From 136ba821be371c88b78f89ee036486cf05b17c43 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 11:33:04 -0500 Subject: [PATCH 01/11] revert: revert PR 1971 --- Dockerfile-15 | 1 + Dockerfile-17 | 1 + Dockerfile-orioledb-17 | 1 + ...ions.service => database-optimizations.service} | 0 ansible/files/postgres_prestart.sh.j2 | 2 +- ansible/files/postgresql_config/postgresql.conf.j2 | 2 +- ansible/files/postgresql_config/postgresql.service | 4 ++-- ansible/tasks/setup-postgres.yml | 8 ++++---- ansible/tasks/setup-supabase-internal.yml | 14 ++++++++++++++ nix/tests/postgresql.conf.in | 2 +- 10 files changed, 26 insertions(+), 9 deletions(-) rename ansible/files/{database_optimizations.service => database-optimizations.service} (100%) diff --git a/Dockerfile-15 b/Dockerfile-15 index bce2526cb..c990acf1f 100644 --- a/Dockerfile-15 +++ b/Dockerfile-15 @@ -218,6 +218,7 @@ COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /h COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh RUN sed -i \ + -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ /etc/postgresql/postgresql.conf && \ diff --git a/Dockerfile-17 b/Dockerfile-17 index 0dc465bdc..847e9cda8 100644 --- a/Dockerfile-17 +++ b/Dockerfile-17 @@ -222,6 +222,7 @@ COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /h COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh RUN sed -i \ + -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ /etc/postgresql/postgresql.conf && \ diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17 index c343f1cd1..65accea43 100644 --- a/Dockerfile-orioledb-17 +++ b/Dockerfile-orioledb-17 @@ -222,6 +222,7 @@ COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /h COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh RUN sed -i \ + -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ /etc/postgresql/postgresql.conf && \ diff --git a/ansible/files/database_optimizations.service b/ansible/files/database-optimizations.service similarity index 100% rename from ansible/files/database_optimizations.service rename to ansible/files/database-optimizations.service diff --git a/ansible/files/postgres_prestart.sh.j2 b/ansible/files/postgres_prestart.sh.j2 index 97bc949be..7e3c61d15 100644 --- a/ansible/files/postgres_prestart.sh.j2 +++ b/ansible/files/postgres_prestart.sh.j2 @@ -15,7 +15,7 @@ check_orioledb_enabled() { } get_shared_buffers() { - local opt_conf="/etc/postgresql-custom/conf.d/generated_optimizations.conf" + local opt_conf="/etc/postgresql-custom/conf.d/generated-optimizations.conf" if [ ! -f "$opt_conf" ]; then return 0 fi diff --git a/ansible/files/postgresql_config/postgresql.conf.j2 b/ansible/files/postgresql_config/postgresql.conf.j2 index 316a5f22f..3e2d43e54 100644 --- a/ansible/files/postgresql_config/postgresql.conf.j2 +++ b/ansible/files/postgresql_config/postgresql.conf.j2 @@ -64,7 +64,7 @@ listen_addresses = '*' # what IP address(es) to listen on; #port = 5432 # (change requires restart) #max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) -unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories +#unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) #unix_socket_group = '' # (change requires restart) #unix_socket_permissions = 0777 # begin with 0 to use octal notation diff --git a/ansible/files/postgresql_config/postgresql.service b/ansible/files/postgresql_config/postgresql.service index f8b591176..efb52f18e 100644 --- a/ansible/files/postgresql_config/postgresql.service +++ b/ansible/files/postgresql_config/postgresql.service @@ -2,8 +2,8 @@ Description=PostgreSQL database server Documentation=man:postgres(1) {% if supabase_internal is defined %} -Requires=database_optimizations.service -After=database_optimizations.service +Requires=database-optimizations.service +After=database-optimizations.service {% endif %} [Service] diff --git a/ansible/tasks/setup-postgres.yml b/ansible/tasks/setup-postgres.yml index fca19df44..a3e0475fd 100644 --- a/ansible/tasks/setup-postgres.yml +++ b/ansible/tasks/setup-postgres.yml @@ -147,11 +147,11 @@ group: 'postgres' mode: '0664' owner: 'postgres' - path: "/etc/postgresql-custom/conf.d/{{ pg_config_item }}" + path: "/etc/postgresql-custom/{{ pg_config_item }}" state: 'touch' loop: - - 'custom_overrides.conf' - - 'generated_optimizations.conf' + - 'custom-overrides.conf' + - 'generated-optimizations.conf' loop_control: loop_var: 'pg_config_item' @@ -291,7 +291,7 @@ dest: "/etc/systemd/system/{{ systemd_svc_item | basename }}" src: "files/{{ systemd_svc_item }}" loop: - - 'database_optimizations.service' + - 'database-optimizations.service' - 'postgresql_config/postgresql.service' loop_control: loop_var: 'systemd_svc_item' diff --git a/ansible/tasks/setup-supabase-internal.yml b/ansible/tasks/setup-supabase-internal.yml index 7650d42b5..d59062012 100644 --- a/ansible/tasks/setup-supabase-internal.yml +++ b/ansible/tasks/setup-supabase-internal.yml @@ -75,6 +75,20 @@ state: 'directory' become: true +- name: Include file for generated optimizations in postgresql.conf + ansible.builtin.replace: + path: '/etc/postgresql/postgresql.conf' + regexp: "#include = '/etc/postgresql-custom/generated-optimizations.conf'" + replace: "include = '/etc/postgresql-custom/generated-optimizations.conf'" + become: true + +- name: Include file for custom overrides in postgresql.conf + ansible.builtin.replace: + path: '/etc/postgresql/postgresql.conf' + regexp: "#include = '/etc/postgresql-custom/custom-overrides.conf'" + replace: "include = '/etc/postgresql-custom/custom-overrides.conf'" + become: true + - name: Install Postgres exporter ansible.builtin.import_tasks: file: internal/postgres-exporter.yml diff --git a/nix/tests/postgresql.conf.in b/nix/tests/postgresql.conf.in index 6a6bfeaef..e4f844d07 100644 --- a/nix/tests/postgresql.conf.in +++ b/nix/tests/postgresql.conf.in @@ -62,7 +62,7 @@ listen_addresses = '*' # what IP address(es) to listen on; #port = @PGSQL_DEFAULT_PORT@ # (change requires restart) max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) -unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories +unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) #unix_socket_group = '' # (change requires restart) #unix_socket_permissions = 0777 # begin with 0 to use octal notation From c3cea2c91de65eb6c14c02ba718748a99bd2922c Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 11:48:17 -0500 Subject: [PATCH 02/11] revert: revert PR 1956 --- Dockerfile-15 | 1 + Dockerfile-17 | 1 + Dockerfile-orioledb-17 | 1 + .../{conf.d/read_replica.conf => custom_read_replica.conf} | 0 ansible/files/postgresql_config/postgresql.conf.j2 | 3 +++ ansible/tasks/setup-postgres.yml | 6 +++--- nix/packages/lib.nix | 6 ++++++ nix/tools/run-server.sh.in | 1 + 8 files changed, 16 insertions(+), 3 deletions(-) rename ansible/files/postgresql_config/{conf.d/read_replica.conf => custom_read_replica.conf} (100%) diff --git a/Dockerfile-15 b/Dockerfile-15 index c990acf1f..0856659f4 100644 --- a/Dockerfile-15 +++ b/Dockerfile-15 @@ -214,6 +214,7 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh +COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf /etc/postgresql-custom/read-replica.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh diff --git a/Dockerfile-17 b/Dockerfile-17 index 847e9cda8..eee4f233d 100644 --- a/Dockerfile-17 +++ b/Dockerfile-17 @@ -218,6 +218,7 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh +COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf /etc/postgresql-custom/read-replica.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17 index 65accea43..0e36d6f92 100644 --- a/Dockerfile-orioledb-17 +++ b/Dockerfile-orioledb-17 @@ -218,6 +218,7 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh +COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf /etc/postgresql-custom/read-replica.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh diff --git a/ansible/files/postgresql_config/conf.d/read_replica.conf b/ansible/files/postgresql_config/custom_read_replica.conf similarity index 100% rename from ansible/files/postgresql_config/conf.d/read_replica.conf rename to ansible/files/postgresql_config/custom_read_replica.conf diff --git a/ansible/files/postgresql_config/postgresql.conf.j2 b/ansible/files/postgresql_config/postgresql.conf.j2 index 3e2d43e54..1dd371012 100644 --- a/ansible/files/postgresql_config/postgresql.conf.j2 +++ b/ansible/files/postgresql_config/postgresql.conf.j2 @@ -752,6 +752,9 @@ jit_provider = 'llvmjit' # JIT library to use #include_if_exists = '...' # include file only if it exists #include = '...' # include file +# read replica specific configurations +include = '/etc/postgresql-custom/read-replica.conf' + # supautils specific configurations #include = '/etc/postgresql-custom/supautils.conf' diff --git a/ansible/tasks/setup-postgres.yml b/ansible/tasks/setup-postgres.yml index a3e0475fd..9f34bcdbe 100644 --- a/ansible/tasks/setup-postgres.yml +++ b/ansible/tasks/setup-postgres.yml @@ -167,13 +167,13 @@ loop_control: loop_var: 'pg_config_item' - - name: Move read-replica.conf file to /etc/postgresql-custom/conf.d/read-replica.conf + - name: Move read-replica.conf file to /etc/postgresql-custom/read-replica.conf ansible.builtin.copy: - dest: '/etc/postgresql-custom/conf.d/read_replica.conf' + dest: '/etc/postgresql-custom/read-replica.conf' mode: '0664' owner: 'postgres' group: 'postgres' - src: 'files/postgresql_config/conf.d/read_replica.conf' + src: 'files/postgresql_config/custom_read_replica.conf' - name: configure pam block: diff --git a/nix/packages/lib.nix b/nix/packages/lib.nix index 1b46f1cee..23e600796 100644 --- a/nix/packages/lib.nix +++ b/nix/packages/lib.nix @@ -48,6 +48,10 @@ name = "logging.conf"; path = ../../ansible/files/postgresql_config/postgresql-csvlog.conf; }; + readReplicaConfigFile = builtins.path { + name = "readreplica.conf"; + path = ../../ansible/files/postgresql_config/custom_read_replica.conf; + }; pgHbaConfigFile = builtins.path { name = "pg_hba.conf"; path = ../../ansible/files/postgresql_config/pg_hba.conf.j2; @@ -87,6 +91,7 @@ POSTGRESQL_CONFIG_DIR = "${postgresqlConfigBaseDir}"; PSQLORIOLEDB17_BINDIR = "${psql_orioledb-17}"; PGSODIUM_GETKEY = "${paths.getkeyScript}"; + READREPL_CONF_FILE = "${paths.readReplicaConfigFile}"; LOGGING_CONF_FILE = "${paths.loggingConfigFile}"; SUPAUTILS_CONF_FILE = "${paths.supautilsConfigFile}"; PG_HBA = "${paths.pgHbaConfigFile}"; @@ -119,6 +124,7 @@ cp ${paths.supautilsConfigFile} $out/etc/postgresql-custom/supautils.conf || { echo "Failed to copy supautils.conf"; exit 1; } cp ${paths.pgconfigFile} $out/etc/postgresql/postgresql.conf || { echo "Failed to copy postgresql.conf"; exit 1; } cp ${paths.loggingConfigFile} $out/etc/postgresql-custom/logging.conf || { echo "Failed to copy logging.conf"; exit 1; } + cp ${paths.readReplicaConfigFile} $out/etc/postgresql-custom/read-replica.conf || { echo "Failed to copy read-replica.conf"; exit 1; } cp ${paths.pgHbaConfigFile} $out/etc/postgresql/pg_hba.conf || { echo "Failed to copy pg_hba.conf"; exit 1; } cp ${paths.pgIdentConfigFile} $out/etc/postgresql/pg_ident.conf || { echo "Failed to copy pg_ident.conf"; exit 1; } cp -r ${paths.postgresqlExtensionCustomScriptsPath}/* $out/extension-custom-scripts/ || { echo "Failed to copy custom scripts"; exit 1; } diff --git a/nix/tools/run-server.sh.in b/nix/tools/run-server.sh.in index cea0c572f..ea66b6f29 100644 --- a/nix/tools/run-server.sh.in +++ b/nix/tools/run-server.sh.in @@ -240,6 +240,7 @@ vault.getkey_script = '$PGSODIUM_GETKEY_SCRIPT'" \ -e "s|hba_file = '/etc/postgresql/pg_hba.conf'|hba_file = '$DATDIR/pg_hba.conf'|" \ -e "s|ident_file = '/etc/postgresql/pg_ident.conf'|ident_file = '$DATDIR/pg_ident.conf'|" \ -e "s|include = '/etc/postgresql/logging.conf'|#&|" \ +-e "s|include = '/etc/postgresql-custom/read-replica.conf'|include = '$DATDIR/read-replica.conf'|" \ -e "\$a\\ session_preload_libraries = 'supautils'" \ -e "s|include_dir = '/etc/postgresql-custom/conf.d'|include_dir = '$DATDIR/conf.d'|" \ From 992dd315b4390766cf670f6ae44354cb6f159d1e Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 12:04:55 -0500 Subject: [PATCH 03/11] revert: revert PR 1965 --- Dockerfile-15 | 3 ++- Dockerfile-17 | 3 ++- Dockerfile-orioledb-17 | 3 ++- .../{conf.d/wal-g.conf => custom_walg.conf} | 1 + .../files/postgresql_config/postgresql.conf.j2 | 12 ++++++++++-- ansible/tasks/setup-wal-g.yml | 15 +++++++++++++++ 6 files changed, 32 insertions(+), 5 deletions(-) rename ansible/files/postgresql_config/{conf.d/wal-g.conf => custom_walg.conf} (95%) diff --git a/Dockerfile-15 b/Dockerfile-15 index 0856659f4..7ef96c087 100644 --- a/Dockerfile-15 +++ b/Dockerfile-15 @@ -214,6 +214,7 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh +COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf /etc/postgresql-custom/wal-g.conf COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf /etc/postgresql-custom/read-replica.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh @@ -222,7 +223,7 @@ RUN sed -i \ -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ - /etc/postgresql/postgresql.conf && \ + -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \ echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ usermod -aG postgres wal-g && \ diff --git a/Dockerfile-17 b/Dockerfile-17 index eee4f233d..1334f0744 100644 --- a/Dockerfile-17 +++ b/Dockerfile-17 @@ -218,6 +218,7 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh +COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf /etc/postgresql-custom/wal-g.conf COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf /etc/postgresql-custom/read-replica.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh @@ -226,7 +227,7 @@ RUN sed -i \ -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ - /etc/postgresql/postgresql.conf && \ + -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \ echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ usermod -aG postgres wal-g && \ diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17 index 0e36d6f92..65f631604 100644 --- a/Dockerfile-orioledb-17 +++ b/Dockerfile-orioledb-17 @@ -218,6 +218,7 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh +COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf /etc/postgresql-custom/wal-g.conf COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf /etc/postgresql-custom/read-replica.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh @@ -226,7 +227,7 @@ RUN sed -i \ -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ - /etc/postgresql/postgresql.conf && \ + -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \ echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ usermod -aG postgres wal-g && \ diff --git a/ansible/files/postgresql_config/conf.d/wal-g.conf b/ansible/files/postgresql_config/custom_walg.conf similarity index 95% rename from ansible/files/postgresql_config/conf.d/wal-g.conf rename to ansible/files/postgresql_config/custom_walg.conf index 99d315507..60cf10b86 100644 --- a/ansible/files/postgresql_config/conf.d/wal-g.conf +++ b/ansible/files/postgresql_config/custom_walg.conf @@ -1,5 +1,6 @@ # - Archiving - +#archivce_mode = on #archive_command = '/usr/bin/admin-mgr wal-push %p >> /var/log/wal-g/wal-push.log 2>&1' #archive_timeout = 120 diff --git a/ansible/files/postgresql_config/postgresql.conf.j2 b/ansible/files/postgresql_config/postgresql.conf.j2 index 1dd371012..948135ef1 100644 --- a/ansible/files/postgresql_config/postgresql.conf.j2 +++ b/ansible/files/postgresql_config/postgresql.conf.j2 @@ -242,8 +242,8 @@ checkpoint_flush_after = 256kB # measured in pages, 0 disables # - Archiving - -archive_mode = on # enables archiving; off, on, or always (change requires restart) -archive_command = '/bin/true' # command to use to archive a logfile segment +#archive_mode = off # enables archiving; off, on, or always (change requires restart) +#archive_command = '' # command to use to archive a logfile segment # placeholders: %p = path of file to archive # %f = file name only # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' @@ -752,6 +752,14 @@ jit_provider = 'llvmjit' # JIT library to use #include_if_exists = '...' # include file only if it exists #include = '...' # include file +# Automatically generated optimizations +#include = '/etc/postgresql-custom/generated-optimizations.conf' +# User-supplied custom parameters, override any automatically generated ones +#include = '/etc/postgresql-custom/custom-overrides.conf' + +# WAL-G specific configurations +#include = '/etc/postgresql-custom/wal-g.conf' + # read replica specific configurations include = '/etc/postgresql-custom/read-replica.conf' diff --git a/ansible/tasks/setup-wal-g.yml b/ansible/tasks/setup-wal-g.yml index 023b6c876..2ba35922b 100644 --- a/ansible/tasks/setup-wal-g.yml +++ b/ansible/tasks/setup-wal-g.yml @@ -54,6 +54,14 @@ path: '/etc/wal-g/config.json' state: 'touch' + - name: Move custom wal-g.conf file to /etc/postgresql-custom/wal-g.conf + ansible.builtin.template: + dest: '/etc/postgresql-custom/wal-g.conf' + group: 'postgres' + mode: '0664' + owner: 'postgres' + src: 'files/postgresql_config/custom_walg.conf' + - name: Add script to be run for restore_command ansible.builtin.template: dest: '/home/postgres/wal_fetch.sh' @@ -69,6 +77,13 @@ owner: 'root' src: 'files/walg_helper_scripts/wal_change_ownership.sh' + - name: Include /etc/postgresql-custom/wal-g.conf in postgresql.conf + ansible.builtin.replace: + path: '/etc/postgresql/postgresql.conf' + regexp: "#include = '/etc/postgresql-custom/wal-g.conf'" + replace: "include = '/etc/postgresql-custom/wal-g.conf'" + become: true + - name: Move custom wal-g.conf file to /etc/postgresql-custom/conf.d/wal-g.conf ansible.builtin.copy: dest: '/etc/postgresql-custom/conf.d/wal-g.conf' From 8f22527eacea11246ef84fb11b61813044359d53 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 13:03:22 -0500 Subject: [PATCH 04/11] fix: forgot to bump versions --- ansible/tasks/setup-wal-g.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/tasks/setup-wal-g.yml b/ansible/tasks/setup-wal-g.yml index 2ba35922b..f782b85b0 100644 --- a/ansible/tasks/setup-wal-g.yml +++ b/ansible/tasks/setup-wal-g.yml @@ -84,13 +84,13 @@ replace: "include = '/etc/postgresql-custom/wal-g.conf'" become: true - - name: Move custom wal-g.conf file to /etc/postgresql-custom/conf.d/wal-g.conf + - name: Move custom wal-g.conf file to /etc/postgresql-custom/wal-g.conf ansible.builtin.copy: - dest: '/etc/postgresql-custom/conf.d/wal-g.conf' + dest: '/etc/postgresql-custom/wal-g.conf' group: 'postgres' mode: '0664' owner: 'postgres' - src: 'files/postgresql_config/conf.d/wal-g.conf' + src: 'files/postgresql_config/custom_walg.conf' - name: Create symlink for admin-mgr compatibility ansible.builtin.file: From c7a23f54d02da8dfc7cc0db4d6a6097784f6212f Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 14:01:25 -0500 Subject: [PATCH 05/11] fix: symlink is no longer needed --- ansible/tasks/setup-wal-g.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ansible/tasks/setup-wal-g.yml b/ansible/tasks/setup-wal-g.yml index f782b85b0..0d923cd05 100644 --- a/ansible/tasks/setup-wal-g.yml +++ b/ansible/tasks/setup-wal-g.yml @@ -92,10 +92,10 @@ owner: 'postgres' src: 'files/postgresql_config/custom_walg.conf' - - name: Create symlink for admin-mgr compatibility - ansible.builtin.file: - src: '/etc/postgresql-custom/conf.d/wal-g.conf' - dest: '/etc/postgresql-custom/wal-g.conf' - state: 'link' - owner: 'postgres' - group: 'postgres' + # - name: Create symlink for admin-mgr compatibility + # ansible.builtin.file: + # src: '/etc/postgresql-custom/conf.d/wal-g.conf' + # dest: '/etc/postgresql-custom/wal-g.conf' + # state: 'link' + # owner: 'postgres' + # group: 'postgres' From 7ac0cb8fb7ff3615fe68efb66147187f25737e78 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 14:51:58 -0500 Subject: [PATCH 06/11] fix: missed a generated-optimizations instance --- Dockerfile-orioledb-17 | 6 +++--- ansible/files/database-optimizations.service | 2 +- ansible/files/postgres_prestart.sh.j2 | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17 index 65f631604..78072e03c 100644 --- a/Dockerfile-orioledb-17 +++ b/Dockerfile-orioledb-17 @@ -234,9 +234,9 @@ RUN sed -i \ chown -R postgres:postgres /etc/postgresql-custom # Remove items from postgresql.conf -RUN sed -i 's/ timescaledb,//g;' "/etc/postgresql/postgresql.conf" - # As of pg 16.4+ db_user_namespace is totally deprecated and will break the server if setting is present -RUN sed -i 's/db_user_namespace = off/#db_user_namespace = off/g;' "/etc/postgresql/postgresql.conf" +RUN sed -i 's/ timescaledb,//g;' "/etc/postgresql/postgresql.conf" + #as of pg 16.4 + this db_user_namespace totally deprecated and will break the server if setting is present +RUN sed -i 's/db_user_namespace = off/#db_user_namespace = off/g;' "/etc/postgresql/postgresql.conf" RUN sed -i 's/ timescaledb,//g; s/ plv8,//g; s/ postgis,//g; s/ pgrouting,//g' "/etc/postgresql-custom/supautils.conf" RUN sed -i 's/\(shared_preload_libraries.*\)'\''\(.*\)$/\1, orioledb'\''\2/' "/etc/postgresql/postgresql.conf" RUN echo "default_table_access_method = 'orioledb'" >> "/etc/postgresql/postgresql.conf" diff --git a/ansible/files/database-optimizations.service b/ansible/files/database-optimizations.service index 23b99464e..9f55f42c4 100644 --- a/ansible/files/database-optimizations.service +++ b/ansible/files/database-optimizations.service @@ -4,7 +4,7 @@ Description=Postgresql optimizations [Service] Type=oneshot # we do not want failures from these commands to cause downstream service startup to fail -ExecStart=-/opt/supabase-admin-api optimize db --destination-config-file-path /etc/postgresql-custom/conf.d/generated_optimizations.conf +ExecStart=-/opt/supabase-admin-api optimize db --destination-config-file-path /etc/postgresql-custom/conf.d/generated-optimizations.conf ExecStart=-/opt/supabase-admin-api optimize pgbouncer --destination-config-file-path /etc/pgbouncer-custom/generated-optimizations.ini User=adminapi diff --git a/ansible/files/postgres_prestart.sh.j2 b/ansible/files/postgres_prestart.sh.j2 index 7e3c61d15..df555c87e 100644 --- a/ansible/files/postgres_prestart.sh.j2 +++ b/ansible/files/postgres_prestart.sh.j2 @@ -15,7 +15,7 @@ check_orioledb_enabled() { } get_shared_buffers() { - local opt_conf="/etc/postgresql-custom/conf.d/generated-optimizations.conf" + local opt_conf="/etc/postgresql-custom/generated-optimizations.conf" if [ ! -f "$opt_conf" ]; then return 0 fi From a59daca85389573ba9e6907a2b37d38dfcb466ee Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 15:47:07 -0500 Subject: [PATCH 07/11] fix: update the supascan config --- audit-specs/baselines/ami-build/files-postgres-config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/audit-specs/baselines/ami-build/files-postgres-config.yml b/audit-specs/baselines/ami-build/files-postgres-config.yml index d3c4ba1c9..a8262d963 100644 --- a/audit-specs/baselines/ami-build/files-postgres-config.yml +++ b/audit-specs/baselines/ami-build/files-postgres-config.yml @@ -55,13 +55,13 @@ file: owner: postgres group: postgres mode: '0775' - /etc/postgresql-custom/conf.d/wal-g.conf: + /etc/postgresql-custom/wal-g.conf: exists: true filetype: file owner: postgres group: postgres mode: '0664' - /etc/postgresql-custom/conf.d/read_replica.conf: + /etc/postgresql-custom/read_replica.conf: exists: true filetype: file owner: postgres From 256d11aa5061f724d7db4cba042bcd4ec56a73f8 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 16:04:00 -0500 Subject: [PATCH 08/11] fix: it is read-replica not read_replica --- audit-specs/baselines/ami-build/files-postgres-config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audit-specs/baselines/ami-build/files-postgres-config.yml b/audit-specs/baselines/ami-build/files-postgres-config.yml index a8262d963..3b42dff24 100644 --- a/audit-specs/baselines/ami-build/files-postgres-config.yml +++ b/audit-specs/baselines/ami-build/files-postgres-config.yml @@ -61,7 +61,7 @@ file: owner: postgres group: postgres mode: '0664' - /etc/postgresql-custom/read_replica.conf: + /etc/postgresql-custom/read-replica.conf: exists: true filetype: file owner: postgres From bfecf2cccc7d89d8dbabb74f2cc48d50a7d4f50b Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 17 Dec 2025 16:54:16 -0500 Subject: [PATCH 09/11] fix: missed this one --- ansible/files/pgbouncer_config/pgbouncer.service.j2 | 4 ++-- audit-specs/baselines/baseline.yml | 2 +- .../baselines/prod-deployed/files-systemd-deployed.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/files/pgbouncer_config/pgbouncer.service.j2 b/ansible/files/pgbouncer_config/pgbouncer.service.j2 index 78dcc8d83..7fcc9acbe 100644 --- a/ansible/files/pgbouncer_config/pgbouncer.service.j2 +++ b/ansible/files/pgbouncer_config/pgbouncer.service.j2 @@ -4,8 +4,8 @@ Documentation=man:pgbouncer(1) Documentation=https://www.pgbouncer.org/ After=network.target {% if supabase_internal is defined %} -Requires=database_optimizations.service -After=database_optimizations.service +Requires=database-optimizations.service +After=database-optimizations.service {% endif %} [Service] diff --git a/audit-specs/baselines/baseline.yml b/audit-specs/baselines/baseline.yml index d50831b6f..0c7810c62 100644 --- a/audit-specs/baselines/baseline.yml +++ b/audit-specs/baselines/baseline.yml @@ -5461,7 +5461,7 @@ file: owner: "0" group: "0" filetype: file - /etc/systemd/system/database_optimizations.service: + /etc/systemd/system/database-optimizations.service: exists: true mode: "0644" owner: "0" diff --git a/audit-specs/baselines/prod-deployed/files-systemd-deployed.yml b/audit-specs/baselines/prod-deployed/files-systemd-deployed.yml index 1d12a871f..a01cc5f04 100644 --- a/audit-specs/baselines/prod-deployed/files-systemd-deployed.yml +++ b/audit-specs/baselines/prod-deployed/files-systemd-deployed.yml @@ -55,7 +55,7 @@ file: group: '0' mode: '0644' owner: '0' - /etc/systemd/system/database_optimizations.service: + /etc/systemd/system/database-optimizations.service: exists: true filetype: file group: '0' From 478c23b310c020e781a75314178354cb46757ecb Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Thu, 18 Dec 2025 08:47:49 -0500 Subject: [PATCH 10/11] chore: spelling --- ansible/files/postgresql_config/custom_walg.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/files/postgresql_config/custom_walg.conf b/ansible/files/postgresql_config/custom_walg.conf index 60cf10b86..76ef1290e 100644 --- a/ansible/files/postgresql_config/custom_walg.conf +++ b/ansible/files/postgresql_config/custom_walg.conf @@ -1,6 +1,6 @@ # - Archiving - -#archivce_mode = on +#archive_mode = on #archive_command = '/usr/bin/admin-mgr wal-push %p >> /var/log/wal-g/wal-push.log 2>&1' #archive_timeout = 120 From 60e6a07428463c7b5b333bec4d645e7efb161fe3 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Mon, 26 Jan 2026 07:43:09 -0500 Subject: [PATCH 11/11] fix: hidden bug in tests where subprocess did not receive var --- nix/checks.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nix/checks.nix b/nix/checks.nix index 6e68c734e..c00cdd7b1 100644 --- a/nix/checks.nix +++ b/nix/checks.nix @@ -253,10 +253,10 @@ } # Start HTTP mock server for http extension tests - HTTP_MOCK_PORT_FILE="$BUILD_TMP/http-mock-port" + export HTTP_MOCK_PORT_FILE="$BUILD_TMP/http-mock-port" log info "Starting HTTP mock server (will find free port)..." - HTTP_MOCK_PORT_FILE="$HTTP_MOCK_PORT_FILE" log_cmd ${pkgs.python3}/bin/python3 ${./tests/http-mock-server.py} & + log_cmd ${pkgs.python3}/bin/python3 ${./tests/http-mock-server.py} & HTTP_MOCK_PID=$! # Clean up on exit