feat: integration of nix with packer/ansible stage2 steps

Author: samrose

ansible/playbook.yml

@@ -27,7 +27,7 @@
     - set_fact:
         parallel_jobs: 16
 
-    - name: Install Postgres from source
+    - name: Prepare machine for Postgres installation
       import_tasks: tasks/setup-postgres.yml
 
     - name: Install PgBouncer
@@ -76,11 +76,6 @@
         src: files/apt_periodic
         dest: /etc/apt/apt.conf.d/10periodic
 
-    - name: First boot optimizations
-      import_tasks: tasks/internal/optimizations.yml
-      tags:
-        - install-supabase-internal
-
     - name: Finalize AMI
       import_tasks: tasks/finalize-ami.yml
       tags:
@@ -110,9 +105,3 @@
 
     - name: Clean out build dependencies
       import_tasks: tasks/clean-build-dependencies.yml
-
-    # - name: Collect Postgres binaries
-    #   import_tasks: tasks/internal/collect-pg-binaries.yml
-    #   tags:
-    #     - collect-binaries
-    #TODO bring into 2nd phase

ansible/tasks/finalize-ami.yml

@@ -70,12 +70,3 @@
         sed -i -e 's;daily;*:0/5;' /etc/systemd/system/logrotate.timer
         systemctl reenable logrotate.timer
   become: yes
-
-# - name: import pgsodium_getkey script
-#   template:
-#     src: files/pgsodium_getkey_readonly.sh.j2
-#     dest: "{{ pg_bindir }}/pgsodium_getkey.sh"
-#     owner: postgres
-#     group: postgres
-#     mode: 0700
-# TODO bring into 2nd phase

ansible/tasks/internal/optimizations.yml

@@ -0,0 +1,46 @@
+# - name: ensure services are stopped
+#   community.general.snap:
+#     name: amazon-ssm-agent
+#     state: absent
+# TODO taking this out as machine at this stage reports
+# that aws-ssm-agent is not installed at all
+
+- name: ensure services are stopped and disabled for first boot
+  systemd:
+    enabled: no
+    name: '{{ item }}'
+    state: stopped
+  with_items:
+    #- snapd
+    - postgresql
+    - pgbouncer
+    - fail2ban
+    - motd-news
+    - vector
+
+- name: Remove snapd
+  apt:
+    state: absent
+    pkg:
+      - snapd
+
+# - name: ensure services are stopped and disabled for first boot
+#   systemd:
+#     enabled: no
+#     name: '{{ item }}'
+#     state: stopped
+#     masked: yes
+#   with_items:
+#     - lvm2-monitor
+# machine at this stage reports this service is stopped and disabled
+
+
+- name: disable man-db
+  become: yes
+  file:
+    state: absent
+    path: "/etc/cron.daily/{{ item }}"
+  with_items:
+    - man-db
+    - popularity-contest
+    - ubuntu-advantage-tools

ansible/tasks/stage2/optimizations.yml

@@ -1,6 +1,11 @@
 - hosts: localhost
   become: yes
 
+  vars:
+    sql_files:
+      - "/tmp/ansible-playbook/files/pgbouncer_config/pgbouncer_auth_schema.sql"
+      - "/tmp/ansible-playbook/files/stat_extension.sql"
+
 
   tasks:
     - set_fact:
@@ -13,3 +18,11 @@
 
     - name: Install Postgres from nix binary cache
       import_tasks: stage2-setup-postgres.yml
+
+    - name: First boot optimizations
+      import_tasks: optimizations.yml
+
+    - name: Run unit tests
+      import_tasks: test-image.yml
+      tags:
+        - unit-tests

ansible/tasks/stage2/playbook.yml

@@ -1,14 +1,16 @@
-- name: Copy extension packages
-  copy:
-    src: files/extensions/
-    dest: /tmp/extensions/
+# - name: Copy extension packages
+#   copy:
+#     src: files/extensions/
+#     dest: /tmp/extensions/
+
+# # Builtin apt module does not support wildcard for deb paths
+# - name: Install extensions
+#   shell: |
+#     set -e
+#     apt-get update
+#     apt-get install -y --no-install-recommends /tmp/extensions/*.deb
+# TODO remove
 
-# Builtin apt module does not support wildcard for deb paths
-- name: Install extensions
-  shell: |
-    set -e
-    apt-get update
-    apt-get install -y --no-install-recommends /tmp/extensions/*.deb
 
 - name: pg_cron - set cron.database_name
   become: yes
@@ -17,11 +19,8 @@
     state: present
     line: cron.database_name = 'postgres'
 
-- name: pgsodium - determine postgres bin directory
-  shell: pg_config --bindir
-  register: pg_bindir_output
 - set_fact:
-    pg_bindir: "{{ pg_bindir_output.stdout }}"
+    pg_bindir: "/usr/lib/postgresql/bin"
 
 - name: pgsodium - set pgsodium.getkey_script
   become: yes
@@ -48,15 +47,15 @@
 
 - name: supautils - write custom supautils.conf
   template:
-    src: "files/postgresql_config/supautils.conf.j2"
+    src: "/tmp/ansible-playbook/files/postgresql_config/supautils.conf.j2"
     dest: /etc/postgresql-custom/supautils.conf
     mode: 0664
     owner: postgres
     group: postgres
 
 - name: supautils - copy extension custom scripts
   copy:
-    src: files/postgresql_extension_custom_scripts/
+    src: /tmp/ansible-playbook/files/postgresql_extension_custom_scripts/
     dest: /etc/postgresql-custom/extension-custom-scripts
   become: yes
 
@@ -76,7 +75,8 @@
     regexp: "#include = '/etc/postgresql-custom/supautils.conf'"
     replace: "include = '/etc/postgresql-custom/supautils.conf'"
 
-- name: Cleanup - extension packages
-  file:
-    path: /tmp/extensions
-    state: absent
+# - name: Cleanup - extension packages
+#   file:
+#     path: /tmp/extensions
+#     state: absent
+# TODO remove

ansible/tasks/setup-docker.yml renamed to ansible/tasks/stage2/setup-extensions.yml

@@ -0,0 +1,13 @@
+- name: Run migrate.sh script
+  shell: . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && ./migrate.sh
+  register: retval
+  args:
+    chdir: /tmp/migrations/db
+  become: yes
+  become_user: postgres
+  failed_when: retval.rc != 0
+
+- name: Create /root/MIGRATION-AMI file
+  file:
+    path: "/root/MIGRATION-AMI"
+    state: touch