diff --git a/README.md b/README.md index a5808bed..42da39e3 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ Table of Contents - [Prerequisites](#prerequisites) - [Install the EDA Server Operator](#install-the-eda-server-operator) - [Deploy EDA](#deploy-eda) + - [Upgrades](#upgrades) - [Advanced Configuration](#advanced-configuration) - [Admin user account configuration](#admin-user-account-configuration) - [Database Fields Encryption Configuration](#database-fields-encryption-configuration) @@ -144,6 +145,11 @@ $ kubectl get secret eda-demo-admin-password -o jsonpath="{.data.password}" | ba yDL2Cx5Za94g9MvBP6B73nzVLlmfgPjR ``` +## Upgrades + +We recommend you take an backup by creating an EDABackup resource before upgrading, particularly if the new version includes a PostgreSQL database version change. + +For information on how to upgrade, please see the [upgrading.md](./docs/upgrade/upgrading.md). ## Advanced Configuration @@ -217,6 +223,7 @@ spec: - [EDA application settings](./docs/user-guide/advanced-configuration/settings.md) - [Deploy a Specific Version of EDA](./docs/user-guide/advanced-configuration/deploying-a-specific-version.md) - [Trusting a Custom Certificate Authority](./docs/user-guide/advanced-configuration/trusting-a-custom-certificate-authority.md) +- [Database Configuration](./docs/user-guide/database-configuration.md) ## Maintainers Docs diff --git a/config/crd/bases/eda.ansible.com_edas.yaml b/config/crd/bases/eda.ansible.com_edas.yaml index 17f1bb93..17684ede 100644 --- a/config/crd/bases/eda.ansible.com_edas.yaml +++ b/config/crd/bases/eda.ansible.com_edas.yaml @@ -2286,10 +2286,6 @@ spec: type: string description: NodeSelector for the database pod. type: object - postgres_data_path: - description: 'Registry path to the PostgreSQL container to use. - Default: "/var/lib/pgsql/data/userdata"' - type: string postgres_extra_args: description: Arguments to pass to postgres process items: @@ -2305,6 +2301,10 @@ spec: description: 'Configure PostgreSQL connection sslmode option. Default: "prefer"' type: string + postgres_keep_pvc_after_upgrade: + description: Specify whether or not to keep the old PVC after PostgreSQL upgrades + type: boolean + default: true storage_requirements: description: Storage requirements for the PostgreSQL container properties: @@ -2492,6 +2492,9 @@ spec: dbFieldsEncryptionSecret: description: Database Fields Encryption secret name of the deployed instance type: string + upgradedPostgresVersion: + description: Status to indicate that the database has been upgraded to the version in the status + type: string image: description: URL of the image used for the deployed instance type: string diff --git a/config/manifests/bases/eda-server-operator.clusterserviceversion.yaml b/config/manifests/bases/eda-server-operator.clusterserviceversion.yaml index ab2d6e43..51e73c84 100644 --- a/config/manifests/bases/eda-server-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/eda-server-operator.clusterserviceversion.yaml @@ -265,11 +265,6 @@ spec: x-descriptors: - urn:alm:descriptor:io.kubernetes:StorageClass - urn:alm:descriptor:com.tectonic.ui:advanced - - displayName: Database data path - path: database.postgres_data_path - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Database Extra Arguments path: database.postgres_extra_args x-descriptors: @@ -298,6 +293,11 @@ spec: path: database.priority_class x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced + - displayName: Should PostgreSQL data for managed databases be kept after upgrades? + path: database.postgres_keep_pvc_after_upgrade + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - displayName: API Image path: image x-descriptors: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 0515fd0a..93ecaf59 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -96,6 +96,12 @@ rules: - patch - update - watch + - apiGroups: + - apps + resources: + - deployments/scale + verbs: + - patch - apiGroups: - "" resources: diff --git a/docs/upgrade/upgrading.md b/docs/upgrade/upgrading.md new file mode 100644 index 00000000..68e8ca76 --- /dev/null +++ b/docs/upgrade/upgrading.md @@ -0,0 +1,61 @@ +### Upgrading + +Before upgrading, please review the changelog for any breaking or notable changes in the releases between your current version and the one you are upgrading to. These changes can be found on the [Release page](https://github.com/ansible/eda-server-operator/releases). + + +All operator versions pin to the most recent eda-server and ui image version at the time of the operator release by default. This is so that the application version only changes when you upgrade your operator (unless overriden). + +To find the version of eda-server that will be installed by the operator, check the version specified in the `DEFAULT_EDA_VERSION` and `DEFAULT_EDA_UI_VERSION` variable for that particular release. You can do so by running the following command + +```shell +EDA_OPERATOR_VERSION=1.0.1 +docker run --entrypoint="" quay.io/ansible/eda-server-operator:$EDA_OPERATOR_VERSION bash -c "env | egrep "DEFAULT_EDA_VERSION|DEFAULT_EDA_UI_VERSION" +``` + +Follow the installation instructions ('make deploy', 'kustomization', etc.) using the new release version to apply the new operator yaml and upgrade the operator. This will in turn also upgrade your EDA deployment. + +For example, if you installed with kustomize, you could modify the version in your kustomization.yaml file from 1.0.0 to 1.0.1, then apply it. + +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - config/default + +# Set the image tags to match the git version from above +images: + - name: quay.io/ansible/eda-server-operator + newTag: 1.0.1 + +# Specify a custom namespace in which to install EDA +namespace: eda +``` + +Then run this to apply it: + +``` +kustomize build . | kubectl apply -f - +``` + +#### Backup + +The first part of any upgrade should be a backup. Note, there are secrets in the pod which work in conjunction with the database. Having just a database backup without the required secrets will not be sufficient for recovering from an issue when upgrading to a new version. See the [backup role documentation](./roles/backup/README.md) for information on how to backup your database and secrets. + +In the event you need to recover the backup see the [restore role documentation](./roles/restore/README.md). *Before Restoring from a backup*, be sure to: +* delete the old existing EDA CR +* delete the persistent volume claim (PVC) for the database from the old deployment, which has a name like `postgres-15--postgres-15-0` + +**Note**: Do not delete the namespace/project, as that will delete the backup and the backup's PVC as well. + + +#### PostgreSQL Upgrade Considerations + +If there is a PostgreSQL major version upgrade, after the data directory on the PVC is migrated to the new version, the old PVC is kept by default. +This provides the ability to roll back if needed, but can take up extra storage space in your cluster unnecessarily. By default, the postgres pvc from the previous version will remain unless you manually remove it, or have the `database.postgres_keep_pvc_after_upgrade` parameter set to false. You can configure it to be deleted automatically +after a successful upgrade by setting the following variable on the EDA spec. + +```yaml + spec: + database: + postgres_keep_pvc_after_upgrade: false +``` diff --git a/docs/user-guide/database-configuration.md b/docs/user-guide/database-configuration.md new file mode 100644 index 00000000..b9a42c3d --- /dev/null +++ b/docs/user-guide/database-configuration.md @@ -0,0 +1,93 @@ +### Database Configuration + +#### PostgreSQL Version + +The default PostgreSQL version for the version of EDA bundled with the latest version of the eda-server-operator is PostgreSQL 15. You can find this default for a given version by at the default value for [supported_pg_version](./roles/eda/vars/main.yml). + +We only have coverage for the default version of PostgreSQL. Newer versions of PostgreSQL will likely work, but should only be configured as an external database. If your database is managed by the operator (default if you don't specify a `postgres_configuration_secret`), then you should not override the default version as this may cause issues when operator tries to upgrade your postgresql pod. + +#### External PostgreSQL Service + +To configure EDA to use an external database, the Custom Resource needs to know about the connection details. To do this, create a k8s secret with those connection details and specify the name of the secret as `postgres_configuration_secret` at the CR spec level. + + +The secret should be formatted as follows: + +```yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: -postgres-configuration + namespace: +stringData: + host: + port: + database: + username: + password: + sslmode: prefer + type: unmanaged +type: Opaque +``` + +> Please ensure that the value for the variable `password` should _not_ contain single or double quotes (`'`, `"`) or backslashes (`\`) to avoid any issues during deployment, [backup](./roles/backup) or [restoration](./roles/restore). + +> It is possible to set a specific username, password, port, or database, but still have the database managed by the operator. In this case, when creating the postgres-configuration secret, the `type: managed` field should be added. + +**Note**: The variable `sslmode` is valid for `external` databases only. The allowed values are: `prefer`, `disable`, `allow`, `require`, `verify-ca`, `verify-full`. + +Once the secret is created, you can specify it on your spec: + +```yaml +--- +spec: + ... + postgres_configuration_secret: +``` + +#### Managed PostgreSQL Service + +If you don't have access to an external PostgreSQL service, the EDA operator can deploy one for you along side the EDA instance itself. + +The following variables are customizable for the managed PostgreSQL service + +| Name | Description | Default | +| --------------------------------------------- | --------------------------------------------- | -------------------------------------- | +| postgres_image | Path of the image to pull | quay.io/sclorg/postgresql-15-c9s | +| postgres_image_version | Image version to pull | c9s | +| database.resource_requirements | PostgreSQL container resource requirements | requests: {cpu: 50m, memory: 100Mi} | +| database.storage_requirements | PostgreSQL container storage requirements | requests: {storage: 8Gi} | +| database.postgres_storage_class | PostgreSQL PV storage class | Empty string | +| database.priority_class | Priority class used for PostgreSQL pod | Empty string | + +Example of customization could be: + +```yaml +--- +spec: + ... + database: + resource_requirements: + requests: + cpu: 500m + memory: 2Gi + limits: + cpu: '1' + memory: 4Gi + storage_requirements: + requests: + storage: 8Gi + postgres_storage_class: fast-ssd + postgres_extra_args: + - '-c' + - 'max_connections=1000' +``` + +**Note**: If `database.postgres_storage_class` is not defined, PostgreSQL will store it's data on a volume using the default storage class for your cluster. + +#### Note about overriding the postgres image + +We recommend you use the default image sclorg image. If you override the postgres image to use a custom postgres image like `postgres:15` for example, the default data directory path may be different. These images cannot be used interchangeably. + +You can no longer configure a custom `postgres_data_path` because it is hardcoded in the quay.io/sclorg/postgresql-15-c9s image. diff --git a/roles/backup/vars/main.yml b/roles/backup/vars/main.yml index 8eba58e1..9e3e7ccf 100644 --- a/roles/backup/vars/main.yml +++ b/roles/backup/vars/main.yml @@ -1,7 +1,7 @@ --- deployment_type: "eda" -_postgres_image: quay.io/sclorg/postgresql-13-c9s +_postgres_image: quay.io/sclorg/postgresql-15-c9s _postgres_image_version: latest backup_complete: false database_type: "unmanaged" -supported_pg_version: 13 +supported_pg_version: 15 diff --git a/roles/eda/tasks/update_status.yml b/roles/eda/tasks/update_status.yml index 21d03a67..c5fed3dd 100644 --- a/roles/eda/tasks/update_status.yml +++ b/roles/eda/tasks/update_status.yml @@ -53,3 +53,13 @@ status: URL: "https://{{ route_url['resources'][0]['status']['ingress'][0]['host'] }}" when: ingress_type | lower == 'route' + +- name: Update upgradedPostgresVersion status + operator_sdk.util.k8s_status: + api_version: '{{ api_version }}' + kind: "{{ kind }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" + status: + upgradedPostgresVersion: "{{ upgraded_postgres_version | string }}" + when: upgraded_postgres_version is defined diff --git a/roles/postgres/defaults/main.yml b/roles/postgres/defaults/main.yml index 4da7ff37..c8537c44 100644 --- a/roles/postgres/defaults/main.yml +++ b/roles/postgres/defaults/main.yml @@ -4,7 +4,7 @@ deployment_type: eda database_name: "{{ deployment_type }}" database_username: "{{ deployment_type }}" -_postgres_image: quay.io/sclorg/postgresql-13-c9s +_postgres_image: quay.io/sclorg/postgresql-15-c9s _postgres_image_version: latest # Add a nodeSelector for the Postgres pods. @@ -39,9 +39,9 @@ _database: node_selector: '' priority_class: '' tolerations: '' - postgres_data_path: '/var/lib/pgsql/data/userdata' postgres_extra_args: '' - database_secret: '' # Name of k8s secret containing postgres host, username, password, database, port, and type + postgres_keep_pvc_after_upgrade: true # Specify whether or not to keep the old PVC after PostgreSQL upgrades + database_secret: '' # Name of k8s secret containing postgres host, username, password, database, port, and type image_pull_policy: IfNotPresent diff --git a/roles/postgres/tasks/check_postgres_version.yml b/roles/postgres/tasks/check_postgres_version.yml new file mode 100644 index 00000000..170e1aeb --- /dev/null +++ b/roles/postgres/tasks/check_postgres_version.yml @@ -0,0 +1,76 @@ +--- + +# It is possible that N-2 postgres pods may still be present in the namespace from previous upgrades. +# So we have to take that into account and preferentially set the most recent one. +- name: Get the old postgres pod (N-1) + k8s_info: + kind: Pod + namespace: "{{ ansible_operator_meta.namespace }}" + field_selectors: + - status.phase=Running + register: _running_pods + +- block: + - name: Filter pods by name + set_fact: + filtered_old_postgres_pods: "{{ _running_pods.resources | + selectattr('metadata.name', 'match', ansible_operator_meta.name + '-postgres.*-0') | + rejectattr('metadata.name', 'search', '-' + supported_pg_version | string + '-0') | + list }}" + + # Sort pods by name in reverse order (most recent PG version first) and set + - name: Set info for previous postgres pod + set_fact: + sorted_old_postgres_pods: "{{ filtered_old_postgres_pods | + sort(attribute='metadata.name') | + reverse | list }}" + when: filtered_old_postgres_pods | length + + - name: Set info for previous postgres pod + set_fact: + old_postgres_pod: "{{ sorted_old_postgres_pods | first }}" + when: filtered_old_postgres_pods | length + when: _running_pods.resources | length + +- name: Look up details for this deployment + k8s_info: + api_version: "{{ api_version }}" + kind: "{{ kind }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" + register: this_eda + +# If this deployment has been upgraded before or if upgrade has already been started, set this var +- name: Set previous PG version var + set_fact: + _previous_upgraded_pg_version: "{{ this_eda['resources'][0]['status']['upgradedPostgresVersion'] | default(false) }}" + when: + - "'upgradedPostgresVersion' in this_eda['resources'][0]['status']" + +- name: Check if postgres pod is running an older version + block: + - name: Set path to PG_VERSION file for given container image + set_fact: + path_to_pg_version: '{{ _postgres_data_path }}/PG_VERSION' + + - name: Get old PostgreSQL version + k8s_exec: + namespace: "{{ ansible_operator_meta.namespace }}" + pod: "{{ old_postgres_pod['metadata']['name'] }}" + command: | + bash -c """ + cat {{ path_to_pg_version }} + """ + register: _old_pg_version + + - debug: + msg: "--- Upgrading from {{ old_postgres_pod['metadata']['name'] | default('NONE')}} Pod ---" + + - name: Upgrade data dir from old Postgres to {{ supported_pg_version }} if applicable + include_tasks: upgrade_postgres.yml + when: + - (_old_pg_version.stdout | default(0) | int ) < supported_pg_version + when: + - managed_database + - (_previous_upgraded_pg_version | default(false)) | ternary(_previous_upgraded_pg_version | int < supported_pg_version, true) + - old_postgres_pod | length # If empty, then old pg pod has been removed and we can assume the upgrade is complete diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml index 130f2fc0..4297ace3 100644 --- a/roles/postgres/tasks/main.yml +++ b/roles/postgres/tasks/main.yml @@ -13,6 +13,11 @@ - name: Set variables to be used in Postgres templates import_tasks: set_variables.yml +# Managed Database block +- name: Check PostgreSQL version to determine if an upgrade is needed + import_tasks: check_postgres_version.yml + when: managed_database + - name: Create managed Postgres StatefulSet if no external db is defined import_tasks: create_managed_postgres.yml when: managed_database diff --git a/roles/postgres/tasks/scale_down_deployment.yml b/roles/postgres/tasks/scale_down_deployment.yml new file mode 100644 index 00000000..d7ceb542 --- /dev/null +++ b/roles/postgres/tasks/scale_down_deployment.yml @@ -0,0 +1,26 @@ +--- + +- name: Check for presence of Deployment + k8s_info: + api_version: apps/v1 + kind: Deployment + name: "{{ ansible_operator_meta.name }}-api" + namespace: "{{ ansible_operator_meta.namespace }}" + register: this_deployment + +# TODO: Determine if other deployments need to be scaled down too or not +- name: Scale down Deployment for migration + kubernetes.core.k8s_scale: + api_version: apps/v1 + kind: Deployment + name: "{{ item }}" + namespace: "{{ ansible_operator_meta.namespace }}" + replicas: 0 + wait: yes + loop: + - "{{ ansible_operator_meta.name }}-api" + - "{{ ansible_operator_meta.name }}-scheduler" + - "{{ ansible_operator_meta.name }}-default-worker" + - "{{ ansible_operator_meta.name }}-activation-worker" + when: this_deployment['resources'] | length + diff --git a/roles/postgres/tasks/upgrade_postgres.yml b/roles/postgres/tasks/upgrade_postgres.yml new file mode 100644 index 00000000..d361a07a --- /dev/null +++ b/roles/postgres/tasks/upgrade_postgres.yml @@ -0,0 +1,181 @@ +--- + +# Upgrade Posgres (Managed Databases only) +# * If postgres version is not supported_pg_version, and not an external postgres instance (when managed_database is yes), +# then run this playbook with include_tasks from database_configuration.yml +# * Data will be streamed via a pg_dump from the postgres 12/13 pod to the postgres supported_pg_version +# pod via a pg_restore. + + +- name: Scale down Deployment for migration + include_tasks: scale_down_deployment.yml + +- name: Delete existing postgres configuration secret + k8s: + api_version: v1 + kind: Secret + name: "{{ ansible_operator_meta.name }}-postgres-configuration" + namespace: "{{ ansible_operator_meta.namespace }}" + state: absent + wait: yes + +- name: Create Database configuration with new -postgres-{{ supported_pg_version }} hostname + k8s: + apply: true + definition: "{{ lookup('template', 'postgres_upgrade_secret.yaml.j2') }}" + no_log: "{{ no_log }}" + +- name: Set new database var to be used when configuring app credentials (resources_configuration.yml) + set_fact: + eda_postgres_host: "{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}" + no_log: "{{ no_log }}" + +- name: Create Database and StatefulSet if no database is specified + k8s: + apply: yes + definition: "{{ lookup('template', item + '.yaml.j2') }}" + wait: yes + loop: + - 'postgres.service' + - 'postgres.statefulset' + register: create_statefulset_result + +- name: Apply database resources + k8s: + apply: yes + definition: "{{ lookup('template', item + '.yaml.j2') }}" + wait: no + register: postgres_resources_result + loop: + - 'postgres.service' + - 'postgres.statefulset' + no_log: "{{ no_log }}" + +- name: Set postgres label if not defined by user + set_fact: + postgres_label_selector: "app.kubernetes.io/instance=postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}" + when: postgres_label_selector is not defined + +- name: Get new postgres pod information + k8s_info: + kind: Pod + namespace: "{{ ansible_operator_meta.namespace }}" + label_selectors: + - "{{ postgres_label_selector }}" + field_selectors: + - status.phase=Running + register: postgres_pod + until: + - "postgres_pod['resources'] | length" + - "postgres_pod['resources'][0]['status']['phase'] == 'Running'" + - "postgres_pod['resources'][0]['status']['containerStatuses'][0]['ready'] == true" + delay: 5 + retries: 60 + +- name: Set the resource pod name as a variable. + set_fact: + postgres_pod_name: "{{ postgres_pod['resources'][0]['metadata']['name'] }}" + +- name: Get the name of the service for the old postgres pod + k8s_info: + kind: Service + namespace: "{{ ansible_operator_meta.namespace }}" + label_selectors: + - "app.kubernetes.io/component=database" + - "app.kubernetes.io/instance={{ old_postgres_pod.metadata.labels['app.kubernetes.io/instance'] }}" + - "app.kubernetes.io/managed-by={{ deployment_type }}-operator" + register: old_postgres_svc + +- name: Set full resolvable host name for postgres pod + set_fact: + resolvable_db_host: "{{ old_postgres_svc['resources'][0]['metadata']['name'] }}.{{ ansible_operator_meta.namespace }}.svc" # yamllint disable-line rule:line-length + no_log: "{{ no_log }}" + +- name: Set pg_dump command + set_fact: + pgdump: >- + pg_dump + -h {{ resolvable_db_host }} + -U {{ eda_postgres_user }} + -d {{ eda_postgres_database }} + -p {{ eda_postgres_port }} + -F custom + no_log: "{{ no_log }}" + +- name: Set pg_restore command + set_fact: + pg_restore: >- + pg_restore + -U {{ eda_postgres_user }} + -d {{ eda_postgres_database }} + no_log: "{{ no_log }}" + +- name: Stream backup from pg_dump to the new postgresql container + k8s_exec: + namespace: "{{ ansible_operator_meta.namespace }}" + pod: "{{ postgres_pod_name }}" + command: | + bash -c " + function end_keepalive { + rc=$? + rm -f \"$1\" + kill $(cat /proc/$2/task/$2/children 2>/dev/null) 2>/dev/null || true + wait $2 || true + exit $rc + } + keepalive_file=\"$(mktemp)\" + while [[ -f \"$keepalive_file\" ]]; do + echo 'Migrating data to new PostgreSQL {{ supported_pg_version }} Database...' + sleep 60 + done & + keepalive_pid=$! + trap 'end_keepalive \"$keepalive_file\" \"$keepalive_pid\"' EXIT SIGINT SIGTERM + echo keepalive_pid: $keepalive_pid + set -e -o pipefail + psql -c 'GRANT postgres TO {{ eda_postgres_user }}' + PGPASSWORD=\"$POSTGRES_PASSWORD\" {{ pgdump }} | PGPASSWORD=\"$POSTGRES_PASSWORD\" {{ pg_restore }} + psql -c 'REVOKE postgres FROM {{ eda_postgres_user }}' + set +e +o pipefail + echo 'Successful' + " + no_log: "{{ no_log }}" + register: data_migration + failed_when: "'Successful' not in data_migration.stdout" + +- name: Set flag signifying that this instance has been migrated + set_fact: + upgraded_postgres_version: '{{ supported_pg_version }}' + +# Cleanup old Postgres resources +- name: Remove old Postgres StatefulSet + k8s: + kind: StatefulSet + api_version: v1 + namespace: "{{ ansible_operator_meta.namespace }}" + name: "{{ item }}" + state: absent + wait: true + loop: + - "{{ ansible_operator_meta.name }}-postgres-13" + +- name: Remove old Postgres Service + k8s: + kind: Service + api_version: v1 + namespace: "{{ ansible_operator_meta.namespace }}" + name: "{{ item }}" + state: absent + loop: + - "{{ ansible_operator_meta.name }}-postgres-13" + +- name: Remove old persistent volume claim + k8s: + kind: PersistentVolumeClaim + api_version: v1 + namespace: "{{ ansible_operator_meta.namespace }}" + name: "{{ item }}" + state: absent + loop: + - "postgres-{{ ansible_operator_meta.name }}-postgres-13-0" + - "postgres-13-{{ ansible_operator_meta.name }}-postgres-13-0" + when: not combined_database.postgres_keep_pvc_after_upgrade | bool diff --git a/roles/postgres/templates/postgres.statefulset.yaml.j2 b/roles/postgres/templates/postgres.statefulset.yaml.j2 index 35518dd8..36ce1191 100644 --- a/roles/postgres/templates/postgres.statefulset.yaml.j2 +++ b/roles/postgres/templates/postgres.statefulset.yaml.j2 @@ -106,8 +106,8 @@ spec: name: postgres-{{ supported_pg_version }} volumeMounts: - name: postgres-{{ supported_pg_version }} - mountPath: '{{ combined_database.postgres_data_path | dirname }}' - subPath: '{{ combined_database.postgres_data_path | dirname | basename }}' + mountPath: '{{ _postgres_data_path | dirname }}' + subPath: '{{ _postgres_data_path | dirname | basename }}' {% if combined_database.resource_requirements is defined %} resources: {{ combined_database.resource_requirements }} {% endif %} diff --git a/roles/postgres/templates/postgres_upgrade_secret.yaml.j2 b/roles/postgres/templates/postgres_upgrade_secret.yaml.j2 new file mode 100644 index 00000000..2248f6e1 --- /dev/null +++ b/roles/postgres/templates/postgres_upgrade_secret.yaml.j2 @@ -0,0 +1,17 @@ +# Postgres Secret. +--- +apiVersion: v1 +kind: Secret +metadata: + name: '{{ ansible_operator_meta.name }}-postgres-configuration' + namespace: '{{ ansible_operator_meta.namespace }}' + labels: + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} +stringData: + password: '{{ eda_postgres_pass }}' + username: '{{ eda_postgres_user }}' + database: '{{ eda_postgres_database }}' + port: '{{ eda_postgres_port }}' + host: '{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}' + type: 'managed' + diff --git a/roles/postgres/vars/main.yml b/roles/postgres/vars/main.yml index 08c74dee..47b78000 100644 --- a/roles/postgres/vars/main.yml +++ b/roles/postgres/vars/main.yml @@ -1,4 +1,7 @@ --- # vars file for PostgreSQL database -supported_pg_version: 13 +supported_pg_version: 15 +_previous_upgraded_pg_version: 0 +_postgres_data_path: '/var/lib/pgsql/data/userdata' +old_postgres_pod: [] diff --git a/roles/restore/README.md b/roles/restore/README.md index 7122d652..6a0741e9 100644 --- a/roles/restore/README.md +++ b/roles/restore/README.md @@ -19,7 +19,7 @@ This role assumes you are authenticated with an Openshift or Kubernetes cluster: *Before Restoring from a backup*, be sure to: - delete the old existing EDA CR - - delete the persistent volume claim (PVC) for the database from the old deployment, which has a name like `postgres-13--postgres-13-0` + - delete the persistent volume claim (PVC) for the database from the old deployment, which has a name like `postgres-15--postgres-15-0` **Note**: Do not delete the namespace/project, as that will delete the backup and the backup's PVC as well. diff --git a/roles/restore/tasks/secrets.yml b/roles/restore/tasks/secrets.yml index f049d1cb..7bd0d5bf 100644 --- a/roles/restore/tasks/secrets.yml +++ b/roles/restore/tasks/secrets.yml @@ -32,11 +32,16 @@ set_fact: _generated_pg_secret_name: "{{ deployment_name }}-postgres-configuration" - - name: Override postgres_configuration_secret + - name: Set tmp database dict + set_fact: + _tmp_database: "{{ spec['database'] | combine({'database_secret': _generated_pg_secret_name}, recursive=True) }}" + no_log: "{{ no_log }}" + + - name: Override database_secret set_fact: spec: - "{{ spec | combine({'postgres_configuration_secret': _generated_pg_secret_name}, recursive=True) }}" - when: secrets['postgresConfigurationSecret']['data']['type'] | b64decode == 'managed' + "{{ spec | combine({'database': _tmp_database}, recursive=True) }}" + when: secrets['databaseConfigurationSecret']['data']['type'] | b64decode == 'managed' - name: If deployment is managed, set the database_host in the pg config secret block: diff --git a/roles/restore/vars/main.yml b/roles/restore/vars/main.yml index 843fe2b9..1d404f9d 100644 --- a/roles/restore/vars/main.yml +++ b/roles/restore/vars/main.yml @@ -1,8 +1,8 @@ --- deployment_type: "eda" -supported_pg_version: 13 -_postgres_image: quay.io/sclorg/postgresql-13-c9s +supported_pg_version: 15 +_postgres_image: quay.io/sclorg/postgresql-15-c9s _postgres_image_version: latest backup_api_version: '{{ deployment_type }}.ansible.com/v1alpha1'