bcgov · DerekRoberts · Aug 6, 2025 · Jun 26, 2025 · Jun 26, 2025 · Jun 26, 2025
diff --git a/db/Dockerfile b/db/Dockerfile
@@ -1,4 +1,4 @@
-FROM postgis/postgis:13-master
+FROM postgis/postgis:17-master
 
 # Enable pgcrypto extension on startup
 RUN sed -i '/EXISTS postgis_tiger_geocoder;*/a CREATE EXTENSION IF NOT EXISTS pgcrypto;' \

diff --git a/db/Dockerfile-v17 b/db/Dockerfile-v17
diff --git a/db/README.md b/db/README.md
@@ -0,0 +1,112 @@
+# PostgreSQL Database Major Version Upgrade Steps
+
+This guide outlines the steps to migrate a database to PostgreSQL v17 in an OpenShift environment. It can be reused for upgrading to other versions.
+
+## Prerequisites
+- Create a pr branch before upgrading, update the db/openshift.deployment.yml for DB_VERSION to next version (e.g., 18)
+- Check out the pr branch in local and use the branch terminal for execution steps
+
+## Notes
+**Whenever we need to do a database migration, run the scripts first before merge the upgradation pr, as it will use the new PVC name for the new database.**
+
+## Steps
+
+### 1. Set the Target Environment
+
+Set the target to a PR number (e.g., `819`), `test`, or `prod`:
+
+```bash
+export TARGET=819
+```
+
+### 2. Log in to OpenShift via CLI and set the appropriate namespace (`dev`, `test`, or `prod`).
+
+### 3. Scale Down the API
+
+```bash
+oc scale deployment fom-${TARGET}-api --replicas=0
+```
+
+### 4. Rename the Old Database
+
+Navigate to the `db` directory: `cd db`. The script renames the original database deployment config (e.g., `fom-819-db` to `fom-819-db-prev`). 
+
+> Note: In order to rename the deployment config, we must delete and recreate it because we cannot edit it directly. It creates the database using the same PVC. PVC will not get renamed.
+
+```bash
+./rename_deployment.sh fom-${TARGET}-db
+```
+
+### 5. Deploy the New PostgreSQL Database (e.g., v17)
+
+Create a new deployment config (e.g., `fom-819-db`) with PostgreSQL v17 and a new PVC (e.g., `fom-819-db-17`) that has the default data:
+
+```bash
+oc process -f openshift.deploy.yml -p ZONE=${TARGET} -p TAG=${TARGET} | oc apply -f -
+```
+
+### 6. Transfer Data from Old to New Database
+
+```bash
+./db_transfer.sh fom-${TARGET}-db-prev fom-${TARGET}-db
+```
+
+### 7. Manual Verification
+
+Connect to the new database and verify:
+
+```bash
+psql -U postgres -d fom
+```
+
+Run the following checks:
+
+```sql
+-- Check project row count
+SELECT COUNT(1) FROM app_fom.project;
+
+-- Check installed extensions and versions
+SELECT extname AS extension, extversion AS version
+FROM pg_extension
+ORDER BY extname;
+```
+
+In non-prod environments, add a new FOM and verify project counts again.
+
+### 8. Scale Up the API
+
+```bash
+oc scale deployment fom-${TARGET}-api --replicas=3
+```
+
+## Rollback Procedure
+
+1. Scale down the API:
+
+    ```bash
+    oc scale deployment fom-${TARGET}-api --replicas=0
+    ```
+
+2. Delete or rename the new database deployment config:
+
+    ```bash
+    ./rename_deployment.sh fom-${TARGET}-db fom-${TARGET}-db-upgraded
+    ```
+
+3. Restore the old database:
+
+    ```bash
+    ./rename_deployment.sh fom-${TARGET}-db-prev fom-${TARGET}-db
+    ```
+
+4. Verify the database is running.
+
+5. Scale up the API:
+
+    ```bash
+    oc scale deployment fom-${TARGET}-api --replicas=3
+    ```
+
+
+
+
diff --git a/db/db_transfer.sh b/db/db_transfer.sh
@@ -0,0 +1,74 @@
+#!/bin/bash
+#
+# Database Transfer Script for OpenShift
+# Usage:
+#   ./db_transfer.sh <source-deployment-name> <target-deployment-name>
+#
+# This script takes a PostgreSQL database dump from the <source-deployment-name> and restores it into the <target-deployment-name>.
+# Requirements:
+# - Both deployments must have running pods managed by the given deployment names.
+# - The database template should use a PersistentVolumeClaim with a different name for the new deployment.
+# - The new deployment should be ready to accept a restore.
+# - The script assumes the container name is the default or the first in the pod spec.
+#
+# Notes:
+# - If the target database is not empty, you may see errors like "schema ... already exists".
+#   These are expected if objects already exist and can usually be ignored, but always review
+#   the output for unexpected or critical errors.
+
+# Strict mode: exit on error, unset vars, or failed pipes
+set -euo pipefail
+
+# Usage
+if [[ $# -lt 2 ]]; then
+  grep -v '^#!' "$0" | awk '/^#/ { sub(/^# ?/, ""); print; next } NF==0 { exit }'
+  exit 1
+fi
+
+SOURCE_DEPLOYMENT="${1}"
+TARGET_DEPLOYMENT="${2}"
+DUMP_PARAMETERS="${DUMP_PARAMETERS:---exclude-schema=tiger --exclude-schema=tiger_data --exclude-schema=topology}"
+
+# Fail fast if pods aren't found
+if ! oc get po -l deployment="${SOURCE_DEPLOYMENT}" | grep -q .; then
+  echo "No pods found for deployment '${SOURCE_DEPLOYMENT}'."
+  exit 2
+fi
+if ! oc get po -l deployment="${TARGET_DEPLOYMENT}" | grep -q .; then
+  echo "No pods found for deployment '${TARGET_DEPLOYMENT}'."
+  exit 2
+fi
+
+# Safety check: compare PVC ages to prevent accidental reverse transfers
+SOURCE_PVC=$(oc get deployment "${SOURCE_DEPLOYMENT}" -o jsonpath='{.spec.template.spec.volumes[?(@.persistentVolumeClaim)].persistentVolumeClaim.claimName}')
+TARGET_PVC=$(oc get deployment "${TARGET_DEPLOYMENT}" -o jsonpath='{.spec.template.spec.volumes[?(@.persistentVolumeClaim)].persistentVolumeClaim.claimName}')
+
+if [[ -n "${SOURCE_PVC}" && -n "${TARGET_PVC}" ]]; then
+  SOURCE_PVC_CREATION_TIME=$(oc get pvc "${SOURCE_PVC}" -o jsonpath='{.metadata.creationTimestamp}')
+  TARGET_PVC_CREATION_TIME=$(oc get pvc "${TARGET_PVC}" -o jsonpath='{.metadata.creationTimestamp}')
+  SOURCE_PVC_EPOCH=$(date -d "${SOURCE_PVC_CREATION_TIME}" +%s)
+  TARGET_PVC_EPOCH=$(date -d "${TARGET_PVC_CREATION_TIME}" +%s)
+
+  if [[ ${SOURCE_PVC_EPOCH} -gt ${TARGET_PVC_EPOCH} ]]; then
+    echo "WARNING: Source PVC '${SOURCE_PVC}' ($(date -d "${SOURCE_PVC_CREATION_TIME}" '+%Y-%m-%d %H:%M')) is NEWER than target PVC '${TARGET_PVC}' ($(date -d "${TARGET_PVC_CREATION_TIME}" '+%Y-%m-%d %H:%M'))."
+    echo "This may be a reverse transfer that could overwrite newer data with older data."
+    echo -n "Are you sure you want to continue? (yes/no): "
+    read -r CONFIRM
+    if [[ "${CONFIRM}" != "yes" ]]; then
+      echo "Transfer cancelled by user."
+      exit 2
+    fi
+  else
+    echo "Safety check passed: Source PVC is older than target PVC."
+  fi
+else
+  echo "Warning: Could not find PVCs for comparison. Proceeding without age check."
+fi
+
+# Stream dump directly from old deployment to new deployment
+echo -e "\nDatabase transfer from '${SOURCE_DEPLOYMENT}' to '${TARGET_DEPLOYMENT}' beginning."
+oc exec -i deployment/"${SOURCE_DEPLOYMENT}" -- bash -c "pg_dump -U \${POSTGRES_USER} -d \${POSTGRES_DB} -Fc ${DUMP_PARAMETERS}" \
+  | oc exec -i deployment/"${TARGET_DEPLOYMENT}" -- bash -c "pg_restore -U \${POSTGRES_USER} -d \${POSTGRES_DB} -Fc"
+
+# Results
+echo -e "\nDatabase transfer from '${SOURCE_DEPLOYMENT}' to '${TARGET_DEPLOYMENT}' complete."
diff --git a/db/openshift.deploy.dbupgrade.v17.yml b/db/openshift.deploy.dbupgrade.v17.yml