From 2622a30aaba894013a80fc8faf2ebb4e856b6359 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 13:13:40 -0500 Subject: [PATCH 01/27] feat: wip advance to ubuntu 24.04 --- .github/workflows/ami-release-nix.yml | 8 +- ...ublish-nix-pgupgrade-bin-flake-version.yml | 4 +- .github/workflows/testinfra-nix.yml | 4 +- Dockerfile-15 | 2 +- Dockerfile-orioledb-17 | 2 +- README.md | 2 +- amazon-arm64-nix.pkr.hcl | 4 +- ansible/tasks/setup-postgres.yml | 2 +- ansible/tasks/setup-postgrest.yml | 4 +- ansible/vars.yml | 14 +- docker/Dockerfile | 4 +- ebssurrogate/files/sources-arm64.cfg | 20 +- ebssurrogate/files/sources.cfg | 20 +- .../scripts/surrogate-bootstrap-nix.sh | 2 +- ebssurrogate/scripts/surrogate-bootstrap.sh | 324 ++++++++++++++++++ scripts/99-img_check.sh | 2 +- testinfra/README.md | 4 +- tests/pg_upgrade/debug.sh | 2 +- 18 files changed, 374 insertions(+), 50 deletions(-) create mode 100755 ebssurrogate/scripts/surrogate-bootstrap.sh diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index 004a597d7..8029516f3 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -40,8 +40,8 @@ jobs: include: - runner: arm-runner arch: arm64 - ubuntu_release: focal - ubuntu_version: 20.04 + ubuntu_release: noble + ubuntu_version: 24.04 mcpu: neoverse-n1 runs-on: ${{ matrix.runner }} timeout-minutes: 150 @@ -122,7 +122,7 @@ jobs: - name: Upload nix flake revision to s3 staging run: | - aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz + aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz - name: configure aws credentials - prod uses: aws-actions/configure-aws-credentials@v4 @@ -141,7 +141,7 @@ jobs: - name: Upload nix flake revision to s3 prod run: | - aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz + aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz - name: Create release uses: softprops/action-gh-release@v2 diff --git a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml index bec85166e..d949fff01 100644 --- a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml +++ b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml @@ -66,7 +66,7 @@ jobs: - name: Upload pg_upgrade scripts to s3 staging run: | - aws s3 cp /tmp/pg_upgrade_bin.tar.gz "s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz" + aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz - name: Slack Notification on Failure if: ${{ failure() }} @@ -113,7 +113,7 @@ jobs: - name: Upload pg_upgrade scripts to s3 prod run: | - aws s3 cp /tmp/pg_upgrade_bin.tar.gz "s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz" + aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz - name: Slack Notification on Failure if: ${{ failure() }} diff --git a/.github/workflows/testinfra-nix.yml b/.github/workflows/testinfra-nix.yml index 2b07e716f..9b4b8eed2 100644 --- a/.github/workflows/testinfra-nix.yml +++ b/.github/workflows/testinfra-nix.yml @@ -40,8 +40,8 @@ jobs: include: - runner: arm-runner arch: arm64 - ubuntu_release: focal - ubuntu_version: 20.04 + ubuntu_release: noble + ubuntu_version: 24.04 mcpu: neoverse-n1 runs-on: ${{ matrix.runner }} timeout-minutes: 150 diff --git a/Dockerfile-15 b/Dockerfile-15 index 42ffc858c..716df9932 100644 --- a/Dockerfile-15 +++ b/Dockerfile-15 @@ -38,7 +38,7 @@ ARG index_advisor_release=0.2.0 ARG supautils_release=2.2.0 ARG wal_g_release=2.0.1 -FROM ubuntu:focal as base +FROM ubuntu:noble as base RUN apt update -y && apt install -y \ curl \ diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17 index f7c0d4f63..ba210926a 100644 --- a/Dockerfile-orioledb-17 +++ b/Dockerfile-orioledb-17 @@ -39,7 +39,7 @@ ARG index_advisor_release=0.2.0 ARG supautils_release=2.2.0 ARG wal_g_release=3.0.5 -FROM ubuntu:focal as base +FROM ubuntu:noble as base RUN apt update -y && apt install -y \ curl \ diff --git a/README.md b/README.md index d7b106cf8..f851ff814 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to - ✅ Postgres [postgresql-15.8](https://www.postgresql.org/docs/15/index.html) - ✅ Postgres [postgresql-17.4](https://www.postgresql.org/docs/17/index.html) - ✅ Postgres [orioledb-postgresql-17_5](https://github.com/orioledb/orioledb) -- ✅ Ubuntu 20.04 (Focal Fossa). +- ✅ Ubuntu 20.04 (Noble Numbat). - ✅ [wal_level](https://www.postgresql.org/docs/current/runtime-config-wal.html) = logical and [max_replication_slots](https://www.postgresql.org/docs/current/runtime-config-replication.html) = 5. Ready for replication. - ✅ [Large Systems Extensions](https://github.com/aws/aws-graviton-getting-started#building-for-graviton-and-graviton2). Enabled for ARM images. ## Extensions diff --git a/amazon-arm64-nix.pkr.hcl b/amazon-arm64-nix.pkr.hcl index e460dfc72..1673af6cc 100644 --- a/amazon-arm64-nix.pkr.hcl +++ b/amazon-arm64-nix.pkr.hcl @@ -1,6 +1,6 @@ variable "ami" { type = string - default = "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-arm64-server-*" + default = "ubuntu/images/hvm-ssd/ubuntu-noble-24.04-arm64-server-*" } variable "profile" { @@ -115,7 +115,7 @@ source "amazon-ebssurrogate" "source" { #secret_key = "${var.aws_secret_key}" force_deregister = var.force-deregister - # Use latest official ubuntu focal ami owned by Canonical. + # Use latest official ubuntu noble ami owned by Canonical. source_ami_filter { filters = { virtualization-type = "hvm" diff --git a/ansible/tasks/setup-postgres.yml b/ansible/tasks/setup-postgres.yml index a1b7e6c7f..2fe302488 100644 --- a/ansible/tasks/setup-postgres.yml +++ b/ansible/tasks/setup-postgres.yml @@ -23,7 +23,7 @@ - name: Postgres - install server apt: - name: postgresql-{{ postgresql_major }}={{ postgresql_release }}-1.pgdg20.04+1 + name: postgresql-{{ postgresql_major }}={{ postgresql_release }}-1.pgdg24.04+1 install_recommends: no when: debpkg_mode diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index a98d1990f..279c72ec5 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -8,7 +8,7 @@ - name: PostgREST - add Postgres PPA apt_repository: - repo: "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg {{ postgresql_major }}" + repo: "deb http://apt.postgresql.org/pub/repos/apt/ noble-pgdg {{ postgresql_major }}" state: present - name: PostgREST - update apt cache @@ -30,7 +30,7 @@ - name: PostgREST - remove Postgres PPA apt_repository: - repo: "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg {{ postgresql_major }}" + repo: "deb http://apt.postgresql.org/pub/repos/apt/ noble-pgdg {{ postgresql_major }}" state: absent - name: postgis - ensure dependencies do not get autoremoved diff --git a/ansible/vars.yml b/ansible/vars.yml index 4d3102a17..839988b5d 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -9,9 +9,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.0.1.065-orioledb" - postgres17: "17.4.1.015" - postgres15: "15.8.1.072" + postgresorioledb-17: "17.0.1.065-orioledb-rc-2" + postgres17: "17.4.1.015-rc-2" + postgres15: "15.8.1.072-rc-2" # Non Postgres Extensions pgbouncer_release: "1.19.0" @@ -31,16 +31,16 @@ aws_cli_release: "2.23.11" salt_minion_version: 3007 -golang_version: "1.19.3" +golang_version: "1.22.11" golang_version_checksum: - arm64: sha256:99de2fe112a52ab748fb175edea64b313a0c8d51d6157dba683a6be163fd5eab - amd64: sha256:74b9640724fd4e6bb0ed2a1bc44ae813a03f1e72a4c76253e2d5c015494430ba + arm64: sha256:0fc88d966d33896384fbde56e9a8d80a305dc17a9f48f1832e061724b1719991 + amd64: sha256:9ebfcab26801fa4cf0627c6439db7a4da4d3c6766142a3dd83508240e4f21031 envoy_release: 1.28.0 envoy_release_checksum: sha1:b0a06e9cfb170f1993f369beaa5aa9d7ec679ce5 envoy_hot_restarter_release_checksum: sha1:6d43b89d266fb2427a4b51756b649883b0617eda -kong_release_target: focal # if it works, it works +kong_release_target: focal kong_deb: kong_2.8.1_arm64.deb kong_deb_checksum: sha1:2086f6ccf8454fe64435252fea4d29d736d7ec61 diff --git a/docker/Dockerfile b/docker/Dockerfile index 116377b5d..53a96029e 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,8 +1,8 @@ -ARG ubuntu_release=focal +ARG ubuntu_release=noble FROM ubuntu:${ubuntu_release} as base ARG ubuntu_release=flocal -ARG ubuntu_release_no=20.04 +ARG ubuntu_release_no=24.04 ARG postgresql_major=15 ARG postgresql_release=${postgresql_major}.1 diff --git a/ebssurrogate/files/sources-arm64.cfg b/ebssurrogate/files/sources-arm64.cfg index a2363773e..eed6c0f16 100644 --- a/ebssurrogate/files/sources-arm64.cfg +++ b/ebssurrogate/files/sources-arm64.cfg @@ -1,10 +1,10 @@ -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal main restricted -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-updates main restricted -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal universe -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-updates universe -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal multiverse -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-updates multiverse -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-backports main restricted universe multiverse -deb http://ports.ubuntu.com/ubuntu-ports focal-security main restricted -deb http://ports.ubuntu.com/ubuntu-ports focal-security universe -deb http://ports.ubuntu.com/ubuntu-ports focal-security multiverse +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble main restricted +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-updates main restricted +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble universe +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-updates universe +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble multiverse +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-updates multiverse +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-backports main restricted universe multiverse +deb http://ports.ubuntu.com/ubuntu-ports noble-security main restricted +deb http://ports.ubuntu.com/ubuntu-ports noble-security universe +deb http://ports.ubuntu.com/ubuntu-ports noble-security multiverse diff --git a/ebssurrogate/files/sources.cfg b/ebssurrogate/files/sources.cfg index ec3011807..a27be052f 100644 --- a/ebssurrogate/files/sources.cfg +++ b/ebssurrogate/files/sources.cfg @@ -1,10 +1,10 @@ -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal main restricted -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-updates main restricted -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal universe -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-updates universe -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal multiverse -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-updates multiverse -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse -deb http://security.ubuntu.com/ubuntu focal-security main restricted -deb http://security.ubuntu.com/ubuntu focal-security universe -deb http://security.ubuntu.com/ubuntu focal-security multiverse +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble main restricted +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-updates main restricted +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble universe +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-updates universe +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble multiverse +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-updates multiverse +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-backports main restricted universe multiverse +deb http://security.ubuntu.com/ubuntu noble-security main restricted +deb http://security.ubuntu.com/ubuntu noble-security universe +deb http://security.ubuntu.com/ubuntu noble-security multiverse diff --git a/ebssurrogate/scripts/surrogate-bootstrap-nix.sh b/ebssurrogate/scripts/surrogate-bootstrap-nix.sh index 39b8f4e82..965b1e07b 100755 --- a/ebssurrogate/scripts/surrogate-bootstrap-nix.sh +++ b/ebssurrogate/scripts/surrogate-bootstrap-nix.sh @@ -148,7 +148,7 @@ EOF } function setup_chroot_environment { - UBUNTU_VERSION=$(lsb_release -cs) # 'focal' for Ubuntu 20.04 + UBUNTU_VERSION=$(lsb_release -cs) # 'noble' for Ubuntu 24.04 # Bootstrap Ubuntu into /mnt debootstrap --arch ${ARCH} --variant=minbase "$UBUNTU_VERSION" /mnt diff --git a/ebssurrogate/scripts/surrogate-bootstrap.sh b/ebssurrogate/scripts/surrogate-bootstrap.sh new file mode 100755 index 000000000..ccb108ac6 --- /dev/null +++ b/ebssurrogate/scripts/surrogate-bootstrap.sh @@ -0,0 +1,324 @@ +#!/usr/bin/env bash +# +# This script creates filesystem and setups up chrooted +# enviroment for further processing. It also runs +# ansible playbook and finally does system cleanup. +# +# Adapted from: https://github.com/jen20/packer-ubuntu-zfs + +set -o errexit +set -o pipefail +set -o xtrace + +if [ $(dpkg --print-architecture) = "amd64" ]; +then + ARCH="amd64"; +else + ARCH="arm64"; +fi + +function waitfor_boot_finished { + export DEBIAN_FRONTEND=noninteractive + + echo "args: ${ARGS}" + # Wait for cloudinit on the surrogate to complete before making progress + while [[ ! -f /var/lib/cloud/instance/boot-finished ]]; do + echo 'Waiting for cloud-init...' + sleep 1 + done +} + +function install_packages { + # Setup Ansible on host VM + apt-get update && sudo apt-get install software-properties-common -y + add-apt-repository --yes --update ppa:ansible/ansible && sudo apt-get install ansible -y + ansible-galaxy collection install community.general + + # Update apt and install required packages + apt-get update + apt-get install -y \ + gdisk \ + e2fsprogs \ + debootstrap \ + nvme-cli +} + +# Partition the new root EBS volume +function create_partition_table { + + if [ "${ARCH}" = "arm64" ]; then + parted --script /dev/xvdf \ + mklabel gpt \ + mkpart UEFI 1MiB 100MiB \ + mkpart ROOT 100MiB 100% + set 1 esp on \ + set 1 boot on + parted --script /dev/xvdf print + else + sgdisk -Zg -n1:0:4095 -t1:EF02 -c1:GRUB -n2:0:0 -t2:8300 -c2:EXT4 /dev/xvdf + fi + + sleep 2 +} + +function device_partition_mappings { + # NVMe EBS launch device mappings (symlinks): /dev/nvme*n* to /dev/xvd* + declare -A blkdev_mappings + for blkdev in $(nvme list | awk '/^\/dev/ { print $1 }'); do # /dev/nvme*n* + # Mapping info from disk headers + header=$(nvme id-ctrl --raw-binary "${blkdev}" | cut -c3073-3104 | tr -s ' ' | sed 's/ $//g' | sed 's!/dev/!!') + mapping="/dev/${header%%[0-9]}" # normalize sda1 => sda + + # Create /dev/xvd* device symlink + if [[ ! -z "$mapping" ]] && [[ -b "${blkdev}" ]] && [[ ! -L "${mapping}" ]]; then + ln -s "$blkdev" "$mapping" + + blkdev_mappings["$blkdev"]="$mapping" + fi + done + + create_partition_table + + # NVMe EBS launch device partition mappings (symlinks): /dev/nvme*n*p* to /dev/xvd*[0-9]+ + declare -A partdev_mappings + for blkdev in "${!blkdev_mappings[@]}"; do # /dev/nvme*n* + mapping="${blkdev_mappings[$blkdev]}" + + # Create /dev/xvd*[0-9]+ partition device symlink + for partdev in "${blkdev}"p*; do + partnum=${partdev##*p} + if [[ ! -L "${mapping}${partnum}" ]]; then + ln -s "${blkdev}p${partnum}" "${mapping}${partnum}" + + partdev_mappings["${blkdev}p${partnum}"]="${mapping}${partnum}" + fi + done + done +} + + +#Download and install latest e2fsprogs for fast_commit feature,if required. +function format_and_mount_rootfs { + mkfs.ext4 -m0.1 /dev/xvdf2 + + mount -o noatime,nodiratime /dev/xvdf2 /mnt + if [ "${ARCH}" = "arm64" ]; then + mkfs.fat -F32 /dev/xvdf1 + mkdir -p /mnt/boot/efi + sleep 2 + mount /dev/xvdf1 /mnt/boot/efi + fi + + mkfs.ext4 /dev/xvdh + mkdir -p /mnt/data + mount -o defaults,discard /dev/xvdh /mnt/data +} + +function create_swapfile { + fallocate -l 1G /mnt/swapfile + chmod 600 /mnt/swapfile + mkswap /mnt/swapfile +} + +function format_build_partition { + mkfs.ext4 -O ^has_journal /dev/xvdc +} +function pull_docker { + apt-get install -y docker.io + docker run -itd --name ccachedata "${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG}" sh + docker exec -itd ccachedata mkdir -p /build/ccache +} + +# Create fstab +function create_fstab { + FMT="%-42s %-11s %-5s %-17s %-5s %s" +cat > "/mnt/etc/fstab" << EOF +$(printf "${FMT}" "# DEVICE UUID" "MOUNTPOINT" "TYPE" "OPTIONS" "DUMP" "FSCK") +$(findmnt -no SOURCE /mnt | xargs blkid -o export | awk -v FMT="${FMT}" '/^UUID=/ { printf(FMT, $0, "/", "ext4", "defaults,discard", "0", "1" ) }') +$(findmnt -no SOURCE /mnt/boot/efi | xargs blkid -o export | awk -v FMT="${FMT}" '/^UUID=/ { printf(FMT, $0, "/boot/efi", "vfat", "umask=0077", "0", "1" ) }') +$(findmnt -no SOURCE /mnt/data | xargs blkid -o export | awk -v FMT="${FMT}" '/^UUID=/ { printf(FMT, $0, "/data", "ext4", "defaults,discard", "0", "2" ) }') +$(printf "$FMT" "/swapfile" "none" "swap" "sw" "0" "0") +EOF + unset FMT +} + +function setup_chroot_environment { + UBUNTU_VERSION=$(lsb_release -cs) # 'noble' for Ubuntu 24.04 + + # Bootstrap Ubuntu into /mnt + debootstrap --arch ${ARCH} --variant=minbase "$UBUNTU_VERSION" /mnt + + # Update ec2-region + REGION=$(curl --silent --fail http://169.254.169.254/latest/meta-data/placement/availability-zone | sed -E 's|[a-z]+$||g') + sed -i "s/REGION/${REGION}/g" /tmp/sources.list + cp /tmp/sources.list /mnt/etc/apt/sources.list + + if [ "${ARCH}" = "arm64" ]; then + create_fstab + fi + + # Create mount points and mount the filesystem + mkdir -p /mnt/{dev,proc,sys} + mount --rbind /dev /mnt/dev + mount --rbind /proc /mnt/proc + mount --rbind /sys /mnt/sys + + # Create build mount point and mount + mkdir -p /mnt/tmp + mount /dev/xvdc /mnt/tmp + chmod 777 /mnt/tmp + + # Copy apparmor profiles + chmod 644 /tmp/apparmor_profiles/* + cp -r /tmp/apparmor_profiles /mnt/tmp/ + + # Copy migrations + cp -r /tmp/migrations /mnt/tmp/ + + # Copy unit tests + cp -r /tmp/unit-tests /mnt/tmp/ + + # Copy the bootstrap script into place and execute inside chroot + cp /tmp/chroot-bootstrap.sh /mnt/tmp/chroot-bootstrap.sh + chroot /mnt /tmp/chroot-bootstrap.sh + rm -f /mnt/tmp/chroot-bootstrap.sh + echo "${POSTGRES_SUPABASE_VERSION}" > /mnt/root/supabase-release + + # Copy the nvme identification script into /sbin inside the chroot + mkdir -p /mnt/sbin + cp /tmp/ebsnvme-id /mnt/sbin/ebsnvme-id + chmod +x /mnt/sbin/ebsnvme-id + + # Copy the udev rules for identifying nvme devices into the chroot + mkdir -p /mnt/etc/udev/rules.d + cp /tmp/70-ec2-nvme-devices.rules \ + /mnt/etc/udev/rules.d/70-ec2-nvme-devices.rules + + #Copy custom cloud-init + rm -f /mnt/etc/cloud/cloud.cfg + cp /tmp/cloud.cfg /mnt/etc/cloud/cloud.cfg + + sleep 2 +} + +function download_ccache { + docker cp ccachedata:/build/ccache/. /mnt/tmp/ccache +} + +function execute_playbook { + +tee /etc/ansible/ansible.cfg < Date: Wed, 22 Jan 2025 13:37:31 -0500 Subject: [PATCH 02/27] fix; missing gp3 on image string --- amazon-arm64-nix.pkr.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/amazon-arm64-nix.pkr.hcl b/amazon-arm64-nix.pkr.hcl index 1673af6cc..f625ac4af 100644 --- a/amazon-arm64-nix.pkr.hcl +++ b/amazon-arm64-nix.pkr.hcl @@ -1,6 +1,6 @@ variable "ami" { type = string - default = "ubuntu/images/hvm-ssd/ubuntu-noble-24.04-arm64-server-*" + default = "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-arm64-server-*" } variable "profile" { From 2105652f3ee0293a737670da6f0db6388d1b83e3 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 14:01:00 -0500 Subject: [PATCH 03/27] chore: non-interactive --- ebssurrogate/scripts/chroot-bootstrap-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ebssurrogate/scripts/chroot-bootstrap-nix.sh b/ebssurrogate/scripts/chroot-bootstrap-nix.sh index cda6bd2aa..88871fc1e 100755 --- a/ebssurrogate/scripts/chroot-bootstrap-nix.sh +++ b/ebssurrogate/scripts/chroot-bootstrap-nix.sh @@ -58,7 +58,7 @@ function update_install_packages { apt-get upgrade -y # Install OpenSSH and other packages - sudo add-apt-repository universe + sudo add-apt-repository universe -y apt-get update apt-get install -y --no-install-recommends \ openssh-server \ From 34fc1aaf0253c755657941d39d6930214a160c3c Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 14:31:54 -0500 Subject: [PATCH 04/27] chore: set hostname in dhcp client --- ebssurrogate/scripts/chroot-bootstrap-nix.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ebssurrogate/scripts/chroot-bootstrap-nix.sh b/ebssurrogate/scripts/chroot-bootstrap-nix.sh index 88871fc1e..3a14dd0d4 100755 --- a/ebssurrogate/scripts/chroot-bootstrap-nix.sh +++ b/ebssurrogate/scripts/chroot-bootstrap-nix.sh @@ -157,8 +157,7 @@ function disable_fsck { # Don't request hostname during boot but set hostname function setup_hostname { - sed -i 's/gethostname()/ubuntu /g' /etc/dhcp/dhclient.conf - sed -i 's/host-name,//g' /etc/dhcp/dhclient.conf + sudo sed -i 's/hostname: .*/hostname: "ubuntu"/g' /etc/netplan/*.yaml echo "ubuntu" > /etc/hostname chmod 644 /etc/hostname } From 197b5135b69d7bd20d17e4cf600288ab329129ab Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 14:45:46 -0500 Subject: [PATCH 05/27] chore: conform to new networking approach --- ebssurrogate/scripts/chroot-bootstrap-nix.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ebssurrogate/scripts/chroot-bootstrap-nix.sh b/ebssurrogate/scripts/chroot-bootstrap-nix.sh index 3a14dd0d4..ef5f0e071 100755 --- a/ebssurrogate/scripts/chroot-bootstrap-nix.sh +++ b/ebssurrogate/scripts/chroot-bootstrap-nix.sh @@ -157,9 +157,12 @@ function disable_fsck { # Don't request hostname during boot but set hostname function setup_hostname { - sudo sed -i 's/hostname: .*/hostname: "ubuntu"/g' /etc/netplan/*.yaml echo "ubuntu" > /etc/hostname chmod 644 /etc/hostname + # Set the hostname + + # Prevent cloud-init from changing the hostname + sed -i 's/^preserve_hostname: false/preserve_hostname: true/' /etc/cloud/cloud.cfg } # Set options for the default interface From 8dfe9987309e85a4620d35040811b1d4a83ee30d Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 15:21:53 -0500 Subject: [PATCH 06/27] ore: reverse he sha values --- ansible/vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 839988b5d..cf0a4893b 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -33,8 +33,8 @@ salt_minion_version: 3007 golang_version: "1.22.11" golang_version_checksum: - arm64: sha256:0fc88d966d33896384fbde56e9a8d80a305dc17a9f48f1832e061724b1719991 - amd64: sha256:9ebfcab26801fa4cf0627c6439db7a4da4d3c6766142a3dd83508240e4f21031 + arm64: sha256:9ebfcab26801fa4cf0627c6439db7a4da4d3c6766142a3dd83508240e4f21031 + amd64: sha256:0fc88d966d33896384fbde56e9a8d80a305dc17a9f48f1832e061724b1719991 envoy_release: 1.28.0 envoy_release_checksum: sha1:b0a06e9cfb170f1993f369beaa5aa9d7ec679ce5 From 6b07c4540e904fa49f9c65f5ff1dd091ff0ced15 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 15:40:43 -0500 Subject: [PATCH 07/27] chore: fix kong address --- ansible/tasks/setup-kong.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/setup-kong.yml b/ansible/tasks/setup-kong.yml index b34f96e78..592d2ec99 100644 --- a/ansible/tasks/setup-kong.yml +++ b/ansible/tasks/setup-kong.yml @@ -12,7 +12,7 @@ - name: Kong - download deb package get_url: - url: "https://packages.konghq.com/public/gateway-28/deb/ubuntu/pool/{{ kong_release_target }}/main/k/ko/kong_2.8.1/{{ kong_deb }}" + url: "https://packages.konghq.com/public/gateway-2839/deb/ubuntu/pool/{{ kong_release_target }}/main/k/ko/kong_3.9.0/{{ kong_deb }}" dest: /tmp/kong.deb checksum: "{{ kong_deb_checksum }}" From 07df58288e447dc0e51024b323c5fe317b7d8b69 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 15:58:39 -0500 Subject: [PATCH 08/27] ore: typo in url --- ansible/tasks/setup-kong.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/setup-kong.yml b/ansible/tasks/setup-kong.yml index 592d2ec99..21c173a80 100644 --- a/ansible/tasks/setup-kong.yml +++ b/ansible/tasks/setup-kong.yml @@ -12,7 +12,7 @@ - name: Kong - download deb package get_url: - url: "https://packages.konghq.com/public/gateway-2839/deb/ubuntu/pool/{{ kong_release_target }}/main/k/ko/kong_3.9.0/{{ kong_deb }}" + url: "https://packages.konghq.com/public/gateway-39/deb/ubuntu/pool/{{ kong_release_target }}/main/k/ko/kong_3.9.0/{{ kong_deb }}" dest: /tmp/kong.deb checksum: "{{ kong_deb_checksum }}" From f485a8c793c5168778f32b52338070f2c91f9541 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 16:18:31 -0500 Subject: [PATCH 09/27] chore: drop old removals --- scripts/90-cleanup.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/scripts/90-cleanup.sh b/scripts/90-cleanup.sh index f2e19686d..c7fcf0c24 100644 --- a/scripts/90-cleanup.sh +++ b/scripts/90-cleanup.sh @@ -24,10 +24,8 @@ elif [ -n "$(command -v apt-get)" ]; then autoconf \ autotools-dev \ cmake-data \ - cpp-8 \ cpp-9 \ cpp-10 \ - gcc-8 \ gcc-9 \ gcc-10 \ git \ @@ -36,7 +34,6 @@ elif [ -n "$(command -v apt-get)" ]; then libicu-dev \ libcgal-dev \ libgcc-9-dev \ - libgcc-8-dev \ ansible add-apt-repository --yes --remove ppa:ansible/ansible From 30673f6b7fee621112e4391f2b9d5f78ac5b5a6a Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 22 Jan 2025 19:59:20 -0500 Subject: [PATCH 10/27] chore: remove defunct package --- scripts/90-cleanup.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/90-cleanup.sh b/scripts/90-cleanup.sh index c7fcf0c24..644e5f7f6 100644 --- a/scripts/90-cleanup.sh +++ b/scripts/90-cleanup.sh @@ -39,8 +39,7 @@ elif [ -n "$(command -v apt-get)" ]; then add-apt-repository --yes --remove ppa:ansible/ansible source /etc/os-release - apt-get -y remove --purge linux-headers-5.11.0-1021-aws - + apt-get -y update apt-get -y upgrade apt-get -y autoremove From 8c5a791e2ee9b4243846afd6f70adfc2e5f2e177 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 23 Jan 2025 13:55:34 -0500 Subject: [PATCH 11/27] chore: restore wal-g build approach --- ansible/tasks/setup-wal-g.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/ansible/tasks/setup-wal-g.yml b/ansible/tasks/setup-wal-g.yml index a05106ede..fa8b6b09c 100644 --- a/ansible/tasks/setup-wal-g.yml +++ b/ansible/tasks/setup-wal-g.yml @@ -58,7 +58,6 @@ owner: wal-g group: wal-g mode: '0664' - when: stage2_nix - name: Move custom wal-g.conf file to /etc/postgresql-custom/wal-g.conf template: @@ -67,7 +66,6 @@ mode: 0664 owner: postgres group: postgres - when: stage2_nix - name: Add script to be run for restore_command template: @@ -76,7 +74,6 @@ mode: 0500 owner: postgres group: postgres - when: stage2_nix - name: Add helper script for wal_fetch.sh template: @@ -84,7 +81,6 @@ dest: /root/wal_change_ownership.sh mode: 0700 owner: root - when: stage2_nix - name: Include /etc/postgresql-custom/wal-g.conf in postgresql.conf become: yes From f6f2c6d2cae48891af1c484490c8ac7f66f0f0b2 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 23 Jan 2025 19:55:02 -0500 Subject: [PATCH 12/27] chore: permission check and restore kong original version --- ansible/tasks/setup-kong.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/setup-kong.yml b/ansible/tasks/setup-kong.yml index 21c173a80..b34f96e78 100644 --- a/ansible/tasks/setup-kong.yml +++ b/ansible/tasks/setup-kong.yml @@ -12,7 +12,7 @@ - name: Kong - download deb package get_url: - url: "https://packages.konghq.com/public/gateway-39/deb/ubuntu/pool/{{ kong_release_target }}/main/k/ko/kong_3.9.0/{{ kong_deb }}" + url: "https://packages.konghq.com/public/gateway-28/deb/ubuntu/pool/{{ kong_release_target }}/main/k/ko/kong_2.8.1/{{ kong_deb }}" dest: /tmp/kong.deb checksum: "{{ kong_deb_checksum }}" From 28739d06f0043bb316250d1b2e5fe961ac073fd4 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 23 Jan 2025 22:37:15 -0500 Subject: [PATCH 13/27] chore: log output to debug --- testinfra/test_ami_nix.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py index 4d354fac3..d7dd69601 100644 --- a/testinfra/test_ami_nix.py +++ b/testinfra/test_ami_nix.py @@ -292,6 +292,9 @@ def get_ssh_connection(instance_ip, ssh_identity_file, max_retries=10): ) def is_healthy(host, instance_ip, ssh_identity_file) -> bool: + postgres_logs = host.run("journalctl -u postgresql") + logger.warning(f"PostgreSQL logs: {postgres_logs.stdout}") + health_checks = [ ( "postgres", From 267f2838e4952a2437281acb3b992913f08b25e7 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Fri, 24 Jan 2025 00:18:50 -0500 Subject: [PATCH 14/27] chore: checks --- testinfra/test_ami_nix.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py index d7dd69601..1ed2c3883 100644 --- a/testinfra/test_ami_nix.py +++ b/testinfra/test_ami_nix.py @@ -292,8 +292,17 @@ def get_ssh_connection(instance_ip, ssh_identity_file, max_retries=10): ) def is_healthy(host, instance_ip, ssh_identity_file) -> bool: - postgres_logs = host.run("journalctl -u postgresql") - logger.warning(f"PostgreSQL logs: {postgres_logs.stdout}") + status_checks = [ + "dpkg -l | grep postgresql", + "systemctl status postgresql", + "ls -la /var/lib/postgresql", + "ps aux | grep postgres" + ] + + for check in status_checks: + result = host.run(check) + logger.warning(f"{check} output: {result.stdout}") + health_checks = [ ( From a25cf1800ba74ae16f7d9beae9942d3bfb4b9eaf Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 28 Jan 2025 16:05:43 -0500 Subject: [PATCH 15/27] chore: increase wait time before health checks. --- testinfra/test_ami_nix.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py index 1ed2c3883..13ef737a4 100644 --- a/testinfra/test_ami_nix.py +++ b/testinfra/test_ami_nix.py @@ -246,6 +246,9 @@ def gzip_then_base64_encode(s: str) -> str: )[0] instance.wait_until_running() + # Increase wait time before starting health checks + sleep(30) # Wait for 30 seconds to allow services to start + ec2logger = EC2InstanceConnectLogger(debug=False) temp_key = EC2InstanceConnectKey(ec2logger.get_logger()) ec2ic = boto3.client("ec2-instance-connect", region_name="ap-southeast-1") From 9df2a037f60564c29af4b8f8d45662433f37ecab Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 28 Jan 2025 16:13:12 -0500 Subject: [PATCH 16/27] chore: try to increase logging on postgres --- testinfra/test_ami_nix.py | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py index 13ef737a4..c0d79c9d9 100644 --- a/testinfra/test_ami_nix.py +++ b/testinfra/test_ami_nix.py @@ -295,12 +295,30 @@ def get_ssh_connection(instance_ip, ssh_identity_file, max_retries=10): ) def is_healthy(host, instance_ip, ssh_identity_file) -> bool: - status_checks = [ - "dpkg -l | grep postgresql", - "systemctl status postgresql", - "ls -la /var/lib/postgresql", - "ps aux | grep postgres" + postgres_diagnostics = [ + "sudo tail -n 50 /var/log/postgresql/postgresql-*.log", # Get recent PostgreSQL logs + "sudo -u postgres /usr/bin/pg_isready -U postgres -v", # Verbose pg_isready + "sudo systemctl status postgresql", # Get service status + "sudo journalctl -u postgresql --no-pager -n 50", # Get journal logs + "ps aux | grep postgres", # Check running processes + "sudo ls -la /var/lib/postgresql/*/main/", # Check data directory permissions + "sudo cat /var/lib/postgresql/*/main/postmaster.pid", # Check if PID file exists + "sudo -u postgres psql -c 'SELECT version();' || true" # Try to connect and get version ] + + logger.warning("Running PostgreSQL diagnostic checks...") + for check in postgres_diagnostics: + try: + result = host.run(check) + logger.warning(f"\n=== {check} ===\nReturn code: {result.rc}\nOutput:\n{result.stdout}\nErrors:\n{result.stderr}") + except Exception as e: + logger.warning(f"Failed to run {check}: {str(e)}") + status_checks = [ + "dpkg -l | grep postgresql", + "systemctl status postgresql", + "ls -la /var/lib/postgresql", + "ps aux | grep postgres" + ] for check in status_checks: result = host.run(check) From 849792f1007d9343ea68622a845ddadd8d0dc39a Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 11 Feb 2025 13:45:30 -0500 Subject: [PATCH 17/27] chore: post rebase cleanup --- ansible/files/permission_check.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/ansible/files/permission_check.py b/ansible/files/permission_check.py index a753f69ec..15acf839a 100644 --- a/ansible/files/permission_check.py +++ b/ansible/files/permission_check.py @@ -40,7 +40,6 @@ "backup": [{"groupname": "backup", "username": "backup"}], "list": [{"groupname": "list", "username": "list"}], "irc": [{"groupname": "irc", "username": "irc"}], - "gnats": [{"groupname": "gnats", "username": "gnats"}], "nobody": [{"groupname": "nogroup", "username": "nobody"}], "systemd-network": [ {"groupname": "systemd-network", "username": "systemd-network"} @@ -216,7 +215,6 @@ def main(): "backup", "list", "irc", - "gnats", "nobody", "systemd-network", "systemd-resolve", @@ -233,7 +231,6 @@ def main(): "adminapi", "postgrest", "tcpdump", - "systemd-coredump", ] if not qemu_artifact: usernames.append("ec2-instance-connect") From 3e9582008c244b6719de0c2cebbed9693bae63f7 Mon Sep 17 00:00:00 2001 From: samrose Date: Tue, 1 Apr 2025 21:04:43 -0400 Subject: [PATCH 18/27] Update README.md Co-authored-by: Div Arora --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f851ff814..608de9844 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to - ✅ Postgres [postgresql-15.8](https://www.postgresql.org/docs/15/index.html) - ✅ Postgres [postgresql-17.4](https://www.postgresql.org/docs/17/index.html) - ✅ Postgres [orioledb-postgresql-17_5](https://github.com/orioledb/orioledb) -- ✅ Ubuntu 20.04 (Noble Numbat). +- ✅ Ubuntu 24.04 (Noble Numbat). - ✅ [wal_level](https://www.postgresql.org/docs/current/runtime-config-wal.html) = logical and [max_replication_slots](https://www.postgresql.org/docs/current/runtime-config-replication.html) = 5. Ready for replication. - ✅ [Large Systems Extensions](https://github.com/aws/aws-graviton-getting-started#building-for-graviton-and-graviton2). Enabled for ARM images. ## Extensions From 02ca971685e931222b4900c3101899a3f2fa116e Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 1 Apr 2025 21:18:43 -0400 Subject: [PATCH 19/27] chore: restore function --- ebssurrogate/scripts/chroot-bootstrap-nix.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ebssurrogate/scripts/chroot-bootstrap-nix.sh b/ebssurrogate/scripts/chroot-bootstrap-nix.sh index ef5f0e071..cda6bd2aa 100755 --- a/ebssurrogate/scripts/chroot-bootstrap-nix.sh +++ b/ebssurrogate/scripts/chroot-bootstrap-nix.sh @@ -58,7 +58,7 @@ function update_install_packages { apt-get upgrade -y # Install OpenSSH and other packages - sudo add-apt-repository universe -y + sudo add-apt-repository universe apt-get update apt-get install -y --no-install-recommends \ openssh-server \ @@ -157,12 +157,10 @@ function disable_fsck { # Don't request hostname during boot but set hostname function setup_hostname { + sed -i 's/gethostname()/ubuntu /g' /etc/dhcp/dhclient.conf + sed -i 's/host-name,//g' /etc/dhcp/dhclient.conf echo "ubuntu" > /etc/hostname chmod 644 /etc/hostname - # Set the hostname - - # Prevent cloud-init from changing the hostname - sed -i 's/^preserve_hostname: false/preserve_hostname: true/' /etc/cloud/cloud.cfg } # Set options for the default interface From 0cec887cbf32d194161a8791521471f87521e782 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 1 Apr 2025 21:20:24 -0400 Subject: [PATCH 20/27] chore: remove unused file --- ebssurrogate/scripts/surrogate-bootstrap.sh | 324 -------------------- 1 file changed, 324 deletions(-) delete mode 100755 ebssurrogate/scripts/surrogate-bootstrap.sh diff --git a/ebssurrogate/scripts/surrogate-bootstrap.sh b/ebssurrogate/scripts/surrogate-bootstrap.sh deleted file mode 100755 index ccb108ac6..000000000 --- a/ebssurrogate/scripts/surrogate-bootstrap.sh +++ /dev/null @@ -1,324 +0,0 @@ -#!/usr/bin/env bash -# -# This script creates filesystem and setups up chrooted -# enviroment for further processing. It also runs -# ansible playbook and finally does system cleanup. -# -# Adapted from: https://github.com/jen20/packer-ubuntu-zfs - -set -o errexit -set -o pipefail -set -o xtrace - -if [ $(dpkg --print-architecture) = "amd64" ]; -then - ARCH="amd64"; -else - ARCH="arm64"; -fi - -function waitfor_boot_finished { - export DEBIAN_FRONTEND=noninteractive - - echo "args: ${ARGS}" - # Wait for cloudinit on the surrogate to complete before making progress - while [[ ! -f /var/lib/cloud/instance/boot-finished ]]; do - echo 'Waiting for cloud-init...' - sleep 1 - done -} - -function install_packages { - # Setup Ansible on host VM - apt-get update && sudo apt-get install software-properties-common -y - add-apt-repository --yes --update ppa:ansible/ansible && sudo apt-get install ansible -y - ansible-galaxy collection install community.general - - # Update apt and install required packages - apt-get update - apt-get install -y \ - gdisk \ - e2fsprogs \ - debootstrap \ - nvme-cli -} - -# Partition the new root EBS volume -function create_partition_table { - - if [ "${ARCH}" = "arm64" ]; then - parted --script /dev/xvdf \ - mklabel gpt \ - mkpart UEFI 1MiB 100MiB \ - mkpart ROOT 100MiB 100% - set 1 esp on \ - set 1 boot on - parted --script /dev/xvdf print - else - sgdisk -Zg -n1:0:4095 -t1:EF02 -c1:GRUB -n2:0:0 -t2:8300 -c2:EXT4 /dev/xvdf - fi - - sleep 2 -} - -function device_partition_mappings { - # NVMe EBS launch device mappings (symlinks): /dev/nvme*n* to /dev/xvd* - declare -A blkdev_mappings - for blkdev in $(nvme list | awk '/^\/dev/ { print $1 }'); do # /dev/nvme*n* - # Mapping info from disk headers - header=$(nvme id-ctrl --raw-binary "${blkdev}" | cut -c3073-3104 | tr -s ' ' | sed 's/ $//g' | sed 's!/dev/!!') - mapping="/dev/${header%%[0-9]}" # normalize sda1 => sda - - # Create /dev/xvd* device symlink - if [[ ! -z "$mapping" ]] && [[ -b "${blkdev}" ]] && [[ ! -L "${mapping}" ]]; then - ln -s "$blkdev" "$mapping" - - blkdev_mappings["$blkdev"]="$mapping" - fi - done - - create_partition_table - - # NVMe EBS launch device partition mappings (symlinks): /dev/nvme*n*p* to /dev/xvd*[0-9]+ - declare -A partdev_mappings - for blkdev in "${!blkdev_mappings[@]}"; do # /dev/nvme*n* - mapping="${blkdev_mappings[$blkdev]}" - - # Create /dev/xvd*[0-9]+ partition device symlink - for partdev in "${blkdev}"p*; do - partnum=${partdev##*p} - if [[ ! -L "${mapping}${partnum}" ]]; then - ln -s "${blkdev}p${partnum}" "${mapping}${partnum}" - - partdev_mappings["${blkdev}p${partnum}"]="${mapping}${partnum}" - fi - done - done -} - - -#Download and install latest e2fsprogs for fast_commit feature,if required. -function format_and_mount_rootfs { - mkfs.ext4 -m0.1 /dev/xvdf2 - - mount -o noatime,nodiratime /dev/xvdf2 /mnt - if [ "${ARCH}" = "arm64" ]; then - mkfs.fat -F32 /dev/xvdf1 - mkdir -p /mnt/boot/efi - sleep 2 - mount /dev/xvdf1 /mnt/boot/efi - fi - - mkfs.ext4 /dev/xvdh - mkdir -p /mnt/data - mount -o defaults,discard /dev/xvdh /mnt/data -} - -function create_swapfile { - fallocate -l 1G /mnt/swapfile - chmod 600 /mnt/swapfile - mkswap /mnt/swapfile -} - -function format_build_partition { - mkfs.ext4 -O ^has_journal /dev/xvdc -} -function pull_docker { - apt-get install -y docker.io - docker run -itd --name ccachedata "${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG}" sh - docker exec -itd ccachedata mkdir -p /build/ccache -} - -# Create fstab -function create_fstab { - FMT="%-42s %-11s %-5s %-17s %-5s %s" -cat > "/mnt/etc/fstab" << EOF -$(printf "${FMT}" "# DEVICE UUID" "MOUNTPOINT" "TYPE" "OPTIONS" "DUMP" "FSCK") -$(findmnt -no SOURCE /mnt | xargs blkid -o export | awk -v FMT="${FMT}" '/^UUID=/ { printf(FMT, $0, "/", "ext4", "defaults,discard", "0", "1" ) }') -$(findmnt -no SOURCE /mnt/boot/efi | xargs blkid -o export | awk -v FMT="${FMT}" '/^UUID=/ { printf(FMT, $0, "/boot/efi", "vfat", "umask=0077", "0", "1" ) }') -$(findmnt -no SOURCE /mnt/data | xargs blkid -o export | awk -v FMT="${FMT}" '/^UUID=/ { printf(FMT, $0, "/data", "ext4", "defaults,discard", "0", "2" ) }') -$(printf "$FMT" "/swapfile" "none" "swap" "sw" "0" "0") -EOF - unset FMT -} - -function setup_chroot_environment { - UBUNTU_VERSION=$(lsb_release -cs) # 'noble' for Ubuntu 24.04 - - # Bootstrap Ubuntu into /mnt - debootstrap --arch ${ARCH} --variant=minbase "$UBUNTU_VERSION" /mnt - - # Update ec2-region - REGION=$(curl --silent --fail http://169.254.169.254/latest/meta-data/placement/availability-zone | sed -E 's|[a-z]+$||g') - sed -i "s/REGION/${REGION}/g" /tmp/sources.list - cp /tmp/sources.list /mnt/etc/apt/sources.list - - if [ "${ARCH}" = "arm64" ]; then - create_fstab - fi - - # Create mount points and mount the filesystem - mkdir -p /mnt/{dev,proc,sys} - mount --rbind /dev /mnt/dev - mount --rbind /proc /mnt/proc - mount --rbind /sys /mnt/sys - - # Create build mount point and mount - mkdir -p /mnt/tmp - mount /dev/xvdc /mnt/tmp - chmod 777 /mnt/tmp - - # Copy apparmor profiles - chmod 644 /tmp/apparmor_profiles/* - cp -r /tmp/apparmor_profiles /mnt/tmp/ - - # Copy migrations - cp -r /tmp/migrations /mnt/tmp/ - - # Copy unit tests - cp -r /tmp/unit-tests /mnt/tmp/ - - # Copy the bootstrap script into place and execute inside chroot - cp /tmp/chroot-bootstrap.sh /mnt/tmp/chroot-bootstrap.sh - chroot /mnt /tmp/chroot-bootstrap.sh - rm -f /mnt/tmp/chroot-bootstrap.sh - echo "${POSTGRES_SUPABASE_VERSION}" > /mnt/root/supabase-release - - # Copy the nvme identification script into /sbin inside the chroot - mkdir -p /mnt/sbin - cp /tmp/ebsnvme-id /mnt/sbin/ebsnvme-id - chmod +x /mnt/sbin/ebsnvme-id - - # Copy the udev rules for identifying nvme devices into the chroot - mkdir -p /mnt/etc/udev/rules.d - cp /tmp/70-ec2-nvme-devices.rules \ - /mnt/etc/udev/rules.d/70-ec2-nvme-devices.rules - - #Copy custom cloud-init - rm -f /mnt/etc/cloud/cloud.cfg - cp /tmp/cloud.cfg /mnt/etc/cloud/cloud.cfg - - sleep 2 -} - -function download_ccache { - docker cp ccachedata:/build/ccache/. /mnt/tmp/ccache -} - -function execute_playbook { - -tee /etc/ansible/ansible.cfg < Date: Wed, 2 Apr 2025 14:59:05 -0400 Subject: [PATCH 21/27] chore: make command non-interactive --- ebssurrogate/scripts/chroot-bootstrap-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ebssurrogate/scripts/chroot-bootstrap-nix.sh b/ebssurrogate/scripts/chroot-bootstrap-nix.sh index cda6bd2aa..bf14cb9eb 100755 --- a/ebssurrogate/scripts/chroot-bootstrap-nix.sh +++ b/ebssurrogate/scripts/chroot-bootstrap-nix.sh @@ -58,7 +58,7 @@ function update_install_packages { apt-get upgrade -y # Install OpenSSH and other packages - sudo add-apt-repository universe + sudo add-apt-repository --yes universe apt-get update apt-get install -y --no-install-recommends \ openssh-server \ From ce3b45a399161a3a23663f6db4b97449a9fb125b Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 2 Apr 2025 15:05:04 -0400 Subject: [PATCH 22/27] chore: readme script --- nix/tools/update_readme.nu | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/tools/update_readme.nu b/nix/tools/update_readme.nu index bfb46ab0a..b19c266a3 100755 --- a/nix/tools/update_readme.nu +++ b/nix/tools/update_readme.nu @@ -153,7 +153,7 @@ def update_readme [] { # Update Primary Features section let features_content = [ ($pg_versions | each {|version| create_version_link $version} | str join "\n") - "- ✅ Ubuntu 20.04 (Focal Fossa)." + "- ✅ Ubuntu 24.04 (Noble Numbat)." "- ✅ [wal_level](https://www.postgresql.org/docs/current/runtime-config-wal.html) = logical and [max_replication_slots](https://www.postgresql.org/docs/current/runtime-config-replication.html) = 5. Ready for replication." "- ✅ [Large Systems Extensions](https://github.com/aws/aws-graviton-getting-started#building-for-graviton-and-graviton2). Enabled for ARM images." ] From d33180613fc7669deee62d4f85b3a71f4bd69e13 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 2 Apr 2025 16:21:31 -0400 Subject: [PATCH 23/27] chore: ubuntu 24.04 has moved to use networkd and netplan by default, ... rather than the traditional dhclient.conf approach. --- ebssurrogate/scripts/chroot-bootstrap-nix.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/ebssurrogate/scripts/chroot-bootstrap-nix.sh b/ebssurrogate/scripts/chroot-bootstrap-nix.sh index bf14cb9eb..13a101915 100755 --- a/ebssurrogate/scripts/chroot-bootstrap-nix.sh +++ b/ebssurrogate/scripts/chroot-bootstrap-nix.sh @@ -157,10 +157,19 @@ function disable_fsck { # Don't request hostname during boot but set hostname function setup_hostname { - sed -i 's/gethostname()/ubuntu /g' /etc/dhcp/dhclient.conf - sed -i 's/host-name,//g' /etc/dhcp/dhclient.conf + # Set the static hostname echo "ubuntu" > /etc/hostname chmod 644 /etc/hostname + # Update netplan configuration to not send hostname + cat << EOF > /etc/netplan/01-hostname.yaml +network: + version: 2 + ethernets: + eth0: + dhcp4: true + dhcp4-overrides: + send-hostname: false +EOF } # Set options for the default interface From adedd8c7f5c72a05ac66c71eecbf55fcbcbe5d67 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Mon, 7 Apr 2025 09:09:35 -0400 Subject: [PATCH 24/27] chore: update README --- README.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 608de9844..74a2ae486 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to ## Primary Features - ✅ Postgres [postgresql-15.8](https://www.postgresql.org/docs/15/index.html) - ✅ Postgres [postgresql-17.4](https://www.postgresql.org/docs/17/index.html) -- ✅ Postgres [orioledb-postgresql-17_5](https://github.com/orioledb/orioledb) +- ✅ Postgres [orioledb-postgresql-17_6](https://github.com/orioledb/orioledb) - ✅ Ubuntu 24.04 (Noble Numbat). - ✅ [wal_level](https://www.postgresql.org/docs/current/runtime-config-wal.html) = logical and [max_replication_slots](https://www.postgresql.org/docs/current/runtime-config-replication.html) = 5. Ready for replication. - ✅ [Large Systems Extensions](https://github.com/aws/aws-graviton-getting-started#building-for-graviton-and-graviton2). Enabled for ARM images. @@ -42,7 +42,7 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to | [supabase-wrappers](https://github.com/supabase/wrappers/archive/v0.4.5.tar.gz) | [0.4.5](https://github.com/supabase/wrappers/archive/v0.4.5.tar.gz) | Various Foreign Data Wrappers (FDWs) for PostreSQL | | [supautils](https://github.com/supabase/supautils/archive/refs/tags/v2.6.0.tar.gz) | [2.6.0](https://github.com/supabase/supautils/archive/refs/tags/v2.6.0.tar.gz) | PostgreSQL extension for enhanced security | | [timescaledb-apache](https://github.com/timescale/timescaledb/archive/2.16.1.tar.gz) | [2.16.1](https://github.com/timescale/timescaledb/archive/2.16.1.tar.gz) | Scales PostgreSQL for time-series data via automatic partitioning across time and space | -| [vault](https://github.com/supabase/vault/archive/refs/tags/v0.2.9.tar.gz) | [0.2.9](https://github.com/supabase/vault/archive/refs/tags/v0.2.9.tar.gz) | Store encrypted secrets in PostgreSQL | +| [vault](https://github.com/supabase/vault/archive/refs/tags/v0.3.1.tar.gz) | [0.3.1](https://github.com/supabase/vault/archive/refs/tags/v0.3.1.tar.gz) | Store encrypted secrets in PostgreSQL | | [wal2json](https://github.com/eulerto/wal2json/archive/wal2json_2_6.tar.gz) | [2_6](https://github.com/eulerto/wal2json/archive/wal2json_2_6.tar.gz) | PostgreSQL JSON output plugin for changeset extraction | ### PostgreSQL 17 Extensions @@ -51,7 +51,6 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to | [hypopg](https://github.com/HypoPG/hypopg/archive/refs/tags/1.4.1.tar.gz) | [1.4.1](https://github.com/HypoPG/hypopg/archive/refs/tags/1.4.1.tar.gz) | Hypothetical Indexes for PostgreSQL | | [index_advisor](https://github.com/olirice/index_advisor/archive/v0.2.0.tar.gz) | [0.2.0](https://github.com/olirice/index_advisor/archive/v0.2.0.tar.gz) | Recommend indexes to improve query performance in PostgreSQL | | [pg-safeupdate](https://github.com/eradman/pg-safeupdate/archive/1.4.tar.gz) | [1.4](https://github.com/eradman/pg-safeupdate/archive/1.4.tar.gz) | A simple extension to PostgreSQL that requires criteria for UPDATE and DELETE | -| [pg_backtrace](https://github.com/pashkinelfe/pg_backtrace/archive/d100bac815a7365e199263f5b3741baf71b14c70.tar.gz) | [1.1](https://github.com/pashkinelfe/pg_backtrace/archive/d100bac815a7365e199263f5b3741baf71b14c70.tar.gz) | Updated fork of pg_backtrace | | [pg_cron](https://github.com/citusdata/pg_cron/archive/v1.6.4.tar.gz) | [1.6.4](https://github.com/citusdata/pg_cron/archive/v1.6.4.tar.gz) | Run Cron jobs through PostgreSQL | | [pg_graphql](https://github.com/supabase/pg_graphql/archive/v1.5.11.tar.gz) | [1.5.11](https://github.com/supabase/pg_graphql/archive/v1.5.11.tar.gz) | GraphQL support for PostreSQL | | [pg_hashids](https://github.com/iCyberon/pg_hashids/archive/cd0e1b31d52b394a0df64079406a14a4f7387cd6.tar.gz) | [cd0e1b31d52b394a0df64079406a14a4f7387cd6](https://github.com/iCyberon/pg_hashids/archive/cd0e1b31d52b394a0df64079406a14a4f7387cd6.tar.gz) | Generate short unique IDs in PostgreSQL | @@ -72,9 +71,9 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to | [plpgsql-check](https://github.com/okbob/plpgsql_check/archive/v2.7.11.tar.gz) | [2.7.11](https://github.com/okbob/plpgsql_check/archive/v2.7.11.tar.gz) | Linter tool for language PL/pgSQL | | [postgis](https://download.osgeo.org/postgis/source/postgis-3.3.7.tar.gz) | [3.3.7](https://download.osgeo.org/postgis/source/postgis-3.3.7.tar.gz) | Geographic Objects for PostgreSQL | | [rum](https://github.com/postgrespro/rum/archive/1.3.14.tar.gz) | [1.3.14](https://github.com/postgrespro/rum/archive/1.3.14.tar.gz) | Full text search index method for PostgreSQL | -| [supabase-wrappers](https://github.com/supabase/wrappers/archive/v0.4.4.tar.gz) | [0.4.4](https://github.com/supabase/wrappers/archive/v0.4.4.tar.gz) | Various Foreign Data Wrappers (FDWs) for PostreSQL | +| [supabase-wrappers](https://github.com/supabase/wrappers/archive/v0.4.5.tar.gz) | [0.4.5](https://github.com/supabase/wrappers/archive/v0.4.5.tar.gz) | Various Foreign Data Wrappers (FDWs) for PostreSQL | | [supautils](https://github.com/supabase/supautils/archive/refs/tags/v2.6.0.tar.gz) | [2.6.0](https://github.com/supabase/supautils/archive/refs/tags/v2.6.0.tar.gz) | PostgreSQL extension for enhanced security | -| [vault](https://github.com/supabase/vault/archive/refs/tags/v0.2.9.tar.gz) | [0.2.9](https://github.com/supabase/vault/archive/refs/tags/v0.2.9.tar.gz) | Store encrypted secrets in PostgreSQL | +| [vault](https://github.com/supabase/vault/archive/refs/tags/v0.3.1.tar.gz) | [0.3.1](https://github.com/supabase/vault/archive/refs/tags/v0.3.1.tar.gz) | Store encrypted secrets in PostgreSQL | | [wal2json](https://github.com/eulerto/wal2json/archive/wal2json_2_6.tar.gz) | [2_6](https://github.com/eulerto/wal2json/archive/wal2json_2_6.tar.gz) | PostgreSQL JSON output plugin for changeset extraction | ### PostgreSQL orioledb-17 Extensions @@ -82,7 +81,7 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to | ------------- | :-------------: | ------------- | | [hypopg](https://github.com/HypoPG/hypopg/archive/refs/tags/1.4.1.tar.gz) | [1.4.1](https://github.com/HypoPG/hypopg/archive/refs/tags/1.4.1.tar.gz) | Hypothetical Indexes for PostgreSQL | | [index_advisor](https://github.com/olirice/index_advisor/archive/v0.2.0.tar.gz) | [0.2.0](https://github.com/olirice/index_advisor/archive/v0.2.0.tar.gz) | Recommend indexes to improve query performance in PostgreSQL | -| [orioledb](https://github.com/orioledb/orioledb/archive/beta9.tar.gz) | [orioledb](https://github.com/orioledb/orioledb/archive/beta9.tar.gz) | orioledb | +| [orioledb](https://github.com/orioledb/orioledb/archive/beta10.tar.gz) | [orioledb](https://github.com/orioledb/orioledb/archive/beta10.tar.gz) | orioledb | | [pg-safeupdate](https://github.com/eradman/pg-safeupdate/archive/1.4.tar.gz) | [1.4](https://github.com/eradman/pg-safeupdate/archive/1.4.tar.gz) | A simple extension to PostgreSQL that requires criteria for UPDATE and DELETE | | [pg_cron](https://github.com/citusdata/pg_cron/archive/v1.6.4.tar.gz) | [1.6.4](https://github.com/citusdata/pg_cron/archive/v1.6.4.tar.gz) | Run Cron jobs through PostgreSQL | | [pg_graphql](https://github.com/supabase/pg_graphql/archive/v1.5.11.tar.gz) | [1.5.11](https://github.com/supabase/pg_graphql/archive/v1.5.11.tar.gz) | GraphQL support for PostreSQL | @@ -106,7 +105,7 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to | [rum](https://github.com/postgrespro/rum/archive/1.3.14.tar.gz) | [1.3.14](https://github.com/postgrespro/rum/archive/1.3.14.tar.gz) | Full text search index method for PostgreSQL | | [supabase-wrappers](https://github.com/supabase/wrappers/archive/v0.4.5.tar.gz) | [0.4.5](https://github.com/supabase/wrappers/archive/v0.4.5.tar.gz) | Various Foreign Data Wrappers (FDWs) for PostreSQL | | [supautils](https://github.com/supabase/supautils/archive/refs/tags/v2.6.0.tar.gz) | [2.6.0](https://github.com/supabase/supautils/archive/refs/tags/v2.6.0.tar.gz) | PostgreSQL extension for enhanced security | -| [vault](https://github.com/supabase/vault/archive/refs/tags/v0.2.9.tar.gz) | [0.2.9](https://github.com/supabase/vault/archive/refs/tags/v0.2.9.tar.gz) | Store encrypted secrets in PostgreSQL | +| [vault](https://github.com/supabase/vault/archive/refs/tags/v0.3.1.tar.gz) | [0.3.1](https://github.com/supabase/vault/archive/refs/tags/v0.3.1.tar.gz) | Store encrypted secrets in PostgreSQL | | [wal2json](https://github.com/eulerto/wal2json/archive/wal2json_2_6.tar.gz) | [2_6](https://github.com/eulerto/wal2json/archive/wal2json_2_6.tar.gz) | PostgreSQL JSON output plugin for changeset extraction | ## Additional Goodies *This is only available for our AWS EC2* @@ -158,4 +157,4 @@ TODO: find way to automate this We are building the features of Firebase using enterprise-grade, open source products. We support existing communities wherever possible, and if the products don’t exist we build them and open source them ourselves. -[![New Sponsor](https://user-images.githubusercontent.com/10214025/90518111-e74bbb00-e198-11ea-8f88-c9e3c1aa4b5b.png)](https://github.com/sponsors/supabase) +[![New Sponsor](https://user-images.githubusercontent.com/10214025/90518111-e74bbb00-e198-11ea-8f88-c9e3c1aa4b5b.png)](https://github.com/sponsors/supabase) \ No newline at end of file From 1a7c45570fcc53a35b27aea915f1a2c76c6242af Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 9 Apr 2025 13:48:22 -0400 Subject: [PATCH 25/27] chore: bump versions for staging release/testing --- ansible/vars.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index cf0a4893b..98d2683b9 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -33,16 +33,16 @@ salt_minion_version: 3007 golang_version: "1.22.11" golang_version_checksum: - arm64: sha256:9ebfcab26801fa4cf0627c6439db7a4da4d3c6766142a3dd83508240e4f21031 - amd64: sha256:0fc88d966d33896384fbde56e9a8d80a305dc17a9f48f1832e061724b1719991 + arm64: sha256:0fc88d966d33896384fbde56e9a8d80a305dc17a9f48f1832e061724b1719991 + amd64: sha256:9ebfcab26801fa4cf0627c6439db7a4da4d3c6766142a3dd83508240e4f21031 envoy_release: 1.28.0 envoy_release_checksum: sha1:b0a06e9cfb170f1993f369beaa5aa9d7ec679ce5 envoy_hot_restarter_release_checksum: sha1:6d43b89d266fb2427a4b51756b649883b0617eda -kong_release_target: focal -kong_deb: kong_2.8.1_arm64.deb -kong_deb_checksum: sha1:2086f6ccf8454fe64435252fea4d29d736d7ec61 +kong_release_target: noble +kong_deb: kong_3.9.0_arm64.deb +kong_deb_checksum: sha1:f458c8b183f79cffae4cd84c989cea4a4ecaaaba nginx_release: 1.22.0 nginx_release_checksum: sha1:419efb77b80f165666e2ee406ad8ae9b845aba93 From a4b3f81464733c3f1de4a7d11efdbc29d17b8e69 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 9 Apr 2025 15:07:16 -0400 Subject: [PATCH 26/27] chore: keep kong pinned to this version, was not meant to change --- ansible/vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 98d2683b9..839988b5d 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -40,9 +40,9 @@ envoy_release: 1.28.0 envoy_release_checksum: sha1:b0a06e9cfb170f1993f369beaa5aa9d7ec679ce5 envoy_hot_restarter_release_checksum: sha1:6d43b89d266fb2427a4b51756b649883b0617eda -kong_release_target: noble -kong_deb: kong_3.9.0_arm64.deb -kong_deb_checksum: sha1:f458c8b183f79cffae4cd84c989cea4a4ecaaaba +kong_release_target: focal +kong_deb: kong_2.8.1_arm64.deb +kong_deb_checksum: sha1:2086f6ccf8454fe64435252fea4d29d736d7ec61 nginx_release: 1.22.0 nginx_release_checksum: sha1:419efb77b80f165666e2ee406ad8ae9b845aba93 From 721651d7292786566fe78905b37e62b5eebe0815 Mon Sep 17 00:00:00 2001 From: Div Arora Date: Wed, 9 Apr 2025 11:16:58 +0800 Subject: [PATCH 27/27] chore: update qemu artifact to noble base Also makes the VM artifact release agnostic. --- .github/workflows/qemu-image-build.yml | 9 --------- Dockerfile-kubernetes | 2 +- Makefile | 4 ---- qemu-arm64-nix.pkr.hcl | 4 ++-- scripts/90-cleanup-qemu.sh | 3 --- 5 files changed, 3 insertions(+), 19 deletions(-) diff --git a/.github/workflows/qemu-image-build.yml b/.github/workflows/qemu-image-build.yml index a2fd4b000..b484bf562 100644 --- a/.github/workflows/qemu-image-build.yml +++ b/.github/workflows/qemu-image-build.yml @@ -98,15 +98,6 @@ jobs: VERSION=$(cat common-nix.vars.pkr.hcl | sed -e 's/postgres-version = "\(.*\)"/\1/g') echo "version=$VERSION" >> $GITHUB_OUTPUT - # - name: Create nix flake revision tarball - # run: | - # GIT_SHA=${{github.sha}} - # MAJOR_VERSION=${{ env.POSTGRES_MAJOR_VERSION }} - - # mkdir -p "/tmp/pg_upgrade_bin/${MAJOR_VERSION}" - # echo "$GIT_SHA" >> "/tmp/pg_upgrade_bin/${MAJOR_VERSION}/nix_flake_version" - # tar -czf "/tmp/pg_binaries.tar.gz" -C "/tmp/pg_upgrade_bin" . - - name: configure aws credentials - staging uses: aws-actions/configure-aws-credentials@v4 with: diff --git a/Dockerfile-kubernetes b/Dockerfile-kubernetes index a1a39e498..5c69f6aa8 100644 --- a/Dockerfile-kubernetes +++ b/Dockerfile-kubernetes @@ -1,6 +1,6 @@ FROM alpine:3.21 -ADD ./output-cloudimg/packer-cloudimg /disk/focal.qcow2 +ADD ./output-cloudimg/packer-cloudimg /disk/image.qcow2 RUN apk add --no-cache qemu-system-aarch64 qemu-img openssh-client nftables cloud-utils-localds aavmf virtiofsd # dev stuff diff --git a/Makefile b/Makefile index 5bef8a430..96a4925ef 100644 --- a/Makefile +++ b/Makefile @@ -7,10 +7,6 @@ init: qemu-arm64-nix.pkr.hcl output-cloudimg/packer-cloudimg: ansible qemu-arm64-nix.pkr.hcl packer build -var "git_sha=$(UPSTREAM_NIX_GIT_SHA)" qemu-arm64-nix.pkr.hcl -disk/focal-raw.img: output-cloudimg/packer-cloudimg - mkdir -p disk - sudo qemu-img convert -O raw output-cloudimg/packer-cloudimg disk/focal-raw.img - alpine-image: output-cloudimg/packer-cloudimg sudo nerdctl build . -t supabase-postgres-test:$(GIT_SHA) -f ./Dockerfile-kubernetes diff --git a/qemu-arm64-nix.pkr.hcl b/qemu-arm64-nix.pkr.hcl index 192796205..352ae5c38 100644 --- a/qemu-arm64-nix.pkr.hcl +++ b/qemu-arm64-nix.pkr.hcl @@ -74,8 +74,8 @@ source "qemu" "cloudimg" { format = "qcow2" headless = true http_directory = "http" - iso_checksum = "file:https://cloud-images.ubuntu.com/focal/current/SHA256SUMS" - iso_url = "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-arm64.img" + iso_checksum = "file:https://cloud-images.ubuntu.com/noble/current/SHA256SUMS" + iso_url = "https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-arm64.img" memory = 40000 qemu_binary = "qemu-system-aarch64" qemuargs = [ diff --git a/scripts/90-cleanup-qemu.sh b/scripts/90-cleanup-qemu.sh index d6c6ade05..c70c1d246 100644 --- a/scripts/90-cleanup-qemu.sh +++ b/scripts/90-cleanup-qemu.sh @@ -24,10 +24,8 @@ elif [ -n "$(command -v apt-get)" ]; then autoconf \ autotools-dev \ cmake-data \ - cpp-8 \ cpp-9 \ cpp-10 \ - gcc-8 \ gcc-9 \ gcc-10 \ git \ @@ -43,7 +41,6 @@ elif [ -n "$(command -v apt-get)" ]; then add-apt-repository --yes --remove ppa:ansible/ansible source /etc/os-release - apt-get -y remove --purge linux-headers-5.11.0-1021-aws apt-get -y update apt-get -y upgrade