diff --git a/.github/workflows/ami-release-nix-single.yml b/.github/workflows/ami-release-nix-single.yml index d99939f1d..500bf26d5 100644 --- a/.github/workflows/ami-release-nix-single.yml +++ b/.github/workflows/ami-release-nix-single.yml @@ -103,6 +103,8 @@ jobs: - name: Upload nix flake revision to s3 staging run: | aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz + aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz + aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/upgrade_bundle.tar.gz - name: configure aws credentials - prod uses: aws-actions/configure-aws-credentials@v4 @@ -122,6 +124,8 @@ jobs: - name: Upload nix flake revision to s3 prod run: | aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz + aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz + aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/upgrade_bundle.tar.gz - name: Create release uses: softprops/action-gh-release@v2 diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index bf2df0c96..0c97d8374 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -125,6 +125,8 @@ jobs: - name: Upload nix flake revision to s3 staging run: | aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz + aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz + aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/upgrade_bundle.tar.gz - name: configure aws credentials - prod uses: aws-actions/configure-aws-credentials@v4 @@ -144,6 +146,8 @@ jobs: - name: Upload nix flake revision to s3 prod run: | aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz + aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz + aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/upgrade_bundle.tar.gz - name: Create release uses: softprops/action-gh-release@v2 diff --git a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml index f816415b3..c8b3abe46 100644 --- a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml +++ b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml @@ -66,7 +66,9 @@ jobs: - name: Upload pg_upgrade scripts to s3 staging run: | - aws s3 cp /tmp/pg_upgrade_bin.tar.gz "s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz" + aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz + aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz + aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/upgrade_bundle.tar.gz - name: Slack Notification on Failure if: ${{ failure() }} @@ -113,7 +115,9 @@ jobs: - name: Upload pg_upgrade scripts to s3 prod run: | - aws s3 cp /tmp/pg_upgrade_bin.tar.gz "s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz" + aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz + aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz + aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/upgrade_bundle.tar.gz - name: Slack Notification on Failure if: ${{ failure() }} diff --git a/.github/workflows/testinfra-ami-build.yml b/.github/workflows/testinfra-ami-build.yml index 8544f1b85..d9d8f5eb8 100644 --- a/.github/workflows/testinfra-ami-build.yml +++ b/.github/workflows/testinfra-ami-build.yml @@ -34,8 +34,8 @@ jobs: include: - runner: arm-runner arch: arm64 - ubuntu_release: focal - ubuntu_version: 20.04 + ubuntu_release: noble + ubuntu_version: 24.04 mcpu: neoverse-n1 runs-on: ${{ matrix.runner }} timeout-minutes: 150 diff --git a/Dockerfile-15 b/Dockerfile-15 index 6acf86037..68e9f4e59 100644 --- a/Dockerfile-15 +++ b/Dockerfile-15 @@ -38,7 +38,7 @@ ARG index_advisor_release=0.2.0 ARG supautils_release=2.2.0 ARG wal_g_release=2.0.1 -FROM ubuntu:focal as base +FROM ubuntu:noble as base RUN apt update -y && apt install -y \ curl \ diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17 index 4a0413cb0..41254e4f7 100644 --- a/Dockerfile-orioledb-17 +++ b/Dockerfile-orioledb-17 @@ -39,7 +39,7 @@ ARG index_advisor_release=0.2.0 ARG supautils_release=2.2.0 ARG wal_g_release=3.0.5 -FROM ubuntu:focal as base +FROM ubuntu:noble as base RUN apt update -y && apt install -y \ curl \ diff --git a/README.md b/README.md index d7b106cf8..74a2ae486 100644 --- a/README.md +++ b/README.md @@ -5,8 +5,8 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to ## Primary Features - ✅ Postgres [postgresql-15.8](https://www.postgresql.org/docs/15/index.html) - ✅ Postgres [postgresql-17.4](https://www.postgresql.org/docs/17/index.html) -- ✅ Postgres [orioledb-postgresql-17_5](https://github.com/orioledb/orioledb) -- ✅ Ubuntu 20.04 (Focal Fossa). +- ✅ Postgres [orioledb-postgresql-17_6](https://github.com/orioledb/orioledb) +- ✅ Ubuntu 24.04 (Noble Numbat). - ✅ [wal_level](https://www.postgresql.org/docs/current/runtime-config-wal.html) = logical and [max_replication_slots](https://www.postgresql.org/docs/current/runtime-config-replication.html) = 5. Ready for replication. - ✅ [Large Systems Extensions](https://github.com/aws/aws-graviton-getting-started#building-for-graviton-and-graviton2). Enabled for ARM images. ## Extensions @@ -42,7 +42,7 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to | [supabase-wrappers](https://github.com/supabase/wrappers/archive/v0.4.5.tar.gz) | [0.4.5](https://github.com/supabase/wrappers/archive/v0.4.5.tar.gz) | Various Foreign Data Wrappers (FDWs) for PostreSQL | | [supautils](https://github.com/supabase/supautils/archive/refs/tags/v2.6.0.tar.gz) | [2.6.0](https://github.com/supabase/supautils/archive/refs/tags/v2.6.0.tar.gz) | PostgreSQL extension for enhanced security | | [timescaledb-apache](https://github.com/timescale/timescaledb/archive/2.16.1.tar.gz) | [2.16.1](https://github.com/timescale/timescaledb/archive/2.16.1.tar.gz) | Scales PostgreSQL for time-series data via automatic partitioning across time and space | -| [vault](https://github.com/supabase/vault/archive/refs/tags/v0.2.9.tar.gz) | [0.2.9](https://github.com/supabase/vault/archive/refs/tags/v0.2.9.tar.gz) | Store encrypted secrets in PostgreSQL | +| [vault](https://github.com/supabase/vault/archive/refs/tags/v0.3.1.tar.gz) | [0.3.1](https://github.com/supabase/vault/archive/refs/tags/v0.3.1.tar.gz) | Store encrypted secrets in PostgreSQL | | [wal2json](https://github.com/eulerto/wal2json/archive/wal2json_2_6.tar.gz) | [2_6](https://github.com/eulerto/wal2json/archive/wal2json_2_6.tar.gz) | PostgreSQL JSON output plugin for changeset extraction | ### PostgreSQL 17 Extensions @@ -51,7 +51,6 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to | [hypopg](https://github.com/HypoPG/hypopg/archive/refs/tags/1.4.1.tar.gz) | [1.4.1](https://github.com/HypoPG/hypopg/archive/refs/tags/1.4.1.tar.gz) | Hypothetical Indexes for PostgreSQL | | [index_advisor](https://github.com/olirice/index_advisor/archive/v0.2.0.tar.gz) | [0.2.0](https://github.com/olirice/index_advisor/archive/v0.2.0.tar.gz) | Recommend indexes to improve query performance in PostgreSQL | | [pg-safeupdate](https://github.com/eradman/pg-safeupdate/archive/1.4.tar.gz) | [1.4](https://github.com/eradman/pg-safeupdate/archive/1.4.tar.gz) | A simple extension to PostgreSQL that requires criteria for UPDATE and DELETE | -| [pg_backtrace](https://github.com/pashkinelfe/pg_backtrace/archive/d100bac815a7365e199263f5b3741baf71b14c70.tar.gz) | [1.1](https://github.com/pashkinelfe/pg_backtrace/archive/d100bac815a7365e199263f5b3741baf71b14c70.tar.gz) | Updated fork of pg_backtrace | | [pg_cron](https://github.com/citusdata/pg_cron/archive/v1.6.4.tar.gz) | [1.6.4](https://github.com/citusdata/pg_cron/archive/v1.6.4.tar.gz) | Run Cron jobs through PostgreSQL | | [pg_graphql](https://github.com/supabase/pg_graphql/archive/v1.5.11.tar.gz) | [1.5.11](https://github.com/supabase/pg_graphql/archive/v1.5.11.tar.gz) | GraphQL support for PostreSQL | | [pg_hashids](https://github.com/iCyberon/pg_hashids/archive/cd0e1b31d52b394a0df64079406a14a4f7387cd6.tar.gz) | [cd0e1b31d52b394a0df64079406a14a4f7387cd6](https://github.com/iCyberon/pg_hashids/archive/cd0e1b31d52b394a0df64079406a14a4f7387cd6.tar.gz) | Generate short unique IDs in PostgreSQL | @@ -72,9 +71,9 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to | [plpgsql-check](https://github.com/okbob/plpgsql_check/archive/v2.7.11.tar.gz) | [2.7.11](https://github.com/okbob/plpgsql_check/archive/v2.7.11.tar.gz) | Linter tool for language PL/pgSQL | | [postgis](https://download.osgeo.org/postgis/source/postgis-3.3.7.tar.gz) | [3.3.7](https://download.osgeo.org/postgis/source/postgis-3.3.7.tar.gz) | Geographic Objects for PostgreSQL | | [rum](https://github.com/postgrespro/rum/archive/1.3.14.tar.gz) | [1.3.14](https://github.com/postgrespro/rum/archive/1.3.14.tar.gz) | Full text search index method for PostgreSQL | -| [supabase-wrappers](https://github.com/supabase/wrappers/archive/v0.4.4.tar.gz) | [0.4.4](https://github.com/supabase/wrappers/archive/v0.4.4.tar.gz) | Various Foreign Data Wrappers (FDWs) for PostreSQL | +| [supabase-wrappers](https://github.com/supabase/wrappers/archive/v0.4.5.tar.gz) | [0.4.5](https://github.com/supabase/wrappers/archive/v0.4.5.tar.gz) | Various Foreign Data Wrappers (FDWs) for PostreSQL | | [supautils](https://github.com/supabase/supautils/archive/refs/tags/v2.6.0.tar.gz) | [2.6.0](https://github.com/supabase/supautils/archive/refs/tags/v2.6.0.tar.gz) | PostgreSQL extension for enhanced security | -| [vault](https://github.com/supabase/vault/archive/refs/tags/v0.2.9.tar.gz) | [0.2.9](https://github.com/supabase/vault/archive/refs/tags/v0.2.9.tar.gz) | Store encrypted secrets in PostgreSQL | +| [vault](https://github.com/supabase/vault/archive/refs/tags/v0.3.1.tar.gz) | [0.3.1](https://github.com/supabase/vault/archive/refs/tags/v0.3.1.tar.gz) | Store encrypted secrets in PostgreSQL | | [wal2json](https://github.com/eulerto/wal2json/archive/wal2json_2_6.tar.gz) | [2_6](https://github.com/eulerto/wal2json/archive/wal2json_2_6.tar.gz) | PostgreSQL JSON output plugin for changeset extraction | ### PostgreSQL orioledb-17 Extensions @@ -82,7 +81,7 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to | ------------- | :-------------: | ------------- | | [hypopg](https://github.com/HypoPG/hypopg/archive/refs/tags/1.4.1.tar.gz) | [1.4.1](https://github.com/HypoPG/hypopg/archive/refs/tags/1.4.1.tar.gz) | Hypothetical Indexes for PostgreSQL | | [index_advisor](https://github.com/olirice/index_advisor/archive/v0.2.0.tar.gz) | [0.2.0](https://github.com/olirice/index_advisor/archive/v0.2.0.tar.gz) | Recommend indexes to improve query performance in PostgreSQL | -| [orioledb](https://github.com/orioledb/orioledb/archive/beta9.tar.gz) | [orioledb](https://github.com/orioledb/orioledb/archive/beta9.tar.gz) | orioledb | +| [orioledb](https://github.com/orioledb/orioledb/archive/beta10.tar.gz) | [orioledb](https://github.com/orioledb/orioledb/archive/beta10.tar.gz) | orioledb | | [pg-safeupdate](https://github.com/eradman/pg-safeupdate/archive/1.4.tar.gz) | [1.4](https://github.com/eradman/pg-safeupdate/archive/1.4.tar.gz) | A simple extension to PostgreSQL that requires criteria for UPDATE and DELETE | | [pg_cron](https://github.com/citusdata/pg_cron/archive/v1.6.4.tar.gz) | [1.6.4](https://github.com/citusdata/pg_cron/archive/v1.6.4.tar.gz) | Run Cron jobs through PostgreSQL | | [pg_graphql](https://github.com/supabase/pg_graphql/archive/v1.5.11.tar.gz) | [1.5.11](https://github.com/supabase/pg_graphql/archive/v1.5.11.tar.gz) | GraphQL support for PostreSQL | @@ -106,7 +105,7 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to | [rum](https://github.com/postgrespro/rum/archive/1.3.14.tar.gz) | [1.3.14](https://github.com/postgrespro/rum/archive/1.3.14.tar.gz) | Full text search index method for PostgreSQL | | [supabase-wrappers](https://github.com/supabase/wrappers/archive/v0.4.5.tar.gz) | [0.4.5](https://github.com/supabase/wrappers/archive/v0.4.5.tar.gz) | Various Foreign Data Wrappers (FDWs) for PostreSQL | | [supautils](https://github.com/supabase/supautils/archive/refs/tags/v2.6.0.tar.gz) | [2.6.0](https://github.com/supabase/supautils/archive/refs/tags/v2.6.0.tar.gz) | PostgreSQL extension for enhanced security | -| [vault](https://github.com/supabase/vault/archive/refs/tags/v0.2.9.tar.gz) | [0.2.9](https://github.com/supabase/vault/archive/refs/tags/v0.2.9.tar.gz) | Store encrypted secrets in PostgreSQL | +| [vault](https://github.com/supabase/vault/archive/refs/tags/v0.3.1.tar.gz) | [0.3.1](https://github.com/supabase/vault/archive/refs/tags/v0.3.1.tar.gz) | Store encrypted secrets in PostgreSQL | | [wal2json](https://github.com/eulerto/wal2json/archive/wal2json_2_6.tar.gz) | [2_6](https://github.com/eulerto/wal2json/archive/wal2json_2_6.tar.gz) | PostgreSQL JSON output plugin for changeset extraction | ## Additional Goodies *This is only available for our AWS EC2* @@ -158,4 +157,4 @@ TODO: find way to automate this We are building the features of Firebase using enterprise-grade, open source products. We support existing communities wherever possible, and if the products don’t exist we build them and open source them ourselves. -[![New Sponsor](https://user-images.githubusercontent.com/10214025/90518111-e74bbb00-e198-11ea-8f88-c9e3c1aa4b5b.png)](https://github.com/sponsors/supabase) +[![New Sponsor](https://user-images.githubusercontent.com/10214025/90518111-e74bbb00-e198-11ea-8f88-c9e3c1aa4b5b.png)](https://github.com/sponsors/supabase) \ No newline at end of file diff --git a/amazon-arm64-nix.pkr.hcl b/amazon-arm64-nix.pkr.hcl index e460dfc72..f625ac4af 100644 --- a/amazon-arm64-nix.pkr.hcl +++ b/amazon-arm64-nix.pkr.hcl @@ -1,6 +1,6 @@ variable "ami" { type = string - default = "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-arm64-server-*" + default = "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-arm64-server-*" } variable "profile" { @@ -115,7 +115,7 @@ source "amazon-ebssurrogate" "source" { #secret_key = "${var.aws_secret_key}" force_deregister = var.force-deregister - # Use latest official ubuntu focal ami owned by Canonical. + # Use latest official ubuntu noble ami owned by Canonical. source_ami_filter { filters = { virtualization-type = "hvm" diff --git a/ansible/files/admin_api_scripts/pg_upgrade_scripts/complete.sh b/ansible/files/admin_api_scripts/pg_upgrade_scripts/complete.sh index 31cc7d09d..ce4518e9d 100755 --- a/ansible/files/admin_api_scripts/pg_upgrade_scripts/complete.sh +++ b/ansible/files/admin_api_scripts/pg_upgrade_scripts/complete.sh @@ -333,6 +333,9 @@ function complete_pg_upgrade { echo "5.1. Restarting gotrue and postgrest" retry 3 service gotrue restart retry 3 service postgrest restart + + echo "5.2. Applying netplan configuration to fix network issues" + retry 3 sudo netplan apply else retry 3 CI_stop_postgres || true retry 3 CI_start_postgres diff --git a/ansible/files/adminapi.sudoers.conf b/ansible/files/adminapi.sudoers.conf index ae5537715..531d47ca1 100644 --- a/ansible/files/adminapi.sudoers.conf +++ b/ansible/files/adminapi.sudoers.conf @@ -23,6 +23,7 @@ Cmnd_Alias PGBOUNCER = /bin/systemctl start pgbouncer.service, /bin/systemctl st %adminapi ALL= NOPASSWD: /bin/systemctl restart services.slice %adminapi ALL= NOPASSWD: /usr/sbin/nft -f /etc/nftables/supabase_managed.conf %adminapi ALL= NOPASSWD: /usr/bin/admin-mgr +%adminapi ALL= NOPASSWD: /usr/sbin/netplan apply %adminapi ALL= NOPASSWD: ENVOY %adminapi ALL= NOPASSWD: KONG %adminapi ALL= NOPASSWD: POSTGREST diff --git a/ansible/files/permission_check.py b/ansible/files/permission_check.py index a753f69ec..15acf839a 100644 --- a/ansible/files/permission_check.py +++ b/ansible/files/permission_check.py @@ -40,7 +40,6 @@ "backup": [{"groupname": "backup", "username": "backup"}], "list": [{"groupname": "list", "username": "list"}], "irc": [{"groupname": "irc", "username": "irc"}], - "gnats": [{"groupname": "gnats", "username": "gnats"}], "nobody": [{"groupname": "nogroup", "username": "nobody"}], "systemd-network": [ {"groupname": "systemd-network", "username": "systemd-network"} @@ -216,7 +215,6 @@ def main(): "backup", "list", "irc", - "gnats", "nobody", "systemd-network", "systemd-resolve", @@ -233,7 +231,6 @@ def main(): "adminapi", "postgrest", "tcpdump", - "systemd-coredump", ] if not qemu_artifact: usernames.append("ec2-instance-connect") diff --git a/ansible/files/systemd-networkd/systemd-networkd-check-and-fix.service b/ansible/files/systemd-networkd/systemd-networkd-check-and-fix.service index 5e7094388..a5153c63a 100644 --- a/ansible/files/systemd-networkd/systemd-networkd-check-and-fix.service +++ b/ansible/files/systemd-networkd/systemd-networkd-check-and-fix.service @@ -1,6 +1,7 @@ [Unit] Description=Check if systemd-networkd has broken NDisc routes and fix -Requisite=systemd-networkd.service +# Remove Requisite to prevent being killed when restarting networkd +# Requisite=systemd-networkd.service After=systemd-networkd.service [Service] diff --git a/ansible/tasks/fix_ipv6_ndisc.yml b/ansible/tasks/fix_ipv6_ndisc.yml index 7489a2fe1..e33dbae3d 100644 --- a/ansible/tasks/fix_ipv6_ndisc.yml +++ b/ansible/tasks/fix_ipv6_ndisc.yml @@ -31,3 +31,7 @@ systemd: name: systemd-networkd-check-and-fix.timer enabled: true + +- name: Apply netplan configuration + shell: sudo netplan apply + when: debpkg_mode or nixpkg_mode diff --git a/ansible/tasks/setup-postgres.yml b/ansible/tasks/setup-postgres.yml index a1b7e6c7f..2fe302488 100644 --- a/ansible/tasks/setup-postgres.yml +++ b/ansible/tasks/setup-postgres.yml @@ -23,7 +23,7 @@ - name: Postgres - install server apt: - name: postgresql-{{ postgresql_major }}={{ postgresql_release }}-1.pgdg20.04+1 + name: postgresql-{{ postgresql_major }}={{ postgresql_release }}-1.pgdg24.04+1 install_recommends: no when: debpkg_mode diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index b6e0f951c..df9fecb32 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -8,7 +8,7 @@ - name: PostgREST - add Postgres PPA main apt_repository: - repo: "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" + repo: "deb http://apt.postgresql.org/pub/repos/apt/ noble-pgdg {{ postgresql_major }}" state: present filename: postgresql-pgdg @@ -36,7 +36,7 @@ - name: PostgREST - remove Postgres PPA apt_repository: - repo: "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" + repo: "deb http://apt.postgresql.org/pub/repos/apt/ noble-pgdg {{ postgresql_major }}" state: absent - name: postgis - ensure dependencies do not get autoremoved @@ -56,7 +56,7 @@ - name: PostgREST - download ubuntu binary archive (x86) get_url: - url: "https://github.com/PostgREST/postgrest/releases/download/v{{ postgrest_release }}/postgrest-v{{ postgrest_release }}-linux-static-x64.tar.xz" + url: "https://github.com/PostgREST/postgrest/releases/download/v{{ postgrest_release }}/postgrest-v{{ postgrest_release }}-linux-static-x86-64.tar.xz" dest: /tmp/postgrest.tar.xz checksum: "{{ postgrest_x86_release_checksum }}" timeout: 60 diff --git a/ansible/tasks/setup-wal-g.yml b/ansible/tasks/setup-wal-g.yml index a05106ede..fa8b6b09c 100644 --- a/ansible/tasks/setup-wal-g.yml +++ b/ansible/tasks/setup-wal-g.yml @@ -58,7 +58,6 @@ owner: wal-g group: wal-g mode: '0664' - when: stage2_nix - name: Move custom wal-g.conf file to /etc/postgresql-custom/wal-g.conf template: @@ -67,7 +66,6 @@ mode: 0664 owner: postgres group: postgres - when: stage2_nix - name: Add script to be run for restore_command template: @@ -76,7 +74,6 @@ mode: 0500 owner: postgres group: postgres - when: stage2_nix - name: Add helper script for wal_fetch.sh template: @@ -84,7 +81,6 @@ dest: /root/wal_change_ownership.sh mode: 0700 owner: root - when: stage2_nix - name: Include /etc/postgresql-custom/wal-g.conf in postgresql.conf become: yes diff --git a/ansible/vars.yml b/ansible/vars.yml index 7a7147353..ee9467e3f 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -9,20 +9,20 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.0.1.098-orioledb" - postgres17: "17.4.1.048" - postgres15: "15.8.1.105" + postgresorioledb-17: "17.0.1.092-orioledb-prst13-5" + postgres17: "17.4.1.042-prst13-5" + postgres15: "15.8.1.099-prst13-5" # Non Postgres Extensions pgbouncer_release: "1.19.0" pgbouncer_release_checksum: sha256:af0b05e97d0e1fd9ad45fe00ea6d2a934c63075f67f7e2ccef2ca59e3d8ce682 # to get these use -# wget https://github.com/PostgREST/postgrest/releases/download/v12.2.3/postgrest-v12.2.3-ubuntu-aarch64.tar.xz -q -O- | sha1sum -# wget https://github.com/PostgREST/postgrest/releases/download/v12.2.3/postgrest-v12.2.3-linux-static-x64.tar.xz -q -O- | sha1sum -postgrest_release: "12.2.3" -postgrest_arm_release_checksum: sha1:fbfd6613d711ce1afa25c42d5df8f1b017f396f9 -postgrest_x86_release_checksum: sha1:61c513f91a8931be4062587b9d4a18b42acf5c05 +# wget https://github.com/PostgREST/postgrest/releases/download/v13.0.4/postgrest-v13.0.4-ubuntu-aarch64.tar.xz -q -O- | sha1sum +# wget https://github.com/PostgREST/postgrest/releases/download/v13.0.4/postgrest-v13.0.4-linux-static-x86-64.tar.xz -q -O- | sha1sum +postgrest_release: "13.0.4" +postgrest_arm_release_checksum: sha1:d4be5a9d8b661b241e057ac87cdb5c877b15a19e +postgrest_x86_release_checksum: sha1:dff3e1132ca3b34b6b34325d2261104dbed842c0 gotrue_release: 2.176.1 gotrue_release_checksum: sha1:3b392d2e332d5b5114e571c0d62ab9f827fd5b76 @@ -31,16 +31,16 @@ aws_cli_release: "2.23.11" salt_minion_version: 3007 -golang_version: "1.19.3" +golang_version: "1.22.11" golang_version_checksum: - arm64: sha256:99de2fe112a52ab748fb175edea64b313a0c8d51d6157dba683a6be163fd5eab - amd64: sha256:74b9640724fd4e6bb0ed2a1bc44ae813a03f1e72a4c76253e2d5c015494430ba + arm64: sha256:0fc88d966d33896384fbde56e9a8d80a305dc17a9f48f1832e061724b1719991 + amd64: sha256:9ebfcab26801fa4cf0627c6439db7a4da4d3c6766142a3dd83508240e4f21031 envoy_release: 1.28.0 envoy_release_checksum: sha1:b0a06e9cfb170f1993f369beaa5aa9d7ec679ce5 envoy_hot_restarter_release_checksum: sha1:6d43b89d266fb2427a4b51756b649883b0617eda -kong_release_target: focal # if it works, it works +kong_release_target: focal kong_deb: kong_2.8.1_arm64.deb kong_deb_checksum: sha1:2086f6ccf8454fe64435252fea4d29d736d7ec61 diff --git a/docker/Dockerfile b/docker/Dockerfile index 116377b5d..53a96029e 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,8 +1,8 @@ -ARG ubuntu_release=focal +ARG ubuntu_release=noble FROM ubuntu:${ubuntu_release} as base ARG ubuntu_release=flocal -ARG ubuntu_release_no=20.04 +ARG ubuntu_release_no=24.04 ARG postgresql_major=15 ARG postgresql_release=${postgresql_major}.1 diff --git a/ebssurrogate/files/sources-arm64.cfg b/ebssurrogate/files/sources-arm64.cfg index a2363773e..eed6c0f16 100644 --- a/ebssurrogate/files/sources-arm64.cfg +++ b/ebssurrogate/files/sources-arm64.cfg @@ -1,10 +1,10 @@ -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal main restricted -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-updates main restricted -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal universe -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-updates universe -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal multiverse -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-updates multiverse -deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-backports main restricted universe multiverse -deb http://ports.ubuntu.com/ubuntu-ports focal-security main restricted -deb http://ports.ubuntu.com/ubuntu-ports focal-security universe -deb http://ports.ubuntu.com/ubuntu-ports focal-security multiverse +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble main restricted +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-updates main restricted +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble universe +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-updates universe +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble multiverse +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-updates multiverse +deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-backports main restricted universe multiverse +deb http://ports.ubuntu.com/ubuntu-ports noble-security main restricted +deb http://ports.ubuntu.com/ubuntu-ports noble-security universe +deb http://ports.ubuntu.com/ubuntu-ports noble-security multiverse diff --git a/ebssurrogate/files/sources.cfg b/ebssurrogate/files/sources.cfg index ec3011807..a27be052f 100644 --- a/ebssurrogate/files/sources.cfg +++ b/ebssurrogate/files/sources.cfg @@ -1,10 +1,10 @@ -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal main restricted -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-updates main restricted -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal universe -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-updates universe -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal multiverse -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-updates multiverse -deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse -deb http://security.ubuntu.com/ubuntu focal-security main restricted -deb http://security.ubuntu.com/ubuntu focal-security universe -deb http://security.ubuntu.com/ubuntu focal-security multiverse +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble main restricted +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-updates main restricted +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble universe +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-updates universe +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble multiverse +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-updates multiverse +deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-backports main restricted universe multiverse +deb http://security.ubuntu.com/ubuntu noble-security main restricted +deb http://security.ubuntu.com/ubuntu noble-security universe +deb http://security.ubuntu.com/ubuntu noble-security multiverse diff --git a/ebssurrogate/scripts/chroot-bootstrap-nix.sh b/ebssurrogate/scripts/chroot-bootstrap-nix.sh index cda6bd2aa..9a623eb12 100755 --- a/ebssurrogate/scripts/chroot-bootstrap-nix.sh +++ b/ebssurrogate/scripts/chroot-bootstrap-nix.sh @@ -58,7 +58,7 @@ function update_install_packages { apt-get upgrade -y # Install OpenSSH and other packages - sudo add-apt-repository universe + sudo add-apt-repository --yes universe apt-get update apt-get install -y --no-install-recommends \ openssh-server \ @@ -157,10 +157,21 @@ function disable_fsck { # Don't request hostname during boot but set hostname function setup_hostname { - sed -i 's/gethostname()/ubuntu /g' /etc/dhcp/dhclient.conf - sed -i 's/host-name,//g' /etc/dhcp/dhclient.conf + # Set the static hostname echo "ubuntu" > /etc/hostname chmod 644 /etc/hostname + # Update netplan configuration to not send hostname + cat << EOF > /etc/netplan/01-hostname.yaml +network: + version: 2 + ethernets: + eth0: + dhcp4: true + dhcp4-overrides: + send-hostname: false +EOF + # Set proper permissions for netplan security + chmod 600 /etc/netplan/01-hostname.yaml } # Set options for the default interface @@ -172,6 +183,8 @@ network: eth0: dhcp4: true EOF + # Set proper permissions for netplan security + chmod 600 /etc/netplan/eth0.yaml } function disable_sshd_passwd_auth { diff --git a/ebssurrogate/scripts/surrogate-bootstrap-nix.sh b/ebssurrogate/scripts/surrogate-bootstrap-nix.sh index 39b8f4e82..965b1e07b 100755 --- a/ebssurrogate/scripts/surrogate-bootstrap-nix.sh +++ b/ebssurrogate/scripts/surrogate-bootstrap-nix.sh @@ -148,7 +148,7 @@ EOF } function setup_chroot_environment { - UBUNTU_VERSION=$(lsb_release -cs) # 'focal' for Ubuntu 20.04 + UBUNTU_VERSION=$(lsb_release -cs) # 'noble' for Ubuntu 24.04 # Bootstrap Ubuntu into /mnt debootstrap --arch ${ARCH} --variant=minbase "$UBUNTU_VERSION" /mnt diff --git a/nix/tools/update_readme.nu b/nix/tools/update_readme.nu index bfb46ab0a..b19c266a3 100755 --- a/nix/tools/update_readme.nu +++ b/nix/tools/update_readme.nu @@ -153,7 +153,7 @@ def update_readme [] { # Update Primary Features section let features_content = [ ($pg_versions | each {|version| create_version_link $version} | str join "\n") - "- ✅ Ubuntu 20.04 (Focal Fossa)." + "- ✅ Ubuntu 24.04 (Noble Numbat)." "- ✅ [wal_level](https://www.postgresql.org/docs/current/runtime-config-wal.html) = logical and [max_replication_slots](https://www.postgresql.org/docs/current/runtime-config-replication.html) = 5. Ready for replication." "- ✅ [Large Systems Extensions](https://github.com/aws/aws-graviton-getting-started#building-for-graviton-and-graviton2). Enabled for ARM images." ] diff --git a/scripts/90-cleanup.sh b/scripts/90-cleanup.sh index f2e19686d..644e5f7f6 100644 --- a/scripts/90-cleanup.sh +++ b/scripts/90-cleanup.sh @@ -24,10 +24,8 @@ elif [ -n "$(command -v apt-get)" ]; then autoconf \ autotools-dev \ cmake-data \ - cpp-8 \ cpp-9 \ cpp-10 \ - gcc-8 \ gcc-9 \ gcc-10 \ git \ @@ -36,14 +34,12 @@ elif [ -n "$(command -v apt-get)" ]; then libicu-dev \ libcgal-dev \ libgcc-9-dev \ - libgcc-8-dev \ ansible add-apt-repository --yes --remove ppa:ansible/ansible source /etc/os-release - apt-get -y remove --purge linux-headers-5.11.0-1021-aws - + apt-get -y update apt-get -y upgrade apt-get -y autoremove diff --git a/scripts/99-img_check.sh b/scripts/99-img_check.sh index 00b547641..ac958a5fc 100755 --- a/scripts/99-img_check.sh +++ b/scripts/99-img_check.sh @@ -569,7 +569,7 @@ osv=0 if [[ $OS == "Ubuntu" ]]; then ost=1 - if [[ $VER == "20.04" ]]; then + if [[ $VER == "24.04" ]]; then osv=1 elif [[ $VER == "18.04" ]]; then osv=1 diff --git a/testinfra/README.md b/testinfra/README.md index 977043c3b..6ecdeadb5 100644 --- a/testinfra/README.md +++ b/testinfra/README.md @@ -32,8 +32,8 @@ for layer in /tmp/extensions/*/layer.tar; do tar xvf "$layer" -C ansible/files/extensions --strip-components 1 done docker buildx build \ - --build-arg ubuntu_release=focal \ - --build-arg ubuntu_release_no=20.04 \ + --build-arg ubuntu_release=noble \ + --build-arg ubuntu_release_no=24.04 \ --build-arg postgresql_major=15 \ --build-arg postgresql_release=15.1 \ --build-arg CPPFLAGS=-mcpu=neoverse-n1 \ diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py index 864ab2861..d7b3ecca7 100644 --- a/testinfra/test_ami_nix.py +++ b/testinfra/test_ami_nix.py @@ -293,6 +293,9 @@ def gzip_then_base64_encode(s: str) -> str: )[0] instance.wait_until_running() + # Increase wait time before starting health checks + sleep(30) # Wait for 30 seconds to allow services to start + ec2logger = EC2InstanceConnectLogger(debug=False) temp_key = EC2InstanceConnectKey(ec2logger.get_logger()) ec2ic = boto3.client("ec2-instance-connect", region_name="ap-southeast-1") diff --git a/tests/pg_upgrade/debug.sh b/tests/pg_upgrade/debug.sh index b05d8941d..50fb9facc 100755 --- a/tests/pg_upgrade/debug.sh +++ b/tests/pg_upgrade/debug.sh @@ -24,7 +24,7 @@ if [ ! -f "$LATEST_VERSION_SCRIPTS" ]; then fi if [ ! -f "$LATEST_VERSION_BIN" ]; then - aws s3 cp "s3://${ARTIFACTS_BUCKET_NAME}/upgrades/postgres/supabase-postgres-${LATEST_PG_VERSION}/20.04.tar.gz" "$LATEST_VERSION_BIN" + aws s3 cp "s3://${ARTIFACTS_BUCKET_NAME}/upgrades/postgres/supabase-postgres-${LATEST_PG_VERSION}/24.04.tar.gz" "$LATEST_VERSION_BIN" fi rm -rf scripts/pg_upgrade_scripts