profiles/* - cp -r /tmp/apparmor_profiles /mnt/tmp/ - - # Copy migrations - cp -r /tmp/migrations /mnt/tmp/ - - # Copy unit tests - cp -r /tmp/unit-tests /mnt/tmp/ - - # Copy the bootstrap script into place and execute inside chroot - cp /tmp/chroot-bootstrap.sh /mnt/tmp/chroot-bootstrap.sh - chroot /mnt /tmp/chroot-bootstrap.sh - rm -f /mnt/tmp/chroot-bootstrap.sh - echo "${POSTGRES_SUPABASE_VERSION}" > /mnt/root/supabase-release - - # Copy the nvme identification script into /sbin inside the chroot - mkdir -p /mnt/sbin - cp /tmp/ebsnvme-id /mnt/sbin/ebsnvme-id - chmod +x /mnt/sbin/ebsnvme-id - - # Copy the udev rules for identifying nvme devices into the chroot - mkdir -p /mnt/etc/udev/rules.d - cp /tmp/70-ec2-nvme-devices.rules \ - /mnt/etc/udev/rules.d/70-ec2-nvme-devices.rules - - #Copy custom cloud-init - rm -f /mnt/etc/cloud/cloud.cfg - cp /tmp/cloud.cfg /mnt/etc/cloud/cloud.cfg - - sleep 2 -} - -function download_ccache { - docker cp ccachedata:/build/ccache/. /mnt/tmp/ccache -} - -function execute_playbook { - -tee /etc/ansible/ansible.cfg < Date: Wed, 2 Apr 2025 14:59:05 -0400 Subject: [PATCH 22/24] chore: make command non-interactive --- ebssurrogate/scripts/chroot-bootstrap-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ebssurrogate/scripts/chroot-bootstrap-nix.sh b/ebssurrogate/scripts/chroot-bootstrap-nix.sh index cda6bd2aa..bf14cb9eb 100755 --- a/ebssurrogate/scripts/chroot-bootstrap-nix.sh +++ b/ebssurrogate/scripts/chroot-bootstrap-nix.sh @@ -58,7 +58,7 @@ function update_install_packages { apt-get upgrade -y # Install OpenSSH and other packages - sudo add-apt-repository universe + sudo add-apt-repository --yes universe apt-get update apt-get install -y --no-install-recommends \ openssh-server \ From 843745714b1a89ae7fc0a05826d74e65d7164e5b Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 2 Apr 2025 15:05:04 -0400 Subject: [PATCH 23/24] chore: readme script --- nix/tools/update_readme.nu | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/tools/update_readme.nu b/nix/tools/update_readme.nu index bfb46ab0a..b19c266a3 100755 --- a/nix/tools/update_readme.nu +++ b/nix/tools/update_readme.nu @@ -153,7 +153,7 @@ def update_readme [] { # Update Primary Features section let features_content = [ ($pg_versions | each {|version| create_version_link $version} | str join "\n") - "- ✅ Ubuntu 20.04 (Focal Fossa)." + "- ✅ Ubuntu 24.04 (Noble Numbat)." "- ✅ [wal_level](https://www.postgresql.org/docs/current/runtime-config-wal.html) = logical and [max_replication_slots](https://www.postgresql.org/docs/current/runtime-config-replication.html) = 5. Ready for replication." "- ✅ [Large Systems Extensions](https://github.com/aws/aws-graviton-getting-started#building-for-graviton-and-graviton2). Enabled for ARM images." ] From be3a961b5320aeafa10b5796f8675df60cdf9a3d Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 2 Apr 2025 16:21:31 -0400 Subject: [PATCH 24/24] chore: ubuntu 24.04 has moved to use networkd and netplan by default, ... rather than the traditional dhclient.conf approach. --- ebssurrogate/scripts/chroot-bootstrap-nix.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/ebssurrogate/scripts/chroot-bootstrap-nix.sh b/ebssurrogate/scripts/chroot-bootstrap-nix.sh index bf14cb9eb..13a101915 100755 --- a/ebssurrogate/scripts/chroot-bootstrap-nix.sh +++ b/ebssurrogate/scripts/chroot-bootstrap-nix.sh @@ -157,10 +157,19 @@ function disable_fsck { # Don't request hostname during boot but set hostname function setup_hostname { - sed -i 's/gethostname()/ubuntu /g' /etc/dhcp/dhclient.conf - sed -i 's/host-name,//g' /etc/dhcp/dhclient.conf + # Set the static hostname echo "ubuntu" > /etc/hostname chmod 644 /etc/hostname + # Update netplan configuration to not send hostname + cat << EOF > /etc/netplan/01-hostname.yaml +network: + version: 2 + ethernets: + eth0: + dhcp4: true + dhcp4-overrides: + send-hostname: false +EOF } # Set options for the default interface