From 495d9f99a963b655c63656c7c84f25d4e3e307ed Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 11:33:04 -0500 Subject: [PATCH 01/13] revert: revert PR 1971 --- Dockerfile-15 | 1 + Dockerfile-17 | 1 + Dockerfile-orioledb-17 | 1 + ...ions.service => database-optimizations.service} | 0 ansible/files/postgres_prestart.sh.j2 | 2 +- ansible/files/postgresql_config/postgresql.conf.j2 | 2 +- ansible/files/postgresql_config/postgresql.service | 4 ++-- ansible/tasks/setup-postgres.yml | 8 ++++---- ansible/tasks/setup-supabase-internal.yml | 14 ++++++++++++++ nix/tests/postgresql.conf.in | 2 +- 10 files changed, 26 insertions(+), 9 deletions(-) rename ansible/files/{database_optimizations.service => database-optimizations.service} (100%) diff --git a/Dockerfile-15 b/Dockerfile-15 index bce2526cb..c990acf1f 100644 --- a/Dockerfile-15 +++ b/Dockerfile-15 @@ -218,6 +218,7 @@ COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /h COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh RUN sed -i \ + -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ /etc/postgresql/postgresql.conf && \ diff --git a/Dockerfile-17 b/Dockerfile-17 index 0dc465bdc..847e9cda8 100644 --- a/Dockerfile-17 +++ b/Dockerfile-17 @@ -222,6 +222,7 @@ COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /h COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh RUN sed -i \ + -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ /etc/postgresql/postgresql.conf && \ diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17 index ebcaa38e7..39b42a6f5 100644 --- a/Dockerfile-orioledb-17 +++ b/Dockerfile-orioledb-17 @@ -222,6 +222,7 @@ COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /h COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh RUN sed -i \ + -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ /etc/postgresql/postgresql.conf && \ diff --git a/ansible/files/database_optimizations.service b/ansible/files/database-optimizations.service similarity index 100% rename from ansible/files/database_optimizations.service rename to ansible/files/database-optimizations.service diff --git a/ansible/files/postgres_prestart.sh.j2 b/ansible/files/postgres_prestart.sh.j2 index 97bc949be..7e3c61d15 100644 --- a/ansible/files/postgres_prestart.sh.j2 +++ b/ansible/files/postgres_prestart.sh.j2 @@ -15,7 +15,7 @@ check_orioledb_enabled() { } get_shared_buffers() { - local opt_conf="/etc/postgresql-custom/conf.d/generated_optimizations.conf" + local opt_conf="/etc/postgresql-custom/conf.d/generated-optimizations.conf" if [ ! -f "$opt_conf" ]; then return 0 fi diff --git a/ansible/files/postgresql_config/postgresql.conf.j2 b/ansible/files/postgresql_config/postgresql.conf.j2 index 316a5f22f..3e2d43e54 100644 --- a/ansible/files/postgresql_config/postgresql.conf.j2 +++ b/ansible/files/postgresql_config/postgresql.conf.j2 @@ -64,7 +64,7 @@ listen_addresses = '*' # what IP address(es) to listen on; #port = 5432 # (change requires restart) #max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) -unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories +#unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) #unix_socket_group = '' # (change requires restart) #unix_socket_permissions = 0777 # begin with 0 to use octal notation diff --git a/ansible/files/postgresql_config/postgresql.service b/ansible/files/postgresql_config/postgresql.service index f8b591176..efb52f18e 100644 --- a/ansible/files/postgresql_config/postgresql.service +++ b/ansible/files/postgresql_config/postgresql.service @@ -2,8 +2,8 @@ Description=PostgreSQL database server Documentation=man:postgres(1) {% if supabase_internal is defined %} -Requires=database_optimizations.service -After=database_optimizations.service +Requires=database-optimizations.service +After=database-optimizations.service {% endif %} [Service] diff --git a/ansible/tasks/setup-postgres.yml b/ansible/tasks/setup-postgres.yml index 3fcc5796a..496a78176 100644 --- a/ansible/tasks/setup-postgres.yml +++ b/ansible/tasks/setup-postgres.yml @@ -147,11 +147,11 @@ group: 'postgres' mode: '0664' owner: 'postgres' - path: "/etc/postgresql-custom/conf.d{{ pg_config_item }}" + path: "/etc/postgresql-custom/{{ pg_config_item }}" state: 'touch' loop: - - 'custom_overrides.conf' - - 'generated_optimizations.conf' + - 'custom-overrides.conf' + - 'generated-optimizations.conf' loop_control: loop_var: 'pg_config_item' @@ -276,7 +276,7 @@ dest: "/etc/systemd/system/{{ systemd_svc_item | basename }}" src: "files/{{ systemd_svc_item }}" loop: - - 'database_optimizations.service' + - 'database-optimizations.service' - 'postgresql_config/postgresql.service' loop_control: loop_var: 'systemd_svc_item' diff --git a/ansible/tasks/setup-supabase-internal.yml b/ansible/tasks/setup-supabase-internal.yml index 7650d42b5..d59062012 100644 --- a/ansible/tasks/setup-supabase-internal.yml +++ b/ansible/tasks/setup-supabase-internal.yml @@ -75,6 +75,20 @@ state: 'directory' become: true +- name: Include file for generated optimizations in postgresql.conf + ansible.builtin.replace: + path: '/etc/postgresql/postgresql.conf' + regexp: "#include = '/etc/postgresql-custom/generated-optimizations.conf'" + replace: "include = '/etc/postgresql-custom/generated-optimizations.conf'" + become: true + +- name: Include file for custom overrides in postgresql.conf + ansible.builtin.replace: + path: '/etc/postgresql/postgresql.conf' + regexp: "#include = '/etc/postgresql-custom/custom-overrides.conf'" + replace: "include = '/etc/postgresql-custom/custom-overrides.conf'" + become: true + - name: Install Postgres exporter ansible.builtin.import_tasks: file: internal/postgres-exporter.yml diff --git a/nix/tests/postgresql.conf.in b/nix/tests/postgresql.conf.in index 6a6bfeaef..e4f844d07 100644 --- a/nix/tests/postgresql.conf.in +++ b/nix/tests/postgresql.conf.in @@ -62,7 +62,7 @@ listen_addresses = '*' # what IP address(es) to listen on; #port = @PGSQL_DEFAULT_PORT@ # (change requires restart) max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) -unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories +unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) #unix_socket_group = '' # (change requires restart) #unix_socket_permissions = 0777 # begin with 0 to use octal notation From 7839c9e9ad4fe733355197a3630f19775b3c0c59 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 11:48:17 -0500 Subject: [PATCH 02/13] revert: revert PR 1956 --- Dockerfile-15 | 1 + Dockerfile-17 | 1 + Dockerfile-orioledb-17 | 1 + .../{conf.d/read_replica.conf => custom_read_replica.conf} | 0 ansible/files/postgresql_config/postgresql.conf.j2 | 3 +++ ansible/tasks/setup-postgres.yml | 6 +++--- nix/packages/lib.nix | 6 ++++++ nix/tools/run-server.sh.in | 1 + 8 files changed, 16 insertions(+), 3 deletions(-) rename ansible/files/postgresql_config/{conf.d/read_replica.conf => custom_read_replica.conf} (100%) diff --git a/Dockerfile-15 b/Dockerfile-15 index c990acf1f..0856659f4 100644 --- a/Dockerfile-15 +++ b/Dockerfile-15 @@ -214,6 +214,7 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh +COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf /etc/postgresql-custom/read-replica.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh diff --git a/Dockerfile-17 b/Dockerfile-17 index 847e9cda8..eee4f233d 100644 --- a/Dockerfile-17 +++ b/Dockerfile-17 @@ -218,6 +218,7 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh +COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf /etc/postgresql-custom/read-replica.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17 index 39b42a6f5..10b3740a2 100644 --- a/Dockerfile-orioledb-17 +++ b/Dockerfile-orioledb-17 @@ -218,6 +218,7 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh +COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf /etc/postgresql-custom/read-replica.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh diff --git a/ansible/files/postgresql_config/conf.d/read_replica.conf b/ansible/files/postgresql_config/custom_read_replica.conf similarity index 100% rename from ansible/files/postgresql_config/conf.d/read_replica.conf rename to ansible/files/postgresql_config/custom_read_replica.conf diff --git a/ansible/files/postgresql_config/postgresql.conf.j2 b/ansible/files/postgresql_config/postgresql.conf.j2 index 3e2d43e54..1dd371012 100644 --- a/ansible/files/postgresql_config/postgresql.conf.j2 +++ b/ansible/files/postgresql_config/postgresql.conf.j2 @@ -752,6 +752,9 @@ jit_provider = 'llvmjit' # JIT library to use #include_if_exists = '...' # include file only if it exists #include = '...' # include file +# read replica specific configurations +include = '/etc/postgresql-custom/read-replica.conf' + # supautils specific configurations #include = '/etc/postgresql-custom/supautils.conf' diff --git a/ansible/tasks/setup-postgres.yml b/ansible/tasks/setup-postgres.yml index 496a78176..57d4e28d0 100644 --- a/ansible/tasks/setup-postgres.yml +++ b/ansible/tasks/setup-postgres.yml @@ -167,13 +167,13 @@ loop_control: loop_var: 'pg_config_item' - - name: Move read-replica.conf file to /etc/postgresql-custom/conf.d/read-replica.conf + - name: Move read-replica.conf file to /etc/postgresql-custom/read-replica.conf ansible.builtin.copy: - dest: '/etc/postgresql-custom/conf.d/read_replica.conf' + dest: '/etc/postgresql-custom/read-replica.conf' mode: '0664' owner: 'postgres' group: 'postgres' - src: 'files/postgresql_config/conf.d/read_replica.conf' + src: 'files/postgresql_config/custom_read_replica.conf' # Install extensions before init - name: Install Postgres extensions diff --git a/nix/packages/lib.nix b/nix/packages/lib.nix index cf541913d..95f03c8a7 100644 --- a/nix/packages/lib.nix +++ b/nix/packages/lib.nix @@ -48,6 +48,10 @@ name = "logging.conf"; path = ../../ansible/files/postgresql_config/postgresql-csvlog.conf; }; + readReplicaConfigFile = builtins.path { + name = "readreplica.conf"; + path = ../../ansible/files/postgresql_config/custom_read_replica.conf; + }; pgHbaConfigFile = builtins.path { name = "pg_hba.conf"; path = ../../ansible/files/postgresql_config/pg_hba.conf.j2; @@ -87,6 +91,7 @@ POSTGRESQL_CONFIG_DIR = "${postgresqlConfigBaseDir}"; PSQLORIOLEDB17_BINDIR = "${psql_orioledb-17}"; PGSODIUM_GETKEY = "${paths.getkeyScript}"; + READREPL_CONF_FILE = "${paths.readReplicaConfigFile}"; LOGGING_CONF_FILE = "${paths.loggingConfigFile}"; SUPAUTILS_CONF_FILE = "${paths.supautilsConfigFile}"; PG_HBA = "${paths.pgHbaConfigFile}"; @@ -118,6 +123,7 @@ cp ${paths.supautilsConfigFile} $out/etc/postgresql-custom/supautils.conf || { echo "Failed to copy supautils.conf"; exit 1; } cp ${paths.pgconfigFile} $out/etc/postgresql/postgresql.conf || { echo "Failed to copy postgresql.conf"; exit 1; } cp ${paths.loggingConfigFile} $out/etc/postgresql-custom/logging.conf || { echo "Failed to copy logging.conf"; exit 1; } + cp ${paths.readReplicaConfigFile} $out/etc/postgresql-custom/read-replica.conf || { echo "Failed to copy read-replica.conf"; exit 1; } cp ${paths.pgHbaConfigFile} $out/etc/postgresql/pg_hba.conf || { echo "Failed to copy pg_hba.conf"; exit 1; } cp ${paths.pgIdentConfigFile} $out/etc/postgresql/pg_ident.conf || { echo "Failed to copy pg_ident.conf"; exit 1; } cp -r ${paths.postgresqlExtensionCustomScriptsPath}/* $out/extension-custom-scripts/ || { echo "Failed to copy custom scripts"; exit 1; } diff --git a/nix/tools/run-server.sh.in b/nix/tools/run-server.sh.in index 5cd86fe31..48ce41d26 100644 --- a/nix/tools/run-server.sh.in +++ b/nix/tools/run-server.sh.in @@ -240,6 +240,7 @@ vault.getkey_script = '$PGSODIUM_GETKEY_SCRIPT'" \ -e "s|hba_file = '/etc/postgresql/pg_hba.conf'|hba_file = '$DATDIR/pg_hba.conf'|" \ -e "s|ident_file = '/etc/postgresql/pg_ident.conf'|ident_file = '$DATDIR/pg_ident.conf'|" \ -e "s|include = '/etc/postgresql/logging.conf'|#&|" \ +-e "s|include = '/etc/postgresql-custom/read-replica.conf'|include = '$DATDIR/read-replica.conf'|" \ -e "\$a\\ session_preload_libraries = 'supautils'" \ -e "s|include_dir = '/etc/postgresql-custom/conf.d'|include_dir = '$DATDIR/conf.d'|" \ From ad4f2e0c4eece9dcef81fcea42e228223160d4bb Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 12:04:55 -0500 Subject: [PATCH 03/13] revert: revert PR 1965 --- Dockerfile-15 | 3 ++- Dockerfile-17 | 3 ++- Dockerfile-orioledb-17 | 3 ++- .../{conf.d/wal-g.conf => custom_walg.conf} | 1 + .../files/postgresql_config/postgresql.conf.j2 | 12 ++++++++++-- ansible/tasks/setup-wal-g.yml | 15 +++++++++++++++ 6 files changed, 32 insertions(+), 5 deletions(-) rename ansible/files/postgresql_config/{conf.d/wal-g.conf => custom_walg.conf} (95%) diff --git a/Dockerfile-15 b/Dockerfile-15 index 0856659f4..7ef96c087 100644 --- a/Dockerfile-15 +++ b/Dockerfile-15 @@ -214,6 +214,7 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh +COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf /etc/postgresql-custom/wal-g.conf COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf /etc/postgresql-custom/read-replica.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh @@ -222,7 +223,7 @@ RUN sed -i \ -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ - /etc/postgresql/postgresql.conf && \ + -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \ echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ usermod -aG postgres wal-g && \ diff --git a/Dockerfile-17 b/Dockerfile-17 index eee4f233d..1334f0744 100644 --- a/Dockerfile-17 +++ b/Dockerfile-17 @@ -218,6 +218,7 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh +COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf /etc/postgresql-custom/wal-g.conf COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf /etc/postgresql-custom/read-replica.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh @@ -226,7 +227,7 @@ RUN sed -i \ -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ - /etc/postgresql/postgresql.conf && \ + -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \ echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ usermod -aG postgres wal-g && \ diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17 index 10b3740a2..4dbbd467f 100644 --- a/Dockerfile-orioledb-17 +++ b/Dockerfile-orioledb-17 @@ -218,6 +218,7 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh +COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf /etc/postgresql-custom/wal-g.conf COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf /etc/postgresql-custom/read-replica.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh @@ -226,7 +227,7 @@ RUN sed -i \ -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ - /etc/postgresql/postgresql.conf && \ + -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \ echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ usermod -aG postgres wal-g && \ diff --git a/ansible/files/postgresql_config/conf.d/wal-g.conf b/ansible/files/postgresql_config/custom_walg.conf similarity index 95% rename from ansible/files/postgresql_config/conf.d/wal-g.conf rename to ansible/files/postgresql_config/custom_walg.conf index 99d315507..60cf10b86 100644 --- a/ansible/files/postgresql_config/conf.d/wal-g.conf +++ b/ansible/files/postgresql_config/custom_walg.conf @@ -1,5 +1,6 @@ # - Archiving - +#archivce_mode = on #archive_command = '/usr/bin/admin-mgr wal-push %p >> /var/log/wal-g/wal-push.log 2>&1' #archive_timeout = 120 diff --git a/ansible/files/postgresql_config/postgresql.conf.j2 b/ansible/files/postgresql_config/postgresql.conf.j2 index 1dd371012..948135ef1 100644 --- a/ansible/files/postgresql_config/postgresql.conf.j2 +++ b/ansible/files/postgresql_config/postgresql.conf.j2 @@ -242,8 +242,8 @@ checkpoint_flush_after = 256kB # measured in pages, 0 disables # - Archiving - -archive_mode = on # enables archiving; off, on, or always (change requires restart) -archive_command = '/bin/true' # command to use to archive a logfile segment +#archive_mode = off # enables archiving; off, on, or always (change requires restart) +#archive_command = '' # command to use to archive a logfile segment # placeholders: %p = path of file to archive # %f = file name only # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' @@ -752,6 +752,14 @@ jit_provider = 'llvmjit' # JIT library to use #include_if_exists = '...' # include file only if it exists #include = '...' # include file +# Automatically generated optimizations +#include = '/etc/postgresql-custom/generated-optimizations.conf' +# User-supplied custom parameters, override any automatically generated ones +#include = '/etc/postgresql-custom/custom-overrides.conf' + +# WAL-G specific configurations +#include = '/etc/postgresql-custom/wal-g.conf' + # read replica specific configurations include = '/etc/postgresql-custom/read-replica.conf' diff --git a/ansible/tasks/setup-wal-g.yml b/ansible/tasks/setup-wal-g.yml index 023b6c876..2ba35922b 100644 --- a/ansible/tasks/setup-wal-g.yml +++ b/ansible/tasks/setup-wal-g.yml @@ -54,6 +54,14 @@ path: '/etc/wal-g/config.json' state: 'touch' + - name: Move custom wal-g.conf file to /etc/postgresql-custom/wal-g.conf + ansible.builtin.template: + dest: '/etc/postgresql-custom/wal-g.conf' + group: 'postgres' + mode: '0664' + owner: 'postgres' + src: 'files/postgresql_config/custom_walg.conf' + - name: Add script to be run for restore_command ansible.builtin.template: dest: '/home/postgres/wal_fetch.sh' @@ -69,6 +77,13 @@ owner: 'root' src: 'files/walg_helper_scripts/wal_change_ownership.sh' + - name: Include /etc/postgresql-custom/wal-g.conf in postgresql.conf + ansible.builtin.replace: + path: '/etc/postgresql/postgresql.conf' + regexp: "#include = '/etc/postgresql-custom/wal-g.conf'" + replace: "include = '/etc/postgresql-custom/wal-g.conf'" + become: true + - name: Move custom wal-g.conf file to /etc/postgresql-custom/conf.d/wal-g.conf ansible.builtin.copy: dest: '/etc/postgresql-custom/conf.d/wal-g.conf' From 5e00e1a3d7f684eb1aaef5b0739d606067484820 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 13:03:22 -0500 Subject: [PATCH 04/13] fix: forgot to bump versions --- ansible/tasks/setup-wal-g.yml | 6 +++--- ansible/vars.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ansible/tasks/setup-wal-g.yml b/ansible/tasks/setup-wal-g.yml index 2ba35922b..f782b85b0 100644 --- a/ansible/tasks/setup-wal-g.yml +++ b/ansible/tasks/setup-wal-g.yml @@ -84,13 +84,13 @@ replace: "include = '/etc/postgresql-custom/wal-g.conf'" become: true - - name: Move custom wal-g.conf file to /etc/postgresql-custom/conf.d/wal-g.conf + - name: Move custom wal-g.conf file to /etc/postgresql-custom/wal-g.conf ansible.builtin.copy: - dest: '/etc/postgresql-custom/conf.d/wal-g.conf' + dest: '/etc/postgresql-custom/wal-g.conf' group: 'postgres' mode: '0664' owner: 'postgres' - src: 'files/postgresql_config/conf.d/wal-g.conf' + src: 'files/postgresql_config/custom_walg.conf' - name: Create symlink for admin-mgr compatibility ansible.builtin.file: diff --git a/ansible/vars.yml b/ansible/vars.yml index 2e9cd0d92..991d06cb3 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,9 +10,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.6.0.023-orioledb" - postgres17: "17.6.1.066" - postgres15: "15.14.1.066" + postgresorioledb-17: "17.6.0.024-orioledb-dougrevert" + postgres17: "17.6.1.067-dougrevert" + postgres15: "15.14.1.067-dougrevert" # Non Postgres Extensions pgbouncer_release: 1.19.0 From de788acc8890266a6b0b5ce31d62861b8072ffbe Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 14:01:25 -0500 Subject: [PATCH 05/13] fix: symlink is no longer needed --- ansible/tasks/setup-wal-g.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ansible/tasks/setup-wal-g.yml b/ansible/tasks/setup-wal-g.yml index f782b85b0..0d923cd05 100644 --- a/ansible/tasks/setup-wal-g.yml +++ b/ansible/tasks/setup-wal-g.yml @@ -92,10 +92,10 @@ owner: 'postgres' src: 'files/postgresql_config/custom_walg.conf' - - name: Create symlink for admin-mgr compatibility - ansible.builtin.file: - src: '/etc/postgresql-custom/conf.d/wal-g.conf' - dest: '/etc/postgresql-custom/wal-g.conf' - state: 'link' - owner: 'postgres' - group: 'postgres' + # - name: Create symlink for admin-mgr compatibility + # ansible.builtin.file: + # src: '/etc/postgresql-custom/conf.d/wal-g.conf' + # dest: '/etc/postgresql-custom/wal-g.conf' + # state: 'link' + # owner: 'postgres' + # group: 'postgres' From 54461b34ea479363ccf5ae3fcb59406ae61024f6 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 14:51:58 -0500 Subject: [PATCH 06/13] fix: missed a generated-optimizations instance --- Dockerfile-orioledb-17 | 1 + ansible/files/database-optimizations.service | 2 +- ansible/files/postgres_prestart.sh.j2 | 2 +- ansible/tasks/setup-postgres.yml | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17 index 4dbbd467f..78072e03c 100644 --- a/Dockerfile-orioledb-17 +++ b/Dockerfile-orioledb-17 @@ -236,6 +236,7 @@ RUN sed -i \ # Remove items from postgresql.conf RUN sed -i 's/ timescaledb,//g;' "/etc/postgresql/postgresql.conf" #as of pg 16.4 + this db_user_namespace totally deprecated and will break the server if setting is present +RUN sed -i 's/db_user_namespace = off/#db_user_namespace = off/g;' "/etc/postgresql/postgresql.conf" RUN sed -i 's/ timescaledb,//g; s/ plv8,//g; s/ postgis,//g; s/ pgrouting,//g' "/etc/postgresql-custom/supautils.conf" RUN sed -i 's/\(shared_preload_libraries.*\)'\''\(.*\)$/\1, orioledb'\''\2/' "/etc/postgresql/postgresql.conf" RUN echo "default_table_access_method = 'orioledb'" >> "/etc/postgresql/postgresql.conf" diff --git a/ansible/files/database-optimizations.service b/ansible/files/database-optimizations.service index 23b99464e..9f55f42c4 100644 --- a/ansible/files/database-optimizations.service +++ b/ansible/files/database-optimizations.service @@ -4,7 +4,7 @@ Description=Postgresql optimizations [Service] Type=oneshot # we do not want failures from these commands to cause downstream service startup to fail -ExecStart=-/opt/supabase-admin-api optimize db --destination-config-file-path /etc/postgresql-custom/conf.d/generated_optimizations.conf +ExecStart=-/opt/supabase-admin-api optimize db --destination-config-file-path /etc/postgresql-custom/conf.d/generated-optimizations.conf ExecStart=-/opt/supabase-admin-api optimize pgbouncer --destination-config-file-path /etc/pgbouncer-custom/generated-optimizations.ini User=adminapi diff --git a/ansible/files/postgres_prestart.sh.j2 b/ansible/files/postgres_prestart.sh.j2 index 7e3c61d15..df555c87e 100644 --- a/ansible/files/postgres_prestart.sh.j2 +++ b/ansible/files/postgres_prestart.sh.j2 @@ -15,7 +15,7 @@ check_orioledb_enabled() { } get_shared_buffers() { - local opt_conf="/etc/postgresql-custom/conf.d/generated-optimizations.conf" + local opt_conf="/etc/postgresql-custom/generated-optimizations.conf" if [ ! -f "$opt_conf" ]; then return 0 fi diff --git a/ansible/tasks/setup-postgres.yml b/ansible/tasks/setup-postgres.yml index 121ea8748..57d4e28d0 100644 --- a/ansible/tasks/setup-postgres.yml +++ b/ansible/tasks/setup-postgres.yml @@ -147,7 +147,7 @@ group: 'postgres' mode: '0664' owner: 'postgres' - path: "/etc/postgresql-custom/conf.d/{{ pg_config_item }}" + path: "/etc/postgresql-custom/{{ pg_config_item }}" state: 'touch' loop: - 'custom-overrides.conf' From 1276c4d475437c2316dde20a09d5c9fa6e8132ff Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 15:47:07 -0500 Subject: [PATCH 07/13] fix: update the supascan config --- audit-specs/baselines/ami-build/files-postgres-config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/audit-specs/baselines/ami-build/files-postgres-config.yml b/audit-specs/baselines/ami-build/files-postgres-config.yml index d3c4ba1c9..a8262d963 100644 --- a/audit-specs/baselines/ami-build/files-postgres-config.yml +++ b/audit-specs/baselines/ami-build/files-postgres-config.yml @@ -55,13 +55,13 @@ file: owner: postgres group: postgres mode: '0775' - /etc/postgresql-custom/conf.d/wal-g.conf: + /etc/postgresql-custom/wal-g.conf: exists: true filetype: file owner: postgres group: postgres mode: '0664' - /etc/postgresql-custom/conf.d/read_replica.conf: + /etc/postgresql-custom/read_replica.conf: exists: true filetype: file owner: postgres From 2bb1295acee2ff044ace53536358b051b97cbee3 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 16:04:00 -0500 Subject: [PATCH 08/13] fix: it is read-replica not read_replica --- audit-specs/baselines/ami-build/files-postgres-config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audit-specs/baselines/ami-build/files-postgres-config.yml b/audit-specs/baselines/ami-build/files-postgres-config.yml index a8262d963..3b42dff24 100644 --- a/audit-specs/baselines/ami-build/files-postgres-config.yml +++ b/audit-specs/baselines/ami-build/files-postgres-config.yml @@ -61,7 +61,7 @@ file: owner: postgres group: postgres mode: '0664' - /etc/postgresql-custom/read_replica.conf: + /etc/postgresql-custom/read-replica.conf: exists: true filetype: file owner: postgres From bc57dbd445f57e2b826cb4532c0ce78ddb62c92d Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 16:54:16 -0500 Subject: [PATCH 09/13] fix: missed this one --- ansible/files/pgbouncer_config/pgbouncer.service.j2 | 4 ++-- audit-specs/baselines/baseline.yml | 2 +- .../baselines/prod-deployed/files-systemd-deployed.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/files/pgbouncer_config/pgbouncer.service.j2 b/ansible/files/pgbouncer_config/pgbouncer.service.j2 index 78dcc8d83..7fcc9acbe 100644 --- a/ansible/files/pgbouncer_config/pgbouncer.service.j2 +++ b/ansible/files/pgbouncer_config/pgbouncer.service.j2 @@ -4,8 +4,8 @@ Documentation=man:pgbouncer(1) Documentation=https://www.pgbouncer.org/ After=network.target {% if supabase_internal is defined %} -Requires=database_optimizations.service -After=database_optimizations.service +Requires=database-optimizations.service +After=database-optimizations.service {% endif %} [Service] diff --git a/audit-specs/baselines/baseline.yml b/audit-specs/baselines/baseline.yml index d50831b6f..0c7810c62 100644 --- a/audit-specs/baselines/baseline.yml +++ b/audit-specs/baselines/baseline.yml @@ -5461,7 +5461,7 @@ file: owner: "0" group: "0" filetype: file - /etc/systemd/system/database_optimizations.service: + /etc/systemd/system/database-optimizations.service: exists: true mode: "0644" owner: "0" diff --git a/audit-specs/baselines/prod-deployed/files-systemd-deployed.yml b/audit-specs/baselines/prod-deployed/files-systemd-deployed.yml index 1d12a871f..a01cc5f04 100644 --- a/audit-specs/baselines/prod-deployed/files-systemd-deployed.yml +++ b/audit-specs/baselines/prod-deployed/files-systemd-deployed.yml @@ -55,7 +55,7 @@ file: group: '0' mode: '0644' owner: '0' - /etc/systemd/system/database_optimizations.service: + /etc/systemd/system/database-optimizations.service: exists: true filetype: file group: '0' From 9de902f823c7239581014171c2022121b057f5ec Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 17:14:43 -0500 Subject: [PATCH 10/13] chore: update ami versions --- ansible/vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 991d06cb3..99af1f7be 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,9 +10,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.6.0.024-orioledb-dougrevert" - postgres17: "17.6.1.067-dougrevert" - postgres15: "15.14.1.067-dougrevert" + postgresorioledb-17: "17.6.0.024-orioledb-dougrevert-1" + postgres17: "17.6.1.067-dougrevert-1" + postgres15: "15.14.1.067-dougrevert-1" # Non Postgres Extensions pgbouncer_release: 1.19.0 From 5c5a23ba923dece76ad1a4eb40652972681d44b2 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 19:55:20 -0500 Subject: [PATCH 11/13] chore: remove testing identifier --- ansible/vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 99af1f7be..7e07729ed 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,9 +10,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.6.0.024-orioledb-dougrevert-1" - postgres17: "17.6.1.067-dougrevert-1" - postgres15: "15.14.1.067-dougrevert-1" + postgresorioledb-17: "17.6.0.024-orioledb" + postgres17: "17.6.1.067" + postgres15: "15.14.1.067" # Non Postgres Extensions pgbouncer_release: 1.19.0 From 152f191a245698a620eca6833760f4e6f0d628ce Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Thu, 18 Dec 2025 08:38:13 -0500 Subject: [PATCH 12/13] chore: bump ami version --- ansible/vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 7e07729ed..e1115c0ad 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,9 +10,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.6.0.024-orioledb" - postgres17: "17.6.1.067" - postgres15: "15.14.1.067" + postgresorioledb-17: "17.6.0.025-orioledb" + postgres17: "17.6.1.068" + postgres15: "15.14.1.068" # Non Postgres Extensions pgbouncer_release: 1.19.0 From aa5a3e54fac9b8113e92340fdcc90166d0484bf6 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Thu, 18 Dec 2025 08:47:49 -0500 Subject: [PATCH 13/13] chore: spelling --- ansible/files/postgresql_config/custom_walg.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/files/postgresql_config/custom_walg.conf b/ansible/files/postgresql_config/custom_walg.conf index 60cf10b86..76ef1290e 100644 --- a/ansible/files/postgresql_config/custom_walg.conf +++ b/ansible/files/postgresql_config/custom_walg.conf @@ -1,6 +1,6 @@ # - Archiving - -#archivce_mode = on +#archive_mode = on #archive_command = '/usr/bin/admin-mgr wal-push %p >> /var/log/wal-g/wal-push.log 2>&1' #archive_timeout = 120