diff --git a/ansible/files/admin_api_scripts/commence_walg_backup.sh b/ansible/files/admin_api_scripts/commence_walg_backup.sh deleted file mode 100644 index 22841ed57..000000000 --- a/ansible/files/admin_api_scripts/commence_walg_backup.sh +++ /dev/null @@ -1,7 +0,0 @@ -#! /usr/bin/env bash - -set -euo pipefail - -WALG_SENTINEL_USER_DATA="{ \"project_id\": $1, \"backup_id\": $2 }" nohup wal-g backup-push /var/lib/postgresql/data --config /etc/wal-g/config.json --verify >> /var/log/wal-g/backup-push.log 2>&1 & - -echo "WAL-G backup job commenced" diff --git a/ansible/files/admin_api_scripts/commence_walg_restore.sh b/ansible/files/admin_api_scripts/commence_walg_restore.sh deleted file mode 100644 index 49d32a09e..000000000 --- a/ansible/files/admin_api_scripts/commence_walg_restore.sh +++ /dev/null @@ -1,49 +0,0 @@ -#! /usr/bin/env bash - -function commence_walg_restore { - # Clear everything beforehand - if [[ -d /tmp/wal_fetch_dir ]]; then - rm -rf /tmp/wal_fetch_dir - fi - - mkdir /tmp/wal_fetch_dir - chown postgres:postgres /tmp/wal_fetch_dir - chmod 770 /tmp/wal_fetch_dir - - backup_name=$1 - recovery_target_time=$2 - - echo "$recovery_target_time" - - # Stop database and empty it - systemctl stop postgresql - rm -rf /var/lib/postgresql/data/* - - # Download base backup - wal-g backup-fetch /var/lib/postgresql/data "$backup_name" --config /etc/wal-g/config.json - - # Signal for PITR upon restarting the DB - touch /var/lib/postgresql/data/recovery.signal - - # Ensure that downloaded backup is owned by the postgres Linux user - find /var/lib/postgresql/data/ -exec chown postgres:postgres {} + - find /var/lib/postgresql/data/ -type d -exec chmod 0750 {} + - find /var/lib/postgresql/data/ -type f -exec chmod 0640 {} + - - # Enable restoration upon start - sed -i "s/#restore_command/restore_command/" /etc/postgresql-custom/wal-g.conf - - # Set up parameters for PITR - sed -i "s/.*recovery_target_time =.*/recovery_target_time = '$recovery_target_time'/" /etc/postgresql-custom/wal-g.conf - sed -i "s/.*recovery_target_action/recovery_target_action/" /etc/postgresql-custom/wal-g.conf - sed -i "s/.*recovery_target_timeline/recovery_target_timeline/" /etc/postgresql-custom/wal-g.conf - sed -i "s/.*recovery_target_inclusive/recovery_target_inclusive/" /etc/postgresql-custom/wal-g.conf - - # Restart the DB - systemctl start postgresql -} - -set -euo pipefail - -commence_walg_restore "$1" "$2" >> /var/log/wal-g/backup-fetch.log 2>&1 & -echo "WAL-G restore job commenced" diff --git a/ansible/files/admin_api_scripts/complete_walg_restore.sh b/ansible/files/admin_api_scripts/complete_walg_restore.sh deleted file mode 100644 index 2184ca726..000000000 --- a/ansible/files/admin_api_scripts/complete_walg_restore.sh +++ /dev/null @@ -1,15 +0,0 @@ -#! /usr/bin/env bash - -set -euo pipefail - -# Disable recovery commands in the event of a restart -sed -i "s/.*restore_command/#restore_command/" /etc/postgresql-custom/wal-g.conf -sed -i "s/.*recovery_target_time/#recovery_target_time/" /etc/postgresql-custom/wal-g.conf -sed -i "s/.*recovery_target_action/#recovery_target_action/" /etc/postgresql-custom/wal-g.conf -sed -i "s/.*recovery_target_timeline/#recovery_target_timeline/" /etc/postgresql-custom/wal-g.conf -sed -i "s/.*recovery_target_inclusive/#recovery_target_inclusive/" /etc/postgresql-custom/wal-g.conf - -# Cleanup /tmp -rm -rf /tmp/walg_data/ /tmp/.wal-g/ /tmp/wal_fetch_dir/ - -echo "Cleanup post WAL-G restoration complete" diff --git a/ansible/files/admin_api_scripts/disable_walg.sh b/ansible/files/admin_api_scripts/disable_walg.sh deleted file mode 100644 index cfbe8dafe..000000000 --- a/ansible/files/admin_api_scripts/disable_walg.sh +++ /dev/null @@ -1,11 +0,0 @@ -#! /usr/bin/env bash - -set -euo pipefail - -sed -i "s/.*archive_mode/#archive_mode/" /etc/postgresql-custom/wal-g.conf -sed -i "s/.*archive_command/#archive_command/" /etc/postgresql-custom/wal-g.conf -sed -i "s/.*archive_timeout/#archive_timeout/" /etc/postgresql-custom/wal-g.conf - -systemctl restart postgresql - -echo "WAL-G successfully disabled" diff --git a/ansible/files/admin_api_scripts/enable_walg.sh b/ansible/files/admin_api_scripts/enable_walg.sh deleted file mode 100644 index b9181f270..000000000 --- a/ansible/files/admin_api_scripts/enable_walg.sh +++ /dev/null @@ -1,11 +0,0 @@ -#! /usr/bin/env bash - -set -euo pipefail - -sed -i "s/.*archive_mode/archive_mode/" /etc/postgresql-custom/wal-g.conf -sed -i "s/.*archive_command/archive_command/" /etc/postgresql-custom/wal-g.conf -sed -i "s/.*archive_timeout/archive_timeout/" /etc/postgresql-custom/wal-g.conf - -systemctl restart postgresql - -echo "WAL-G successfully enabled" diff --git a/ansible/files/adminapi.sudoers.conf b/ansible/files/adminapi.sudoers.conf index f76fb5d4c..9282d2d80 100644 --- a/ansible/files/adminapi.sudoers.conf +++ b/ansible/files/adminapi.sudoers.conf @@ -4,11 +4,6 @@ Cmnd_Alias GOTRUE = /bin/systemctl start gotrue.service, /bin/systemctl stop got Cmnd_Alias PGBOUNCER = /bin/systemctl start pgbouncer.service, /bin/systemctl stop pgbouncer.service, /bin/systemctl restart pgbouncer.service, /bin/systemctl disable pgbouncer.service, /bin/systemctl enable pgbouncer.service, /bin/systemctl reload pgbouncer.service %adminapi ALL= NOPASSWD: /root/grow_fs.sh -%adminapi ALL= NOPASSWD: /root/commence_walg_backup.sh -%adminapi ALL= NOPASSWD: /root/commence_walg_restore.sh -%adminapi ALL= NOPASSWD: /root/complete_walg_restore.sh -%adminapi ALL= NOPASSWD: /root/disable_walg.sh -%adminapi ALL= NOPASSWD: /root/enable_walg.sh %adminapi ALL= NOPASSWD: /root/manage_readonly_mode.sh %adminapi ALL= NOPASSWD: /root/pg_upgrade_prepare.sh %adminapi ALL= NOPASSWD: /root/pg_upgrade_initiate.sh @@ -22,6 +17,7 @@ Cmnd_Alias PGBOUNCER = /bin/systemctl start pgbouncer.service, /bin/systemctl st %adminapi ALL= NOPASSWD: /bin/systemctl daemon-reload %adminapi ALL= NOPASSWD: /bin/systemctl restart services.slice %adminapi ALL= NOPASSWD: /usr/sbin/nft -f /etc/nftables/supabase_managed.conf +%adminapi ALL= NOPASSWD: /usr/bin/admin-mgr %adminapi ALL= NOPASSWD: KONG %adminapi ALL= NOPASSWD: POSTGREST %adminapi ALL= NOPASSWD: GOTRUE diff --git a/ansible/files/postgresql_config/custom_walg.conf.j2 b/ansible/files/postgresql_config/custom_walg.conf.j2 index dd8f672b9..7c9c1bb84 100644 --- a/ansible/files/postgresql_config/custom_walg.conf.j2 +++ b/ansible/files/postgresql_config/custom_walg.conf.j2 @@ -1,13 +1,13 @@ # - Archiving - #archive_mode = on -#archive_command = 'sudo -u wal-g wal-g wal-push %p --config /etc/wal-g/config.json >> /var/log/wal-g/wal-push.log 2>&1' +#archive_command = '/usr/bin/admin-mgr wal-push %p >> /var/log/wal-g/wal-push.log 2>&1' #archive_timeout = 120 # - Archive Recovery - -#restore_command = '/home/postgres/wal_fetch.sh %f %p >> /var/log/wal-g/wal-fetch.log 2>&1' +#restore_command = '/usr/bin/admin-mgr wal-fetch %f %p >> /var/log/wal-g/wal-fetch.log 2>&1' # - Recovery Target - diff --git a/ansible/tasks/internal/admin-api.yml b/ansible/tasks/internal/admin-api.yml index 45c8f98db..1a0cbc13d 100644 --- a/ansible/tasks/internal/admin-api.yml +++ b/ansible/tasks/internal/admin-api.yml @@ -11,11 +11,6 @@ mode: "0700" owner: root loop: - - { file: "commence_walg_backup.sh" } - - { file: "commence_walg_restore.sh" } - - { file: "complete_walg_restore.sh" } - - { file: "disable_walg.sh" } - - { file: "enable_walg.sh" } - { file: "grow_fs.sh" } - { file: "manage_readonly_mode.sh" } - { file: "pg_upgrade_check.sh" } diff --git a/ansible/tasks/internal/admin-mgr.yml b/ansible/tasks/internal/admin-mgr.yml new file mode 100644 index 000000000..101dd2bfc --- /dev/null +++ b/ansible/tasks/internal/admin-mgr.yml @@ -0,0 +1,22 @@ +- name: Setting arch (x86) + set_fact: + arch: "x86" + when: platform == "amd64" + +- name: Setting arch (arm) + set_fact: + arch: "arm64" + when: platform == "arm64" + +- name: Download admin-mgr archive + get_url: + url: "https://supabase-public-artifacts-bucket.s3.amazonaws.com/admin-mgr/v{{ adminmgr_release }}/admin-mgr_{{ adminmgr_release }}_linux_{{ arch }}.tar.gz" + dest: "/tmp/admin-mgr.tar.gz" + timeout: 90 + +- name: admin-mgr - unpack archive in /usr/bin/ + unarchive: + remote_src: yes + src: /tmp/admin-mgr.tar.gz + dest: /usr/bin/ + owner: root diff --git a/ansible/tasks/setup-supabase-internal.yml b/ansible/tasks/setup-supabase-internal.yml index 51c5b23d6..c9113e202 100644 --- a/ansible/tasks/setup-supabase-internal.yml +++ b/ansible/tasks/setup-supabase-internal.yml @@ -83,6 +83,9 @@ - name: Install supautils import_tasks: internal/supautils.yml +- name: Install admin-mgr + import_tasks: internal/admin-mgr.yml + - name: Install adminapi import_tasks: internal/admin-api.yml diff --git a/ansible/tasks/setup-wal-g.yml b/ansible/tasks/setup-wal-g.yml index a325405cb..439bb2832 100644 --- a/ansible/tasks/setup-wal-g.yml +++ b/ansible/tasks/setup-wal-g.yml @@ -76,13 +76,6 @@ group: wal-g groups: wal-g, postgres -- name: Give postgres access to execute wal-g binary as wal-g user - copy: - content: | - postgres ALL=(wal-g) NOPASSWD: /usr/local/bin/wal-g - postgres ALL=(root) NOPASSWD: /root/wal_change_ownership.sh - dest: /etc/sudoers.d/postgres - - name: Create a config directory owned by wal-g file: path: /etc/wal-g diff --git a/ansible/vars.yml b/ansible/vars.yml index 35afb2632..7add67d02 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -41,7 +41,8 @@ postgres_exporter_release_checksum: arm64: sha256:d869c16791481dc8475487ad84ae4371a63f9b399898ca1c666eead5cccf7182 amd64: sha256:ff541bd3ee19c0ae003d71424a75edfcc8695e828dd20d5b4555ce433c89d60b -adminapi_release: 0.32.0 +adminapi_release: 0.34.0 +adminmgr_release: 0.3.0 # Postgres Extensions postgis_release: "3.3.2" diff --git a/common.vars.pkr.hcl b/common.vars.pkr.hcl index f083a9b04..055d46dc4 100644 --- a/common.vars.pkr.hcl +++ b/common.vars.pkr.hcl @@ -1 +1 @@ -postgres-version = "15.1.0.32" +postgres-version = "15.1.0.33"