Merge branch 'develop' into or/ext-pgmq

Author: olirice

ansible/files/admin_api_scripts/pg_upgrade_scripts/common.sh

@@ -88,10 +88,23 @@ CI_start_postgres() {
 
 swap_postgres_and_supabase_admin() {
     run_sql <<'EOSQL'
+alter database postgres connection limit 0;
+select pg_terminate_backend(pid) from pg_stat_activity where backend_type = 'client backend' and pid != pg_backend_pid();
+EOSQL
+    run_sql <<'EOSQL'
+set statement_timeout = '600s';
 begin;
 create role supabase_tmp superuser;
 set session authorization supabase_tmp;
 
+do $$
+begin
+  if exists (select from pg_extension where extname = 'timescaledb') then
+    execute(format('select %I.timescaledb_pre_restore()', (select pronamespace::regnamespace from pg_proc where proname = 'timescaledb_pre_restore')));
+  end if;
+end
+$$;
+
 do $$
 declare
   postgres_rolpassword text := (select rolpassword from pg_authid where rolname = 'postgres');
@@ -245,7 +258,12 @@ begin
                      obj->>'role',
                      case when obj->>'database' is null then '' else format('in database %I', obj->>'database') end,
                      rec.key,
-                     rec.value
+                     -- https://github.com/postgres/postgres/blob/70d1c664f4376fd3499e3b0c6888cf39b65d722b/src/bin/pg_dump/dumputils.c#L861
+                     case
+                       when rec.key in ('local_preload_libraries', 'search_path', 'session_preload_libraries', 'shared_preload_libraries', 'temp_tablespaces', 'unix_socket_directories')
+                         then rec.value
+                       else quote_literal(rec.value)
+                     end
       ));
     end loop;
   end loop;
@@ -492,6 +510,19 @@ begin
 end
 $$;
 
+do $$
+begin
+  if exists (select from pg_extension where extname = 'timescaledb') then
+    execute(format('select %I.timescaledb_post_restore()', (select pronamespace::regnamespace from pg_proc where proname = 'timescaledb_post_restore')));
+  end if;
+end
+$$;
+
+alter database postgres connection limit -1;
+
+-- #incident-2024-09-12-project-upgrades-are-temporarily-disabled
+grant pg_read_all_data, pg_signal_backend to postgres;
+
 set session authorization supabase_admin;
 drop role supabase_tmp;
 commit;

ansible/files/admin_api_scripts/pg_upgrade_scripts/complete.sh

@@ -170,11 +170,13 @@ function apply_auth_scheme_updates {
 
 function start_vacuum_analyze {
     echo "complete" > /tmp/pg-upgrade-status
-    if ! command -v nix &> /dev/null; then
-        su -c 'vacuumdb --all --analyze-in-stages' -s "$SHELL" postgres
-    else
-        su -c '. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && vacuumdb --all --analyze-in-stages' -s "$SHELL" postgres
+
+    # shellcheck disable=SC1091
+    if [ -f "/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh" ]; then
+        # shellcheck disable=SC1091
+        source "/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh"
     fi
+    vacuumdb --all --analyze-in-stages -U supabase_admin -h localhost -p 5432
     echo "Upgrade job completed"
 }
 

ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh

@@ -49,6 +49,8 @@ PGBINOLD="/usr/lib/postgresql/bin"
 PGLIBOLD="/usr/lib/postgresql/lib"
 
 PG_UPGRADE_BIN_DIR="/tmp/pg_upgrade_bin/$PGVERSION"
+NIX_INSTALLER_PATH="/tmp/persistent/nix-installer"
+NIX_INSTALLER_PACKAGE_PATH="$NIX_INSTALLER_PATH.tar.gz"
 
 if [ -L "$PGBINOLD/pg_upgrade" ]; then
     BINARY_PATH=$(readlink -f "$PGBINOLD/pg_upgrade")
@@ -125,6 +127,9 @@ cleanup() {
     echo "Removing SUPERUSER grant from postgres"
     run_sql -c "ALTER USER postgres WITH NOSUPERUSER;"
 
+    echo "Resetting postgres database connection limit"
+    run_sql -c "ALTER DATABASE postgres CONNECTION LIMIT -1;"
+
     if [ -z "$IS_CI" ] && [ -z "$IS_LOCAL_UPGRADE" ]; then
         echo "Unmounting data disk from ${MOUNT_POINT}"
         umount $MOUNT_POINT
@@ -283,9 +288,20 @@ function initiate_upgrade {
                 if ! command -v nix > /dev/null; then
                     echo "1.1. Nix is not installed; installing."
 
-                    curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install --no-confirm \
-                    --extra-conf "substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com" \
-                    --extra-conf "trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=% cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+                    if [ -f "$NIX_INSTALLER_PACKAGE_PATH" ]; then
+                        echo "1.1.1. Installing Nix using the provided installer"
+                        tar -xzf "$NIX_INSTALLER_PACKAGE_PATH" -C /tmp/persistent/
+                        chmod +x "$NIX_INSTALLER_PATH"
+                        "$NIX_INSTALLER_PATH" install --no-confirm \
+                        --extra-conf "substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com" \
+                        --extra-conf "trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=% cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+                    else
+                        echo "1.1.1. Installing Nix using the official installer"
+
+                        curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install --no-confirm \
+                        --extra-conf "substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com" \
+                        --extra-conf "trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=% cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+                    fi
                 else 
                     echo "1.1. Nix is installed; moving on."
                 fi

ansible/tasks/stage2-setup-postgres.yml

@@ -13,7 +13,13 @@
 - name: Install pg_prove from nix binary cache
   become: yes
   shell: |
-    sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/sam/2-stage-ami-nix#pg_prove"
+    sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#pg_prove"
+  when: stage2_nix
+
+- name: Install supabase-groonga from nix binary cache
+  become: yes
+  shell: |
+    sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/sam/pgroonga-deps#supabase-groonga"
   when: stage2_nix
 
 - name: Set ownership and permissions for /etc/ssl/private
@@ -220,3 +226,9 @@
     # script is expected to be placed by finalization tasks for different target platforms
     line: pgsodium.getkey_script= '{{ pg_bindir }}/pgsodium_getkey.sh'
   when: stage2_nix
+
+- name: Append GRN_PLUGINS_DIR to /etc/environment.d/postgresql.env
+  ansible.builtin.lineinfile:
+    path: /etc/environment.d/postgresql.env
+    line: 'GRN_PLUGINS_DIR=/var/lib/postgresql/.nix-profile/lib/groonga/plugins'
+  become: yes

ansible/vars.yml

@@ -133,7 +133,7 @@ groonga_release_checksum: sha256:1c2d1a6981c1ad3f02a11aff202b15ba30cb1c6147f1fa9
 pgroonga_release: "3.0.7"
 pgroonga_release_checksum: sha256:885ff3878cc30e9030e5fc56d561bc8b66df3ede1562c9d802bc0ea04fe5c203
 
-wrappers_release: "0.4.1"
+wrappers_release: "0.4.2"
 
 hypopg_release: "1.4.1"
 hypopg_release_checksum: sha256:9afe6357fd389d8d33fad81703038ce520b09275ec00153c6c89282bcdedd6bc

flake.nix

@@ -46,23 +46,39 @@
         #This variable works the same as 'oriole_pkgs' but builds using the upstream
         #nixpkgs builds of postgresql 15 and 16 + the overlays listed below
         pkgs = import nixpkgs {
-          config = { allowUnfree = true; };
+          config = { 
+            allowUnfree = true;
+            permittedInsecurePackages = [
+              "v8-9.7.106.18"
+            ];  
+          };
           inherit system;
           overlays = [
             # NOTE (aseipp): add any needed overlays here. in theory we could
             # pull them from the overlays/ directory automatically, but we don't
             # want to have an arbitrary order, since it might matter. being
             # explicit is better.
+            (final: prev: {
+              postgresql = final.callPackage ./nix/postgresql/default.nix {
+                inherit (final) lib;
+                inherit (final) stdenv;
+                inherit (final) fetchurl;
+                inherit (final) makeWrapper;
+                inherit (final) callPackage;
+              };
+            })
             (import ./nix/overlays/cargo-pgrx-0-11-3.nix)
             # (import ./nix/overlays/postgis.nix)
             #(import ./nix/overlays/gdal-small.nix)
 
           ];
         };
-
+        postgresql_15 = pkgs.postgresql.postgresql_15;
+        postgresql = pkgs.postgresql.postgresql_15;
         sfcgal = pkgs.callPackage ./nix/ext/sfcgal/sfcgal.nix { };
-        pg_regress = pkgs.callPackage ./nix/ext/pg_regress.nix { };
-
+        pg_regress = pkgs.callPackage ./nix/ext/pg_regress.nix { inherit postgresql; };
+        supabase-groonga = pkgs.callPackage ./nix/supabase-groonga.nix { };
+        mecab-naist-jdic = pkgs.callPackage ./nix/ext/mecab-naist-jdic/default.nix { };
         # Our list of PostgreSQL extensions which come from upstream Nixpkgs.
         # These are maintained upstream and can easily be used here just by
         # listing their name. Anytime the version of nixpkgs is upgraded, these
@@ -130,7 +146,10 @@
         #this var is a convenience setting to import the orioledb patched version of postgresql
         postgresql_orioledb_16 = oriole_pkgs.postgresql_orioledb_16;
         #postgis_override = pkgs.postgis_override;
-
+        getPostgresqlPackage = version:
+          pkgs.postgresql."postgresql_${version}";
+        #we will add supported versions to this list in the future
+        supportedVersions = [ "15" ];
         # Create a 'receipt' file for a given postgresql package. This is a way
         # of adding a bit of metadata to the package, which can be used by other
         # tools to inspect what the contents of the install are: the PSQL
@@ -172,7 +191,7 @@
           in map (path: pkgs.callPackage path { inherit postgresql; }) orioledbExtension;
 
         makeOurPostgresPkgs = version:
-          let postgresql = pkgs."postgresql_${version}";
+          let postgresql = getPostgresqlPackage version;
           in map (path: pkgs.callPackage path { inherit postgresql; }) ourExtensions;
 
         # Create an attrset that contains all the extensions included in a server for the orioledb version of postgresql + extension.
@@ -204,7 +223,7 @@
         # basis for building extensions, etc.
         makePostgresBin = version:
           let
-            postgresql = pkgs."postgresql_${version}";
+            postgresql = getPostgresqlPackage version;
             upstreamExts = map
               (ext: {
                 name = postgresql.pkgs."${ext}".pname;
@@ -268,13 +287,40 @@
         # name in 'nix flake show' in order to make sure exactly what name you
         # want.
         basePackages = {
+          supabase-groonga = supabase-groonga;
           # PostgreSQL versions.
           psql_15 = makePostgres "15";
           #psql_16 = makePostgres "16";
           #psql_orioledb_16 = makeOrioleDbPostgres "16_23" postgresql_orioledb_16;
           sfcgal = sfcgal;
           pg_regress = pg_regress;
           pg_prove = pkgs.perlPackages.TAPParserSourceHandlerpgTAP;
+          postgresql_15 = pkgs.postgresql_15;
+
+          postgresql_15_src = pkgs.stdenv.mkDerivation {
+            pname = "postgresql-15-src";
+            version = pkgs.postgresql_15.version;
+
+            src = pkgs.postgresql_15.src;
+
+            nativeBuildInputs = [ pkgs.bzip2 ];
+
+            phases = [ "unpackPhase" "installPhase" ];
+
+            installPhase = ''
+              mkdir -p $out
+              cp -r . $out
+            '';
+
+            meta = with pkgs.lib; {
+              description = "PostgreSQL 15 source files";
+              homepage = "https://www.postgresql.org/";
+              license = licenses.postgresql;
+              platforms = platforms.all;
+            };
+          };
+          mecab_naist_jdic = mecab-naist-jdic;
+          supabase_groonga = supabase-groonga;
           # Start a version of the server.
           start-server =
             let
@@ -302,19 +348,24 @@
                 name = "pg_ident.conf";
                 path = ./ansible/files/postgresql_config/pg_ident.conf.j2;
               };
+              postgresqlExtensionCustomScriptsPath = builtins.path {
+                name = "extension-custom-scripts";
+                path = ./ansible/files/postgresql_extension_custom_scripts;
+              };
               getkeyScript = ./nix/tests/util/pgsodium_getkey.sh;
               localeArchive = if pkgs.stdenv.isDarwin
                 then "${pkgs.darwin.locale}/share/locale"
                 else "${pkgs.glibcLocales}/lib/locale/locale-archive";
             in
             pkgs.runCommand "start-postgres-server" { } ''
-              mkdir -p $out/bin $out/etc/postgresql-custom $out/etc/postgresql
+              mkdir -p $out/bin $out/etc/postgresql-custom $out/etc/postgresql $out/extension-custom-scripts
               cp ${supautilsConfigFile} $out/etc/postgresql-custom/supautils.conf || { echo "Failed to copy supautils.conf"; exit 1; }
               cp ${pgconfigFile} $out/etc/postgresql/postgresql.conf || { echo "Failed to copy postgresql.conf"; exit 1; }
               cp ${loggingConfigFile} $out/etc/postgresql-custom/logging.conf || { echo "Failed to copy logging.conf"; exit 1; }
               cp ${readReplicaConfigFile} $out/etc/postgresql-custom/read-replica.conf || { echo "Failed to copy read-replica.conf"; exit 1; }
               cp ${pgHbaConfigFile} $out/etc/postgresql/pg_hba.conf || { echo "Failed to copy pg_hba.conf"; exit 1; }
               cp ${pgIdentConfigFile} $out/etc/postgresql/pg_ident.conf || { echo "Failed to copy pg_ident.conf"; exit 1; }
+              cp -r ${postgresqlExtensionCustomScriptsPath}/* $out/extension-custom-scripts/ || { echo "Failed to copy custom scripts"; exit 1; }
               echo "Copy operation completed"
               chmod 644 $out/etc/postgresql-custom/supautils.conf
               chmod 644 $out/etc/postgresql/postgresql.conf
@@ -331,40 +382,33 @@
                 --subst-var-by 'SUPAUTILS_CONF_FILE' "$out/etc/postgresql-custom/supautils.conf" \
                 --subst-var-by 'PG_HBA' "$out/etc/postgresql/pg_hba.conf" \
                 --subst-var-by 'PG_IDENT' "$out/etc/postgresql/pg_ident.conf" \
-                --subst-var-by 'LOCALES' '${localeArchive}'
-                
+                --subst-var-by 'LOCALES' '${localeArchive}' \
+                --subst-var-by 'EXTENSION_CUSTOM_SCRIPTS_DIR' "$out/extension-custom-scripts" \
+                --subst-var-by 'MECAB_LIB' '${basePackages.psql_15.exts.pgroonga}/lib/groonga/plugins/tokenizers/tokenizer_mecab.so' \
+                --subst-var-by 'GROONGA_DIR' '${supabase-groonga}' 
+
               chmod +x $out/bin/start-postgres-server
             '';
 
-          # Start a version of the client.
-          start-client = pkgs.runCommand "start-postgres-client" { } ''
-            mkdir -p $out/bin
-            substitute ${./nix/tools/run-client.sh.in} $out/bin/start-postgres-client \
-              --subst-var-by 'PGSQL_DEFAULT_PORT' '${pgsqlDefaultPort}' \
-              --subst-var-by 'PGSQL_SUPERUSER' '${pgsqlSuperuser}' \
-              --subst-var-by 'PSQL15_BINDIR' '${basePackages.psql_15.bin}'
-            chmod +x $out/bin/start-postgres-client
-          '';
-
           # Start a version of the client and runs migrations script on server.
-          start-client-and-migrate =
+          start-client =
             let
               migrationsDir = ./migrations/db;
               postgresqlSchemaSql = ./nix/tools/postgresql_schema.sql;
               pgbouncerAuthSchemaSql = ./ansible/files/pgbouncer_config/pgbouncer_auth_schema.sql;
               statExtensionSql = ./ansible/files/stat_extension.sql;
             in
-            pkgs.runCommand "start-postgres-client-migrate" { } ''
+            pkgs.runCommand "start-postgres-client" { } ''
               mkdir -p $out/bin
-              substitute ${./nix/tools/run-client-migrate.sh.in} $out/bin/start-postgres-client-migrate \
+              substitute ${./nix/tools/run-client.sh.in} $out/bin/start-postgres-client \
                 --subst-var-by 'PGSQL_DEFAULT_PORT' '${pgsqlDefaultPort}' \
                 --subst-var-by 'PGSQL_SUPERUSER' '${pgsqlSuperuser}' \
                 --subst-var-by 'PSQL15_BINDIR' '${basePackages.psql_15.bin}' \
                 --subst-var-by 'MIGRATIONS_DIR' '${migrationsDir}' \
                 --subst-var-by 'POSTGRESQL_SCHEMA_SQL' '${postgresqlSchemaSql}' \
                 --subst-var-by 'PGBOUNCER_AUTH_SCHEMA_SQL' '${pgbouncerAuthSchemaSql}' \
                 --subst-var-by 'STAT_EXTENSION_SQL' '${statExtensionSql}'
-              chmod +x $out/bin/start-postgres-client-migrate
+              chmod +x $out/bin/start-postgres-client
             '';
 
           # Migrate between two data directories.
@@ -412,10 +456,11 @@
           let
             sqlTests = ./nix/tests/smoke;
             pg_prove = pkgs.perlPackages.TAPParserSourceHandlerpgTAP;
+            supabase-groonga = pkgs.callPackage ./nix/supabase-groonga.nix { };
           in
           pkgs.runCommand "postgres-${pgpkg.version}-check-harness"
             {
-              nativeBuildInputs = with pkgs; [ coreutils bash pgpkg pg_prove pg_regress procps ];
+              nativeBuildInputs = with pkgs; [ coreutils bash pgpkg pg_prove pg_regress procps supabase-groonga ];
             } ''
             TMPDIR=$(mktemp -d)
             if [ $? -ne 0 ]; then
@@ -433,7 +478,7 @@
             mkdir -p $TMPDIR/logfile
             # Generate a random key and store it in an environment variable
             export PGSODIUM_KEY=$(head -c 32 /dev/urandom | od -A n -t x1 | tr -d ' \n')
-
+            export GRN_PLUGINS_DIR=${supabase-groonga}/lib/groonga/plugins
             # Create a simple script to echo the key
             echo '#!/bin/sh' > $TMPDIR/getkey.sh
             echo 'echo $PGSODIUM_KEY' >> $TMPDIR/getkey.sh
@@ -519,7 +564,6 @@
           {
             start-server = mkApp "start-server" "start-postgres-server";
             start-client = mkApp "start-client" "start-postgres-client";
-            start-client-and-migrate = mkApp "start-client-and-migrate" "start-postgres-client-migrate";
             start-replica = mkApp "start-replica" "start-postgres-replica";
             migration-test = mkApp "migrate-tool" "migrate-postgres";
             sync-exts-versions = mkApp "sync-exts-versions" "sync-exts-versions";