Upgrading to PostgreSQL 15 and moving to sclorg images

config/manager/manager.yaml

@@ -62,7 +62,7 @@ spec:
             - name: RELATED_IMAGE_GALAXY_REDIS
               value: redis:latest
             - name: RELATED_IMAGE_GALAXY_POSTGRES
-              value: postgres:13
+              value: quay.io/sclorg/postgresql-15-c9s:latest
             - name: RELATED_IMAGE_GALAXY_INIT_GPG_CONTAINER
               value: quay.io/centos/centos:stream9
         securityContext:

config/manifests/bases/galaxy-operator.clusterserviceversion.yaml

@@ -940,7 +940,7 @@ spec:
                 - name: RELATED_IMAGE_GALAXY_REDIS
                   value: redis:latest
                 - name: RELATED_IMAGE_GALAXY_POSTGRES
-                  value: postgres:13
+                  value: quay.io/sclorg/postgresql-15-c9s:latest
                 - name: RELATED_IMAGE_GALAXY_INIT_GPG_CONTAINER
                   value: quay.io/centos/centos:stream9
                 image: quay.io/ansible/galaxy-operator:main

config/samples/galaxy_v1beta1_galaxybackup_cr.default.yaml

@@ -8,4 +8,3 @@ spec:
   backup_pvc: ''
   backup_storage_requirements: ''
   backup_storage_class: ''
-  postgres_label_selector: ''

config/samples/galaxy_v1beta1_galaxyrestore_cr.default.yaml

@@ -5,4 +5,3 @@ metadata:
   name: example-galaxyrestore
 spec:
   backup_name: ''
-  postgres_label_selector: ''

roles/backup/defaults/main.yml

@@ -12,8 +12,6 @@ backup_storage_requirements: ''
 # Specify storage class to determine how to dynamically create PVC's with
 backup_storage_class: ''
 
-postgres_version: 13
-
 # Secret Names
 admin_password_secret: "{{ deployment_name }}-admin-password"
 postgres_configuration_secret: "{{ deployment_name }}-postgres-configuration"

roles/backup/tasks/postgres.yml

@@ -44,7 +44,7 @@
         namespace: '{{ ansible_operator_meta.namespace }}'
         label_selectors:
           - "{{ postgres_label_selector }}"
-          - "app.kubernetes.io/version={{ postgres_version }}"
+          - "app.kubernetes.io/version={{ supported_pg_version }}"
       register: postgres_pod
       until: "postgres_pod['resources'][0]['status']['phase'] == 'Running'"
       delay: 5

roles/backup/templates/secrets.yaml.j2

@@ -8,7 +8,7 @@ database_port: {{ database_port }}
 database_host: {{ database_host }}
 database_type: {{ database_type }}
 database_sslmode: {{ postgres_sslmode }}
-postgres_version: {{ postgres_version }}
+postgres_version: {{ supported_pg_version }}
 {% if database_type == 'unmanaged' %}
 db_secret_name: {{ postgres_configuration_secret }}
 {% endif %}

roles/backup/vars/main.yml

@@ -1,3 +1,5 @@
 ---
 deployment_type: "galaxy"
-_postgres_image: postgres:13
+_postgres_image: quay.io/sclorg/postgresql-15-c9s:latest
+
+supported_pg_version: 15

roles/common/defaults/main.yml

@@ -93,8 +93,7 @@ default_azure_settings:
   DEFAULT_FILE_STORAGE: "storages.backends.azure_storage.AzureStorage"
 
 # postgres_configuration.yml
-postgres_version: 13
-_postgres_image: postgres:13
+_postgres_image: quay.io/sclorg/postgresql-15-c9s:latest
 
 # Secret to lookup that provide the PostgreSQL configuration
 postgres_configuration_secret: '{{ ansible_operator_meta.name }}-postgres-configuration'
@@ -127,4 +126,4 @@ node_selector: ''
 #     operator: "Equal"
 #     value: "Galaxy"
 #     effect: "NoSchedule"
-tolerations: ''
+tolerations: ''

roles/common/templates/postgres.secret.yaml.j2

@@ -10,6 +10,6 @@ stringData:
   username: '{{ deployment_type }}'
   database: '{{ deployment_type }}'
   port: '5432'
-  host: {{ ansible_operator_meta.name }}-postgres-{{ postgres_version }}
+  host: {{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}
   sslmode: {{ postgres_sslmode | default('prefer') }}
   type: 'managed'

roles/common/vars/main.yml

@@ -0,0 +1,2 @@
+---
+supported_pg_version: 15

roles/galaxy-status/tasks/main.yml

@@ -25,7 +25,7 @@
     name: "{{ ansible_operator_meta.name }}"
     namespace: "{{ ansible_operator_meta.namespace }}"
     status:
-      upgradedPostgresVersion: "{{ upgraded_postgres_version }}"
+      upgradedPostgresVersion: "{{ upgraded_postgres_version | string }}"
   when:
     - upgraded_postgres_version is defined
     - upgraded_postgres_version | length

roles/postgres/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-postgres_version: 13
 _postgres_image: postgres
 
 postgres_storage_requirements:

roles/postgres/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 
-- k8s_status:
+- kubernetes.core.k8s_status:
     api_version: "{{ api_version }}"
     kind: "{{ kind }}"
     name: "{{ ansible_operator_meta.name }}"
@@ -31,19 +31,42 @@
     postgres_label_selector: "app.kubernetes.io/instance=postgres-{{ ansible_operator_meta.name }}"
   when: postgres_label_selector is not defined
 
-- name: Get the old postgres pod information
-  k8s_info:
+# It is possible that N-2 postgres pods may still be present in the namespace from previous upgrades.
+# So we have to take that into account and preferentially set the most recent one.
+- name: Get the old postgres pod (N-1)
+  kubernetes.core.k8s_info:
     kind: Pod
     namespace: "{{ ansible_operator_meta.namespace }}"
     label_selectors:
       - "{{ postgres_label_selector }}"
-      - "app.kubernetes.io/version=12"
     field_selectors:
       - status.phase=Running
-  register: old_postgres_pod
+  register: _running_pods
 
 - block:
-    - k8s_status:
+    - name: Filter pods by name
+      set_fact:
+        filtered_old_postgres_pods: "{{ _running_pods.resources |
+          selectattr('metadata.name', 'match', ansible_operator_meta.name + '-postgres.*-0') |
+          rejectattr('metadata.name', 'search', '-' + supported_pg_version | string + '-0') |
+          list }}"
+
+    # Sort pods by name in reverse order (most recent PG version first) and set
+    - name: Set info for previous postgres pod
+      set_fact:
+        sorted_old_postgres_pods: "{{ filtered_old_postgres_pods |
+          sort(attribute='metadata.name') |
+          reverse }}"
+      when: filtered_old_postgres_pods | length
+
+    - name: Set info for previous postgres pod
+      set_fact:
+        old_postgres_pod: "{{ sorted_old_postgres_pods | first }}"
+      when: filtered_old_postgres_pods | length
+  when: _running_pods.resources | length
+
+- block:
+    - kubernetes.core.k8s_status:
         api_version: "{{ api_version }}"
         kind: "{{ kind }}"
         name: "{{ ansible_operator_meta.name }}"
@@ -59,41 +82,50 @@
       k8s:
         apply: true
         definition: "{{ lookup('template', 'postgres.yaml.j2') }}"
-
   when: managed_database
 
 - name: Look up details for this deployment
-  k8s_info:
+  kubernetes.core.k8s_info:
     api_version: "{{ api_version }}"
     kind: "{{ kind }}"
     name: "{{ ansible_operator_meta.name }}"
     namespace: "{{ ansible_operator_meta.namespace }}"
   register: this_galaxy
 
+# If this deployment has been upgraded before or if upgrade has already been started, set this var
+- name: Set previous PG version var
+  set_fact:
+    _previous_upgraded_pg_version: "{{ this_galaxy['resources'][0]['status']['upgradedPostgresVersion'] | default(false) }}"
+  when:
+    - "'upgradedPostgresVersion' in this_galaxy['resources'][0]['status']"
+
 - name: Check if postgres pod is running and version 12
   block:
     - name: Set path to PG_VERSION file for given container image
       set_fact:
         path_to_pg_version: '{{ postgres_data_path }}/PG_VERSION'
 
     - name: Get old PostgreSQL version
-      k8s_exec:
+      kubernetes.core.k8s_exec:
         namespace: "{{ ansible_operator_meta.namespace }}"
-        pod: "{{ old_postgres_pod['resources'][0]['metadata']['name'] }}"
+        pod: "{{ old_postgres_pod['metadata']['name'] }}"
         command: |
           bash -c """
           cat {{ path_to_pg_version }}
           """
       register: _old_pg_version
 
-    - name: Upgrade data dir from Postgres 12 to 13 if applicable
+    - debug:
+        msg: "--- Upgrading from {{ old_postgres_pod['metadata']['name'] | default('NONE')}} Pod ---"
+
+    - name: Upgrade data dir from old Postgres to {{ supported_pg_version }} if applicable
       include_tasks: upgrade_postgres.yml
       when:
-        - _old_pg_version.stdout | default('0') | trim == '12'
+        - (_old_pg_version.stdout | default(0) | int ) < supported_pg_version
   when:
     - managed_database
-    - this_galaxy['resources'][0]['status']['upgradedPostgresVersion'] | default('none') != '12'
-    - old_postgres_pod['resources'] | length  # upgrade is complete and old pg pod has been removed
+    - (_previous_upgraded_pg_version | default(false)) | ternary(_previous_upgraded_pg_version | int < supported_pg_version, true)
+    - old_postgres_pod | length  # If empty, then old pg pod has been removed and we can assume the upgrade is complete
 
 - name: Migrate data from old Openshift instance
   import_tasks: migrate_data.yml
@@ -103,16 +135,16 @@
     - not database_status_present
 
 - name: Check PostgreSQL status
-  k8s_info:
+  kubernetes.core.k8s_info:
     api_version: v1
     kind: StatefulSet
-    namespace: '{{ ansible_operator_meta.namespace }}'
-    name: '{{ ansible_operator_meta.name }}-postgres-{{ postgres_version }}'
+    namespace: "{{ ansible_operator_meta.namespace }}"
+    name: "{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}"
   register: _pg_sts_status
 
 # This status will probably not reflect the real state during the first playbook execution
 # I thought to put a wait_for here, but it would just delay the execution of the other tasks
-- k8s_status:
+- kubernetes.core.k8s_status:
     api_version: "{{ api_version }}"
     kind: "{{ kind }}"
     name: "{{ ansible_operator_meta.name }}"

roles/postgres/tasks/migrate_data.yml

@@ -21,7 +21,7 @@
     namespace: '{{ ansible_operator_meta.namespace }}'
     label_selectors:
       - "{{ postgres_label_selector }}"
-      - "app.kubernetes.io/version={{ postgres_version }}"
+      - "app.kubernetes.io/version={{ supported_pg_version }}"
   register: postgres_pod
   until: "postgres_pod['resources'][0]['status']['phase'] == 'Running'"
   delay: 5