From 081ae3b9d725ad324e44836eff4a011f8723821e Mon Sep 17 00:00:00 2001 From: Oliver Rice Date: Thu, 31 Oct 2024 11:08:25 -0500 Subject: [PATCH 1/4] fix suffix parsing for staging releases --- .github/workflows/ami-release-nix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index 643f26fc7..3242a4e1d 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -55,7 +55,7 @@ jobs: - name: Run checks if triggered manually if: ${{ github.event_name == 'workflow_dispatch' }} run: | - SUFFIX=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres${{ matrix.postgres_version }}"]' ansible/vars.yml | sed -E 's/[0-9\.]+(.*)$/\1/') + SUFFIX=$(sudo nix run nixpkgs#yq -- ".postgres_release[\"postgres${{ matrix.postgres_version }}\"]" ansible/vars.yml | sed -E 's/[0-9\.]+(.*)$/\1/') if [[ -z $SUFFIX ]] ; then echo "Version must include non-numeric characters if built manually." exit 1 From 95be6ab0276192a2b67c579cc2ce1c019f1eb2cd Mon Sep 17 00:00:00 2001 From: Oliver Rice Date: Thu, 31 Oct 2024 14:33:19 -0500 Subject: [PATCH 2/4] update saltminion install to use the new package repo location --- ansible/tasks/internal/install-salt.yml | 34 +++++++++++++++++++------ 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/ansible/tasks/internal/install-salt.yml b/ansible/tasks/internal/install-salt.yml index 281e370bb..73cd6ee85 100644 --- a/ansible/tasks/internal/install-salt.yml +++ b/ansible/tasks/internal/install-salt.yml @@ -1,29 +1,47 @@ - name: Add apt repository for Saltstack (arm) block: + - name: Ensure /etc/apt/keyrings directory exists + file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + - name: salt gpg key - ansible.builtin.apt_key: - url: https://repo.saltproject.io/salt/py3/ubuntu/20.04/arm64/SALT-PROJECT-GPG-PUBKEY-2023.gpg - keyring: /etc/apt/trusted.gpg.d/salt-archive-keyring-2023-arm.gpg + ansible.builtin.get_url: + url: https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public + dest: /etc/apt/keyrings/salt-archive-keyring-2023.pgp + mode: '0644' - name: salt apt repo ansible.builtin.apt_repository: - repo: deb [signed-by=/etc/apt/trusted.gpg.d/salt-archive-keyring-2023-arm.gpg arch=arm64] https://repo.saltproject.io/salt/py3/ubuntu/20.04/arm64/{{ salt_minion_version }} focal main + repo: "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.pgp arch=arm64] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" + filename: 'salt.list' state: present when: platform == "arm64" - name: Add apt repository for Saltstack (amd) block: + - name: Ensure /etc/apt/keyrings directory exists + file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + - name: salt gpg key - ansible.builtin.apt_key: - url: https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg - keyring: /etc/apt/trusted.gpg.d/salt-archive-keyring-2023-amd.gpg + ansible.builtin.get_url: + url: https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public + dest: /etc/apt/keyrings/salt-archive-keyring-2023.pgp + mode: '0644' - name: salt apt repo ansible.builtin.apt_repository: - repo: deb [signed-by=/etc/apt/trusted.gpg.d/salt-archive-keyring-2023-amd.gpg arch=amd64] https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/{{ salt_minon_version }} focal main + repo: "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.pgp arch=amd64] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" + filename: 'salt.list' state: present when: platform == "amd64" - name: Salt minion install apt: name: salt-minion + state: present + update_cache: yes From e2bf5ad46a8c2f5cf76199d02cba7f85bc16b02c Mon Sep 17 00:00:00 2001 From: Oliver Rice Date: Thu, 31 Oct 2024 14:36:09 -0500 Subject: [PATCH 3/4] test install --- ansible/vars.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 129e1a238..5e0fb6b84 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -7,12 +7,10 @@ async_mode: true # postgresql_release_checksum: sha256:ea2cf059a85882654b989acd07edc121833164a30340faee0d3615cf7058e66c postgres_major: - "15" - - "16" # Full version strings for each major version postgres_release: - postgres15: "15.8.1.004" - postgres16: "16.3.1.010" + postgres15: "15.8.1.004-saltminionfix" # Non Postgres Extensions pgbouncer_release: "1.19.0" From 4dc95008c5cd8f1ef0f952b820a27a4a866e3ab0 Mon Sep 17 00:00:00 2001 From: Oliver Rice Date: Thu, 31 Oct 2024 15:05:03 -0500 Subject: [PATCH 4/4] revert test config --- .github/workflows/ami-release-nix.yml | 2 +- ansible/vars.yml | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index 3242a4e1d..643f26fc7 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -55,7 +55,7 @@ jobs: - name: Run checks if triggered manually if: ${{ github.event_name == 'workflow_dispatch' }} run: | - SUFFIX=$(sudo nix run nixpkgs#yq -- ".postgres_release[\"postgres${{ matrix.postgres_version }}\"]" ansible/vars.yml | sed -E 's/[0-9\.]+(.*)$/\1/') + SUFFIX=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres${{ matrix.postgres_version }}"]' ansible/vars.yml | sed -E 's/[0-9\.]+(.*)$/\1/') if [[ -z $SUFFIX ]] ; then echo "Version must include non-numeric characters if built manually." exit 1 diff --git a/ansible/vars.yml b/ansible/vars.yml index 5e0fb6b84..129e1a238 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -7,10 +7,12 @@ async_mode: true # postgresql_release_checksum: sha256:ea2cf059a85882654b989acd07edc121833164a30340faee0d3615cf7058e66c postgres_major: - "15" + - "16" # Full version strings for each major version postgres_release: - postgres15: "15.8.1.004-saltminionfix" + postgres15: "15.8.1.004" + postgres16: "16.3.1.010" # Non Postgres Extensions pgbouncer_release: "1.19.0"