chore: introduce tooling for pg 17.2 non-orioledb

.github/workflows/test.yml

@@ -76,7 +76,7 @@ jobs:
           echo "EOF" >> $GITHUB_OUTPUT
       - name: verify schema.sql is committed
         run: |
-          nix run github:supabase/postgres/${{ github.sha }}#dbmate-tool -- --version ${{ env.PGMAJOR }}
+          nix run github:supabase/postgres/${{ github.sha }}#dbmate-tool -- --version ${{ env.PGMAJOR }} --flake-url "."
           if ! git diff --exit-code --quiet migrations/schema-${{ env.PGMAJOR }}.sql; then
             echo "Detected changes in schema.sql:"
             git diff migrations/schema-${{ env.PGMAJOR }}.sql

Dockerfile-17

@@ -0,0 +1,229 @@
+# syntax=docker/dockerfile:1.6
+ARG postgresql_major=17-orioledb
+ARG postgresql_release=${postgresql_major}.1
+
+# Bump default build arg to build a package from source
+# Bump vars.yml to specify runtime package version
+ARG sfcgal_release=1.3.10
+ARG postgis_release=3.3.2
+ARG pgrouting_release=3.4.1
+ARG pgtap_release=1.2.0
+ARG pg_cron_release=1.6.2
+ARG pgaudit_release=1.7.0
+ARG pgjwt_release=9742dab1b2f297ad3811120db7b21451bca2d3c9
+ARG pgsql_http_release=1.5.0
+ARG plpgsql_check_release=2.2.5
+ARG pg_safeupdate_release=1.4
+ARG timescaledb_release=2.9.1
+ARG wal2json_release=2_5
+ARG pljava_release=1.6.4
+ARG plv8_release=3.1.5
+ARG pg_plan_filter_release=5081a7b5cb890876e67d8e7486b6a64c38c9a492
+ARG pg_net_release=0.7.1
+ARG rum_release=1.3.13
+ARG pg_hashids_release=cd0e1b31d52b394a0df64079406a14a4f7387cd6
+ARG libsodium_release=1.0.18
+ARG pgsodium_release=3.1.6
+ARG pg_graphql_release=1.5.1
+ARG pg_stat_monitor_release=1.1.1
+ARG pg_jsonschema_release=0.1.4
+ARG pg_repack_release=1.4.8
+ARG vault_release=0.2.8
+ARG groonga_release=12.0.8
+ARG pgroonga_release=2.4.0
+ARG wrappers_release=0.3.0
+ARG hypopg_release=1.3.1
+ARG pgvector_release=0.4.0
+ARG pg_tle_release=1.3.2
+ARG index_advisor_release=0.2.0
+ARG supautils_release=2.2.0
+ARG wal_g_release=2.0.1
+
+FROM ubuntu:focal as base
+
+RUN apt update -y && apt install -y \
+    curl \
+    gnupg \
+    lsb-release \
+    software-properties-common \
+    wget \
+    sudo \
+    tree \
+    && apt clean
+
+
+RUN adduser --system  --home /var/lib/postgresql --no-create-home --shell /bin/bash --group --gecos "PostgreSQL administrator" postgres
+RUN adduser --system  --no-create-home --shell /bin/bash --group  wal-g
+RUN curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux \
+--init none \
+--no-confirm \
+--extra-conf "substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com" \
+--extra-conf "trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=% cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+
+ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin"
+
+COPY . /nixpg
+
+WORKDIR /nixpg
+
+RUN nix profile install .#psql_orioledb-17/bin 
+
+
+
+WORKDIR /
+
+
+RUN mkdir -p /usr/lib/postgresql/bin \
+    /usr/lib/postgresql/share/postgresql \
+    /usr/share/postgresql \
+    /var/lib/postgresql \
+    && chown -R postgres:postgres /usr/lib/postgresql \
+    && chown -R postgres:postgres /var/lib/postgresql \
+    && chown -R postgres:postgres /usr/share/postgresql
+
+# Create symbolic links
+RUN ln -s /nix/var/nix/profiles/default/bin/* /usr/lib/postgresql/bin/ \
+    && ln -s /nix/var/nix/profiles/default/bin/* /usr/bin/ \
+    && chown -R postgres:postgres /usr/bin
+
+# Create symbolic links for PostgreSQL shares
+RUN ln -s /nix/var/nix/profiles/default/share/postgresql/* /usr/lib/postgresql/share/postgresql/
+RUN ln -s /nix/var/nix/profiles/default/share/postgresql/* /usr/share/postgresql/
+RUN chown -R postgres:postgres /usr/lib/postgresql/share/postgresql/
+RUN chown -R postgres:postgres /usr/share/postgresql/ 
+# Create symbolic links for contrib directory
+RUN tree /nix > /tmp/tree.txt && cat /tmp/tree.txt && cat /tmp/tree.txt >&2
+
+RUN chown -R postgres:postgres /usr/lib/postgresql
+
+RUN ln -sf /usr/lib/postgresql/share/postgresql/timezonesets /usr/share/postgresql/timezonesets
+
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends tzdata
+
+RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime && \
+    dpkg-reconfigure --frontend noninteractive tzdata
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+    build-essential \
+    checkinstall \
+    cmake 
+
+ENV PGDATA=/var/lib/postgresql/data
+
+####################
+# setup-wal-g.yml
+####################
+FROM base as walg
+ARG wal_g_release
+# ADD "https://github.com/wal-g/wal-g/releases/download/v${wal_g_release}/wal-g-pg-ubuntu-20.04-${TARGETARCH}.tar.gz" /tmp/wal-g.tar.gz
+RUN arch=$([ "$TARGETARCH" = "arm64" ] && echo "aarch64" || echo "$TARGETARCH") && \
+    apt-get update && apt-get install -y --no-install-recommends curl && \
+    curl -kL "https://github.com/wal-g/wal-g/releases/download/v${wal_g_release}/wal-g-pg-ubuntu-20.04-aarch64.tar.gz" -o /tmp/wal-g.tar.gz && \
+    tar -xvf /tmp/wal-g.tar.gz -C /tmp && \
+    rm -rf /tmp/wal-g.tar.gz && \
+    mv /tmp/wal-g-pg-ubuntu*20.04-aarch64 /tmp/wal-g
+
+# ####################
+# # Download gosu for easy step-down from root
+# ####################
+FROM base as gosu
+ARG TARGETARCH
+# Install dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+   gnupg \
+   ca-certificates \
+   && rm -rf /var/lib/apt/lists/*
+# Download binary
+ARG GOSU_VERSION=1.16
+ARG GOSU_GPG_KEY=B42F6819007F00F88E364FD4036A9C25BF357DD4
+ADD https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$TARGETARCH \
+    /usr/local/bin/gosu
+ADD https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$TARGETARCH.asc \
+    /usr/local/bin/gosu.asc
+# Verify checksum
+RUN gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $GOSU_GPG_KEY && \
+    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \
+    gpgconf --kill all && \
+    chmod +x /usr/local/bin/gosu
+
+# ####################
+# # Build final image
+# ####################
+FROM gosu as production
+RUN id postgres || (echo "postgres user does not exist" && exit 1)
+# # Setup extensions
+COPY --from=walg /tmp/wal-g /usr/local/bin/
+
+# # Initialise configs
+COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql.conf.j2 /etc/postgresql/postgresql.conf
+COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_hba.conf.j2 /etc/postgresql/pg_hba.conf
+COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_ident.conf.j2 /etc/postgresql/pg_ident.conf
+COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout-log.conf /etc/postgresql/logging.conf
+COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf
+COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts
+COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh
+COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf.j2 /etc/postgresql-custom/read-replica.conf
+COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf.j2 /etc/postgresql-custom/wal-g.conf
+COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh
+COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh
+
+RUN sed -i \
+    -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \
+    -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \
+    -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \
+    -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \
+    echo "cron.database_name = 'postgres'" >> /etc/postgresql/postgresql.conf && \
+    #echo "pljava.libjvm_location = '/usr/lib/jvm/java-11-openjdk-${TARGETARCH}/lib/server/libjvm.so'" >> /etc/postgresql/postgresql.conf && \
+    echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
+    echo 'auto_explain.log_min_duration = 10s' >> /etc/postgresql/postgresql.conf && \
+    usermod -aG postgres wal-g && \
+    mkdir -p /etc/postgresql-custom && \
+    chown postgres:postgres /etc/postgresql-custom
+
+    # Remove items from postgresql.conf
+RUN sed -i 's/ timescaledb,//g;' "/etc/postgresql/postgresql.conf" 
+    #as of pg 16.4 + this db_user_namespace totally deprecated and will break the server if setting is present
+RUN sed -i 's/db_user_namespace = off/#db_user_namespace = off/g;' "/etc/postgresql/postgresql.conf" 
+RUN sed -i 's/ timescaledb,//g; s/ plv8,//g' "/etc/postgresql-custom/supautils.conf" 
+
+
+
+# # Include schema migrations
+COPY migrations/db /docker-entrypoint-initdb.d/
+COPY ansible/files/pgbouncer_config/pgbouncer_auth_schema.sql /docker-entrypoint-initdb.d/init-scripts/00-schema.sql
+COPY ansible/files/stat_extension.sql /docker-entrypoint-initdb.d/migrations/00-extension.sql
+
+# # Add upstream entrypoint script
+COPY --from=gosu /usr/local/bin/gosu /usr/local/bin/gosu
+ADD --chmod=0755 \
+    https://github.com/docker-library/postgres/raw/master/17/bullseye/docker-entrypoint.sh \
+    /usr/local/bin/
+
+RUN mkdir -p /var/run/postgresql && chown postgres:postgres /var/run/postgresql
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+HEALTHCHECK --interval=2s --timeout=2s --retries=10 CMD pg_isready -U postgres -h localhost
+STOPSIGNAL SIGINT
+EXPOSE 5432
+
+ENV POSTGRES_HOST=/var/run/postgresql
+ENV POSTGRES_USER=supabase_admin
+ENV POSTGRES_DB=postgres
+ENV POSTGRES_INITDB_ARGS="--allow-group-access --locale-provider=icu --encoding=UTF-8 --icu-locale=en_US.UTF-8"
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    locales \
+    && rm -rf /var/lib/apt/lists/* && \
+    localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 \
+    && localedef -i C -c -f UTF-8 -A /usr/share/locale/locale.alias C.UTF-8 
+RUN echo "C.UTF-8 UTF-8" > /etc/locale.gen && echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US:en
+ENV LC_ALL en_US.UTF-8
+ENV LC_CTYPE=C.UTF-8
+ENV LC_COLLATE=C.UTF-8
+ENV LOCALE_ARCHIVE /usr/lib/locale/locale-archive
+CMD ["postgres", "-D", "/etc/postgresql"]

ansible/tasks/setup-postgres.yml

@@ -208,7 +208,8 @@
   block:
     - name: Check if psql_version is psql_orioledb
       set_fact:
-        is_psql_oriole: "{{ psql_version in ['psql_orioledb-16', 'psql_orioledb-17'] }}"
+        is_psql_oriole: "{{ psql_version in ['psql_orioledb-17'] }}"
+        is_psql_17: "{{ psql_version in ['psql_17'] }}"
 
     - name: Initialize the database stage2_nix (non-orioledb)
       become: yes
@@ -224,7 +225,7 @@
         LOCALE_ARCHIVE: /usr/lib/locale/locale-archive
       vars:
         ansible_command_timeout: 60
-      when: stage2_nix and not is_psql_oriole
+      when: stage2_nix and not is_psql_oriole and not is_psql_17
 
     - name: Initialize the database stage2_nix (orioledb)
       become: yes
@@ -246,7 +247,7 @@
         LOCALE_ARCHIVE: /usr/lib/locale/locale-archive
       vars:
         ansible_command_timeout: 60
-      when: stage2_nix and is_psql_oriole
+      when: stage2_nix and is_psql_oriole or is_psql_17
 
 - name: copy PG systemd unit
   template:

ansible/tasks/stage2-setup-postgres.yml

@@ -6,32 +6,36 @@
 
 - name: Check psql_version and modify supautils.conf and postgresql.conf if necessary
   block:
-    - name: Check if psql_version is psql_orioledb-16
+    - name: Check if psql_version is psql_orioledb-17
       set_fact:
-        is_psql_oriole: "{{ psql_version in ['psql_orioledb-16', 'psql_orioledb-17'] }}"
+        is_psql_oriole: "{{ psql_version in ['psql_orioledb-17'] }}"
 
-    - name: Remove specified extensions from postgresql.conf if oriole-16 build
+    - name: Check if psql_version is psql_17
+      set_fact:
+        is_psql_17: "{{ psql_version in ['psql_17'] }}"
+
+    - name: Remove specified extensions from postgresql.conf if orioledb-17 or 17 build
       ansible.builtin.command:
         cmd: >
           sed -i 's/ timescaledb,//g' 
           /etc/postgresql/postgresql.conf
-      when: is_psql_oriole and stage2_nix
+      when: is_psql_oriole or is_psql_17 and stage2_nix 
       become: yes
 
-    - name: Remove specified extensions from supautils.conf if oriole-16 build
+    - name: Remove specified extensions from supautils.conf if orioledb-17 or 17 build
       ansible.builtin.command:
         cmd: >
-          sed -i 's/ timescaledb,//g; s/ vector,//g; s/ plv8,//g; s/ postgis,//g; s/ pgrouting,//g' 
+          sed -i 's/ timescaledb,//g; s/ plv8,//g' 
           /etc/postgresql-custom/supautils.conf
-      when: is_psql_oriole and stage2_nix
+      when: is_psql_oriole or is_psql_17 and stage2_nix
       become: yes
 
-    - name: Remove db_user_namespace from postgresql.conf if oriole-xx build
+    - name: Remove db_user_namespace from postgresql.conf if orioledb-17 or 17 build
       ansible.builtin.command:
         cmd: >
           sed -i 's/db_user_namespace = off/#db_user_namespace = off/g;' 
           /etc/postgresql/postgresql.conf
-      when: is_psql_oriole and stage2_nix
+      when: is_psql_oriole or is_psql_17 and stage2_nix
       become: yes
 
     - name: Append orioledb to shared_preload_libraries append within closing quote
@@ -153,15 +157,6 @@
     group: postgres
   when: stage2_nix
 
-# - name: Ensure /usr/lib/postgresql/share/postgresql/pljava directory exists
-#   file:
-#     path: /usr/lib/postgresql/share/postgresql/pljava
-#     state: directory
-#     owner: postgres
-#     group: postgres
-#   when: stage2_nix
-# It was decided to leave pljava disabled at https://github.com/supabase/postgres/pull/690 therefore removing this task
-
 - name: import pgsodium_getkey script
   template:
     src: /tmp/ansible-playbook/ansible/files/pgsodium_getkey_readonly.sh.j2
@@ -214,16 +209,6 @@
   become: yes
   when: stage2_nix
 
-# - name: Create symbolic links from /var/lib/postgresql/.nix-profile/share/pljava to /usr/lib/postgresql/share/postgresql/pljava
-#   file:
-#     src: "{{ item }}"
-#     dest: "/usr/lib/postgresql/share/postgresql/pljava/{{ item | basename }}"
-#     state: link
-#   with_fileglob:
-#     - "/var/lib/postgresql/.nix-profile/share/pljava/*"
-#   become: yes
-# It was decided to leave pljava disabled at https://github.com/supabase/postgres/pull/690 therefore removing this task
-
 - name: Create symbolic links from /var/lib/postgresql/.nix-profile/share/postgresql to /usr/lib/postgresql/share/postgresql
   file:
     src: "{{ item }}"

ansible/tasks/test-image.yml

@@ -62,13 +62,14 @@
   block:
     - name: Check if psql_version is psql_orioledb-xx
       set_fact:
-        is_psql_oriole: "{{ psql_version in ['psql_orioledb-16', 'psql_orioledb-17'] }}"
+        is_psql_oriole: "{{ psql_version in ['psql_orioledb-17'] }}"
+        is_psql_17: "{{ psql_version in ['psql_17'] }}"
 
     - name: Remove specified extensions from SQL file
       ansible.builtin.command:
         cmd: >
           sed -i '/\\ir.*\(timescaledb\|postgis\|pgrouting\|plv8\).*\.sql/d' /tmp/migrations/tests/extensions/test.sql
-      when: is_psql_oriole
+      when: is_psql_oriole or is_psql_17
       become: yes
 
     - name: Remove specified extension files from extensions directory
@@ -77,17 +78,15 @@
         patterns: 
           - '*timescaledb*.sql'
           - '*plv8*.sql'
-          - '*postgis*.sql'
-          - '*pgrouting*.sql'
       register: files_to_remove
-      when: is_psql_oriole
+      when: is_psql_oriole or is_psql_17
 
     - name: Delete matched extension files
       ansible.builtin.file:
         path: "{{ item.path }}"
         state: absent
       loop: "{{ files_to_remove.files }}"
-      when: is_psql_oriole
+      when: is_psql_oriole or is_psql_17
       become: yes
 
 - name: Run Unit tests (with filename unit-test-*) on Postgres Database

ansible/vars.yml

@@ -4,12 +4,14 @@ async_mode: true
 
 postgres_major:
   - "15"
+  - "17"
   - "orioledb-17"
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.0.1.021-orioledb"
-  postgres15: "15.8.1.031"
+  postgresorioledb-17: "17.0.1.021-orioledb-staging"
+  postgres17: "17.2.1.001-staging"
+  postgres15: "15.8.1.031-staging"
 
 # Non Postgres Extensions
 pgbouncer_release: "1.19.0"