pg bouncer upgrade

ansible/playbook.yml

@@ -34,7 +34,7 @@
       tags:
         - install-pgbouncer
         - install-supabase-internal
-      when: debpkg_mode or nixpkg_mode
+      when: debpkg_mode or nixpkg_mode or stage2_nix
 
     - name: Install WAL-G
       import_tasks: tasks/setup-wal-g.yml

ansible/tasks/setup-pgbouncer.yml

@@ -76,6 +76,7 @@
     - 'custom-overrides.ini'
     - 'generated-optimizations.ini'
     - 'ssl-config.ini'
+  when: nixpkg_mode
 
 - name: PgBouncer - adjust pgbouncer.ini
   ansible.builtin.copy:

ansible/vars.yml

@@ -10,13 +10,13 @@ postgres_major:
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.5.1.050-orioledb"
-  postgres17: "17.6.1.029"
-  postgres15: "15.14.1.029"
+  postgresorioledb-17: "17.5.1.050-orioledb-pgbouncer-124"
+  postgres17: "17.6.1.029-pgbouncer-124"
+  postgres15: "15.14.1.029-pgbouncer-124"
 
 # Non Postgres Extensions
-pgbouncer_release: 1.19.0
-pgbouncer_release_checksum: sha256:af0b05e97d0e1fd9ad45fe00ea6d2a934c63075f67f7e2ccef2ca59e3d8ce682
+pgbouncer_release: 1.24.1
+pgbouncer_release_checksum: sha256:da72a3aba13072876d055a3e58dd4aba4a5de4ed6148e73033185245598fd3e0
 
 # The checksum can be found under "Assets", in the GitHub release page for each version.
 # The binaries used are: ubuntu-aarch64 and linux-static.

nix/packages/default.nix

@@ -33,6 +33,7 @@
           cleanup-ami = pkgs.callPackage ./cleanup-ami.nix { };
           dbmate-tool = pkgs.callPackage ./dbmate-tool.nix { inherit (self.supabase) defaults; };
           docs = pkgs.callPackage ./docs.nix { };
+          pgbouncer = pkgs.callPackage ../pgbouncer.nix { };
           supabase-groonga = pkgs.callPackage ./groonga { };
           http-mock-server = pkgs.callPackage ./http-mock-server.nix { };
           local-infra-bootstrap = pkgs.callPackage ./local-infra-bootstrap.nix { };

nix/pgbouncer.nix

@@ -0,0 +1,46 @@
+{
+  lib,
+  stdenv,
+  fetchurl,
+  openssl,
+  libevent,
+  c-ares,
+  pkg-config,
+  systemd,
+  nixosTests,
+}:
+
+stdenv.mkDerivation rec {
+  pname = "pgbouncer";
+  version = "1.24.1";
+
+  src = fetchurl {
+    url = "https://www.pgbouncer.org/downloads/files/${version}/${pname}-${version}.tar.gz";
+    hash = "sha256-2nKjq6EwcodtBVo+WN1Kukpd5O1hSOcwMxhSRVmP0+A=";
+  };
+
+  nativeBuildInputs = [ pkg-config ];
+  buildInputs = [
+    libevent
+    openssl
+    c-ares
+  ] ++ lib.optional stdenv.hostPlatform.isLinux systemd;
+  enableParallelBuilding = true;
+  configureFlags = lib.optional stdenv.hostPlatform.isLinux "--with-systemd";
+
+  passthru.tests = {
+    pgbouncer = nixosTests.pgbouncer;
+  };
+
+  meta = with lib; {
+    homepage = "https://www.pgbouncer.org/";
+    mainProgram = "pgbouncer";
+    description = "Lightweight connection pooler for PostgreSQL";
+    changelog = "https://github.com/pgbouncer/pgbouncer/releases/tag/pgbouncer_${
+      replaceStrings [ "." ] [ "_" ] version
+    }";
+    license = licenses.isc;
+    maintainers = with maintainers; [ _1000101 ];
+    platforms = platforms.all;
+  };
+}

testinfra/test_ami_nix.py

@@ -10,6 +10,7 @@
 from ec2instanceconnectcli.EC2InstanceConnectKey import EC2InstanceConnectKey
 from time import sleep
 import paramiko
+from pathlib import Path
 
 # if EXECUTION_ID is not set, use a default value that includes the user and hostname
 RUN_ID = os.environ.get(
@@ -144,6 +145,34 @@
 anon_key = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFhYWFhYWFhYWFhYWFhYWFhYWFhIiwicm9sZSI6ImFub24iLCJpYXQiOjE2OTYyMjQ5NjYsImV4cCI6MjAxMTgwMDk2Nn0.QW95aRPA-4QuLzuvaIeeoFKlJP9J2hvAIpJ3WJ6G5zo"
 service_role_key = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFhYWFhYWFhYWFhYWFhYWFhYWFhIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY5NjIyNDk2NiwiZXhwIjoyMDExODAwOTY2fQ.Om7yqv15gC3mLGitBmvFRB3M4IsLsX9fXzTQnFM7lu0"
 supabase_admin_key = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFhYWFhYWFhYWFhYWFhYWFhYWFhIiwicm9sZSI6InN1cGFiYXNlX2FkbWluIiwiaWF0IjoxNjk2MjI0OTY2LCJleHAiOjIwMTE4MDA5NjZ9.jrD3j2rBWiIx0vhVZzd1CXFv7qkAP392nBMadvXxk1c"
+
+
+def load_expected_pgbouncer_version() -> str:
+    repo_root = Path(__file__).resolve().parent.parent
+    ansible_vars = repo_root / "ansible" / "vars.yml"
+    if ansible_vars.exists():
+        with ansible_vars.open() as f:
+            for raw_line in f:
+                line = raw_line.strip()
+                if line.startswith("pgbouncer_release:"):
+                    return line.split(":", 1)[1].strip().strip('"')
+
+    nix_file = repo_root / "nix" / "pgbouncer.nix"
+    if nix_file.exists():
+        with nix_file.open() as f:
+            for raw_line in f:
+                line = raw_line.strip()
+                if line.startswith("version ="):
+                    value = line.split("=", 1)[1].strip()
+                    return value.strip(";").strip('"')
+
+    raise RuntimeError(
+        "Could not determine expected PgBouncer version from configuration files"
+    )
+
+
+EXPECTED_PGBOUNCER_VERSION = load_expected_pgbouncer_version()
+PGBOUNCER_BINARY = "/nix/var/nix/profiles/per-user/pgbouncer/profile/bin/pgbouncer"
 init_json_content = f"""
 {{
   "jwt_secret": "my_jwt_secret_which_is_not_so_secret",
@@ -199,7 +228,7 @@ def get_ssh_connection(instance_ip, ssh_identity_file, max_retries=10):
             else:
                 raise Exception("SSH test command failed")
 
-        except Exception as e:
+        except Exception:
             if attempt == max_retries - 1:
                 raise
             logger.warning(