chore: avoid using ansible globbing

darora · darora · commit 4c2aa5bce939 · 2024-11-26T05:38:15.000+08:00
diff --git a/amazon-arm64-nix.pkr.hcl b/amazon-arm64-nix.pkr.hcl
@@ -38,14 +38,10 @@ variable "environment" {
   default = "prod"
 }
 
-variable "git_sha" {
+variable "region" {
   type    = string
 }
 
-# variable "region" {
-#   type    = string
-# }
-
 variable "build-vol" {
   type    = string
   default = "xvdc"
@@ -102,83 +98,129 @@ packer {
       source  = "github.com/hashicorp/amazon"
       version = "~> 1"
     }
-    qemu = {
-      version = "~> 1.0"
-      source  = "github.com/hashicorp/qemu"
-    }
   }
 }
 
-source "null" "dependencies" {
-  communicator = "none"
-}
+# source block
+source "amazon-ebssurrogate" "source" {
+  profile = "${var.profile}"
+  #access_key    = "${var.aws_access_key}"
+  #ami_name = "${var.ami_name}-arm64-${formatdate("YYYY-MM-DD-hhmm", timestamp())}"
+  ami_name = "${var.ami_name}-${var.postgres-version}-stage-1"
+  ami_virtualization_type = "hvm"
+  ami_architecture = "arm64"
+  ami_regions   = "${var.ami_regions}"
+  instance_type = "c6g.4xlarge"
+  region       = "${var.region}"
+  #secret_key   = "${var.aws_secret_key}"
+  force_deregister = var.force-deregister
 
-build {
-  name    = "cloudimg.deps"
-  sources = ["source.null.dependencies"]
+  # Use latest official ubuntu focal ami owned by Canonical.
+  source_ami_filter {
+    filters = {
+      virtualization-type = "hvm"
+      name = "${var.ami}"
+      root-device-type = "ebs"
+    }
+    owners = [ "099720109477" ]
+    most_recent = true
+   }
+  ena_support = true
+  launch_block_device_mappings {
+    device_name = "/dev/xvdf"
+    delete_on_termination = true
+    volume_size = 10
+    volume_type = "gp3"
+   }
 
-  provisioner "shell-local" {
-    inline = [
-      "cp /usr/share/AAVMF/AAVMF_VARS.fd AAVMF_VARS.fd",
-      "cloud-localds seeds-cloudimg.iso user-data-cloudimg meta-data"
-    ]
-    inline_shebang = "/bin/bash -e"
-  }
-}
-
-source "qemu" "cloudimg" {
-  boot_wait      = "2s"
-  cpus           = 12
-  disk_image     = true
-  disk_size      = "15G"
-  format         = "qcow2"
-  # TODO (darora): disable backing image for qcow2
-  headless       = true
-  http_directory = "http"
-  iso_checksum   = "file:https://cloud-images.ubuntu.com/focal/current/SHA256SUMS"
-  iso_url        = "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-arm64.img"
-  memory         = 20000
-  qemu_binary    = "qemu-system-aarch64"
-  qemu_img_args {
-    create = ["-F", "qcow2"]
-  }
-  qemuargs = [
-    ["-machine", "virt"],
-    ["-cpu", "host"],
-    ["-device", "virtio-gpu-pci"],
-    ["-drive", "if=pflash,format=raw,id=ovmf_code,readonly=on,file=/usr/share/AAVMF/AAVMF_CODE.fd"],
-    ["-drive", "if=pflash,format=raw,id=ovmf_vars,file=AAVMF_VARS.fd"],
-    ["-drive", "file=output-cloudimg/packer-cloudimg,format=qcow2"],
-    ["-drive", "file=seeds-cloudimg.iso,format=raw"],
-    ["--enable-kvm"]
-  ]
-  shutdown_command       = "sudo -S shutdown -P now"
-  ssh_handshake_attempts = 500
-  ssh_password           = "ubuntu"
-  ssh_timeout            = "1h"
-  ssh_username           = "ubuntu"
-  ssh_wait_timeout       = "1h"
-  use_backing_file       = true
-  accelerator = "kvm"
+  launch_block_device_mappings {
+    device_name = "/dev/xvdh"
+    delete_on_termination = true
+    volume_size = 8
+    volume_type = "gp3"
+   }
+
+  launch_block_device_mappings {
+    device_name           = "/dev/${var.build-vol}"
+    delete_on_termination = true
+    volume_size           = 16
+    volume_type           = "gp2"
+    omit_from_artifact    = true
+  }
+
+  run_tags = {
+    creator           = "packer"
+    appType           = "postgres"
+    packerExecutionId = "${var.packer-execution-id}"
+  }
+  run_volume_tags = {
+    creator = "packer"
+    appType = "postgres"
+  }
+  snapshot_tags = {
+    creator = "packer"
+    appType = "postgres"
+  }
+  tags = {
+    creator = "packer"
+    appType = "postgres"
+    postgresVersion = "${var.postgres-version}-stage1"
+    sourceSha = "${var.git-head-version}"
+  }
+
+  communicator = "ssh"
+  ssh_pty = true
+  ssh_username = "ubuntu"
+  ssh_timeout = "5m"
+
+  ami_root_device {
+    source_device_name = "/dev/xvdf"
+    device_name = "/dev/xvda"
+    delete_on_termination = true
+    volume_size = 10
+    volume_type = "gp2"
+  }
+
+  associate_public_ip_address = true
 }
 
+# a build block invokes sources and runs provisioning steps on them.
 build {
-  name    = "cloudimg.image"
-  sources = ["source.qemu.cloudimg"]
+  sources = ["source.amazon-ebssurrogate.source"]
 
-  # Copy ansible playbook
-  provisioner "shell" {
-    inline = ["mkdir /tmp/ansible-playbook"]
+  provisioner "file" {
+    source = "ebssurrogate/files/sources-arm64.cfg"
+    destination = "/tmp/sources.list"
   }
 
   provisioner "file" {
-    source = "ansible"
-    destination = "/tmp/ansible-playbook"
+    source = "ebssurrogate/files/ebsnvme-id"
+    destination = "/tmp/ebsnvme-id"
   }
 
   provisioner "file" {
-    source = "scripts"
-    destination = "/tmp/ansible-playbook"
+    source = "ebssurrogate/files/70-ec2-nvme-devices.rules"
+    destination = "/tmp/70-ec2-nvme-devices.rules"
+  }
+
+  provisioner "file" {
+    source = "ebssurrogate/scripts/chroot-bootstrap-nix.sh"
+    destination = "/tmp/chroot-bootstrap-nix.sh"
+  }
+
+  provisioner "file" {
+    source = "ebssurrogate/files/cloud.cfg"
+    destination = "/tmp/cloud.cfg"
+  }
+
+  provisioner "file" {
+    source = "ebssurrogate/files/vector.timer"
+    destination = "/tmp/vector.timer"
+  }
+
+  provisioner "file" {
+    source = "ebssurrogate/files/apparmor_profiles"
+    destination = "/tmp"
   }
 
   provisioner "file" {
@@ -191,15 +233,45 @@ build {
     destination = "/tmp"
   }
 
+  # Copy ansible playbook
+  provisioner "shell" {
+    inline = ["mkdir /tmp/ansible-playbook"]
+  }
+
+  provisioner "file" {
+    source = "ansible"
+    destination = "/tmp/ansible-playbook"
+  }
+
+  provisioner "file" {
+    source = "scripts"
+    destination = "/tmp/ansible-playbook"
+  }
+
+  provisioner "file" {
+    source = "ansible/vars.yml"
+    destination = "/tmp/ansible-playbook/vars.yml"
+  }
+
   provisioner "shell" {
     environment_vars = [
-      "POSTGRES_SUPABASE_VERSION=${var.postgres-version}",
-      "GIT_SHA=${var.git_sha}"
+      "ARGS=${var.ansible_arguments}",
+      "DOCKER_USER=${var.docker_user}",
+      "DOCKER_PASSWD=${var.docker_passwd}",
+      "DOCKER_IMAGE=${var.docker_image}",
+      "DOCKER_IMAGE_TAG=${var.docker_image_tag}",
+      "POSTGRES_SUPABASE_VERSION=${var.postgres-version}"
     ]
     use_env_var_file = true
     script = "ebssurrogate/scripts/surrogate-bootstrap-nix.sh"
-    execute_command = "sudo -S sh -c '. {{.EnvVarFile}} && cd /tmp/ansible-playbook && {{.Path}}'"
+    execute_command = "sudo -S sh -c '. {{.EnvVarFile}} && {{.Path}}'"
     start_retry_timeout = "5m"
     skip_clean = true
   }
+
+  provisioner "file" {
+    source = "/tmp/ansible.log"
+    destination = "/tmp/ansible.log"
+    direction = "download"
+  }
 }
diff --git a/ansible/tasks/setup-postgres.yml b/ansible/tasks/setup-postgres.yml
@@ -218,12 +218,6 @@
   shell: source /var/lib/postgresql/.bashrc && /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data initdb -o "--allow-group-access" -o "--username=supabase_admin"
   args:
     executable: /bin/bash
-  environment:
-    LANG: en_US.UTF-8
-    LANGUAGE: en_US.UTF-8
-    LC_ALL: en_US.UTF-8
-    LC_CTYPE: en_US.UTF-8
-    LOCALE_ARCHIVE: /usr/lib/locale/locale-archive
   vars:
     ansible_command_timeout: 60
     # Circumvents the following error:
diff --git a/ansible/tasks/stage2-setup-postgres.yml b/ansible/tasks/stage2-setup-postgres.yml
@@ -107,12 +107,11 @@
   when: stage2_nix
 
 - name: Create symbolic links from /var/lib/postgresql/.nix-profile/bin to /usr/lib/postgresql/bin
-  file:
-    src: "{{ item }}"
-    dest: "/usr/lib/postgresql/bin/{{ item | basename }}"
-    state: link
-  with_fileglob:
-    - "/var/lib/postgresql/.nix-profile/bin/*"
+  shell: >-
+    find /var/lib/postgresql/.nix-profile/bin/ -maxdepth 1 -type f,l -exec sh -c 'ln -s "$0" "{{ item }}/$(basename $0)"' {} \;
+  loop:
+    - /usr/lib/postgresql/bin
+    - /usr/bin
   become: yes
   when: stage2_nix
 
@@ -129,23 +128,9 @@
   when: pg_config_stat.stat.exists and not pg_config_stat.stat.islnk and stage2_nix
   become: yes
 
-- name: Create symbolic links from /var/lib/postgresql/.nix-profile/bin to /usr/bin
-  file:
-    src: "{{ item }}"
-    dest: "/usr/bin/{{ item | basename }}"
-    state: link
-  with_fileglob:
-    - "/var/lib/postgresql/.nix-profile/bin/*"
-  become: yes
-  when: stage2_nix
-
 - name: Ensure postgres user has ownership of symlink
-  file:
-    path: "/usr/bin/{{ item | basename }}"
-    owner: postgres
-    group: postgres
-  with_fileglob:
-    - "/var/lib/postgresql/.nix-profile/bin/*"
+  shell: >-
+    find /var/lib/postgresql/.nix-profile/bin/ -maxdepth 1 -type f,l -exec chown postgres:postgres "/usr/bin/$(basename {})" \;
   become: yes
   when: stage2_nix
 
@@ -160,22 +145,14 @@
 # It was decided to leave pljava disabled at https://github.com/supabase/postgres/pull/690 therefore removing this task
 
 - name: Create symbolic links from /var/lib/postgresql/.nix-profile/share/postgresql to /usr/lib/postgresql/share/postgresql
-  file:
-    src: "{{ item }}"
-    dest: "/usr/lib/postgresql/share/postgresql/{{ item | basename }}"
-    state: link
-  with_fileglob:
-    - "/var/lib/postgresql/.nix-profile/share/postgresql/*"
+  shell: >-
+    find /var/lib/postgresql/.nix-profile/share/postgresql/ -maxdepth 1 -type f,l -exec sh -c 'ln -s "$0" "/usr/lib/postgresql/share/postgresql/$(basename $0)"' {} \;
   become: yes
   when: stage2_nix
 
 - name: Create symbolic links from /var/lib/postgresql/.nix-profile/share/postgresql/extension to /usr/lib/postgresql/share/postgresql/extension
-  file:
-    src: "{{ item }}"
-    dest: "/usr/lib/postgresql/share/postgresql/extension/{{ item | basename }}"
-    state: link
-  with_fileglob:
-    - "/var/lib/postgresql/.nix-profile/share/postgresql/extension/*"
+  shell: >-
+    find /var/lib/postgresql/.nix-profile/share/postgresql/extension/ -maxdepth 1 -type f,l -exec sh -c 'ln -s "$0" "/usr/lib/postgresql/share/postgresql/extension/$(basename $0)"' {} \;
   become: yes
   when: stage2_nix
 
@@ -195,22 +172,14 @@
   when: stage2_nix
 
 - name: Create symbolic links from /var/lib/postgresql/.nix-profile/share/postgresql/timezonesets to /usr/lib/postgresql/share/postgresql/timeszonesets
-  file:
-    src: "{{ item }}"
-    dest: "/usr/lib/postgresql/share/postgresql/timezonesets/{{ item | basename }}"
-    state: link
-  with_fileglob:
-    - "/var/lib/postgresql/.nix-profile/share/postgresql/timezonesets/*"
+  shell: >-
+    find /var/lib/postgresql/.nix-profile/share/postgresql/timezonesets/ -maxdepth 1 -type f,l -exec sh -c 'ln -s "$0" "/usr/lib/postgresql/share/postgresql/timezonesets/$(basename $0)"' {} \;
   become: yes
   when: stage2_nix
 
 - name: Create symbolic links from /var/lib/postgresql/.nix-profile/share/postgresql/tsearch_data to /usr/lib/postgresql/share/postgresql/tsearch_data
-  file:
-    src: "{{ item }}"
-    dest: "/usr/lib/postgresql/share/postgresql/tsearch_data/{{ item | basename }}"
-    state: link
-  with_fileglob:
-    - "/var/lib/postgresql/.nix-profile/share/postgresql/tsearch_data/*"
+  shell: >-
+    find /var/lib/postgresql/.nix-profile/share/postgresql/tsearch_data/ -maxdepth 1 -type f,l -exec sh -c 'ln -s "$0" "/usr/lib/postgresql/share/postgresql/tsearch_data/$(basename $0)"' {} \;
   become: yes
   when: stage2_nix
 
