diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 97b0cd78f..2ce4141cb 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -34,7 +34,7 @@ tags: - install-pgbouncer - install-supabase-internal - when: debpkg_mode or nixpkg_mode + when: debpkg_mode or nixpkg_mode or stage2_nix - name: Install WAL-G import_tasks: tasks/setup-wal-g.yml diff --git a/ansible/tasks/setup-pgbouncer.yml b/ansible/tasks/setup-pgbouncer.yml index a796f98d1..06925c6ad 100644 --- a/ansible/tasks/setup-pgbouncer.yml +++ b/ansible/tasks/setup-pgbouncer.yml @@ -7,6 +7,8 @@ - libssl-dev - libsystemd-dev - pkg-config + - pandoc + - python3 update_cache: true - name: PgBouncer - download latest release @@ -75,6 +77,7 @@ - 'custom-overrides.ini' - 'generated-optimizations.ini' - 'ssl-config.ini' + when: nixpkg_mode - name: PgBouncer - adjust pgbouncer.ini ansible.builtin.copy: diff --git a/ansible/vars.yml b/ansible/vars.yml index c72e5b1ba..67e33a634 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -15,8 +15,8 @@ postgres_release: postgres15: "15.14.1.064" # Non Postgres Extensions -pgbouncer_release: 1.19.0 -pgbouncer_release_checksum: sha256:af0b05e97d0e1fd9ad45fe00ea6d2a934c63075f67f7e2ccef2ca59e3d8ce682 +pgbouncer_release: 1.25.1 +pgbouncer_release_checksum: sha256:6e566ae92fe3ef7f6a1b9e26d6049f7d7ca39c40e29e7b38f6d5500ae15d8465 # The checksum can be found under "Assets", in the GitHub release page for each version. # The binaries used are: ubuntu-aarch64 and linux-static. diff --git a/nix/packages/default.nix b/nix/packages/default.nix index 6c9993bc9..589eb3f16 100644 --- a/nix/packages/default.nix +++ b/nix/packages/default.nix @@ -38,6 +38,7 @@ cleanup-ami = pkgs.callPackage ./cleanup-ami.nix { }; dbmate-tool = pkgs.callPackage ./dbmate-tool.nix { inherit (self.supabase) defaults; }; docs = pkgs.callPackage ./docs.nix { }; + pgbouncer = pkgs.callPackage ../pgbouncer.nix { }; github-matrix = pkgs.callPackage ./github-matrix { nix-eval-jobs = inputs'.nix-eval-jobs.packages.default; }; diff --git a/nix/pgbouncer.nix b/nix/pgbouncer.nix new file mode 100644 index 000000000..26a1cce4e --- /dev/null +++ b/nix/pgbouncer.nix @@ -0,0 +1,52 @@ +{ + lib, + stdenv, + fetchurl, + openssl, + libevent, + c-ares, + pkg-config, + systemd, + nixosTests, + pandoc, + python3, +}: + +stdenv.mkDerivation rec { + pname = "pgbouncer"; + version = "1.25.1"; + + src = fetchurl { + url = "https://www.pgbouncer.org/downloads/files/${version}/${pname}-${version}.tar.gz"; + hash = "sha256-blZq6S/j739qG54m1gSffXyjnEDinns49tVQCuFdhGU="; + }; + + nativeBuildInputs = [ + pkg-config + pandoc + python3 + ]; + buildInputs = [ + libevent + openssl + c-ares + ] ++ lib.optional stdenv.hostPlatform.isLinux systemd; + enableParallelBuilding = true; + configureFlags = lib.optional stdenv.hostPlatform.isLinux "--with-systemd"; + + passthru.tests = { + pgbouncer = nixosTests.pgbouncer; + }; + + meta = with lib; { + homepage = "https://www.pgbouncer.org/"; + mainProgram = "pgbouncer"; + description = "Lightweight connection pooler for PostgreSQL"; + changelog = "https://github.com/pgbouncer/pgbouncer/releases/tag/pgbouncer_${ + replaceStrings [ "." ] [ "_" ] version + }"; + license = licenses.isc; + maintainers = with maintainers; [ _1000101 ]; + platforms = platforms.all; + }; +} diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py index ceed6c763..c69a89989 100644 --- a/testinfra/test_ami_nix.py +++ b/testinfra/test_ami_nix.py @@ -145,6 +145,34 @@ anon_key = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFhYWFhYWFhYWFhYWFhYWFhYWFhIiwicm9sZSI6ImFub24iLCJpYXQiOjE2OTYyMjQ5NjYsImV4cCI6MjAxMTgwMDk2Nn0.QW95aRPA-4QuLzuvaIeeoFKlJP9J2hvAIpJ3WJ6G5zo" service_role_key = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFhYWFhYWFhYWFhYWFhYWFhYWFhIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY5NjIyNDk2NiwiZXhwIjoyMDExODAwOTY2fQ.Om7yqv15gC3mLGitBmvFRB3M4IsLsX9fXzTQnFM7lu0" supabase_admin_key = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFhYWFhYWFhYWFhYWFhYWFhYWFhIiwicm9sZSI6InN1cGFiYXNlX2FkbWluIiwiaWF0IjoxNjk2MjI0OTY2LCJleHAiOjIwMTE4MDA5NjZ9.jrD3j2rBWiIx0vhVZzd1CXFv7qkAP392nBMadvXxk1c" + + +def load_expected_pgbouncer_version() -> str: + repo_root = Path(__file__).resolve().parent.parent + ansible_vars = repo_root / "ansible" / "vars.yml" + if ansible_vars.exists(): + with ansible_vars.open() as f: + for raw_line in f: + line = raw_line.strip() + if line.startswith("pgbouncer_release:"): + return line.split(":", 1)[1].strip().strip('"') + + nix_file = repo_root / "nix" / "pgbouncer.nix" + if nix_file.exists(): + with nix_file.open() as f: + for raw_line in f: + line = raw_line.strip() + if line.startswith("version ="): + value = line.split("=", 1)[1].strip() + return value.strip(";").strip('"') + + raise RuntimeError( + "Could not determine expected PgBouncer version from configuration files" + ) + + +EXPECTED_PGBOUNCER_VERSION = load_expected_pgbouncer_version() +PGBOUNCER_BINARY = "/nix/var/nix/profiles/per-user/pgbouncer/profile/bin/pgbouncer" init_json_content = f""" {{ "jwt_secret": "my_jwt_secret_which_is_not_so_secret", @@ -200,7 +228,7 @@ def get_ssh_connection(instance_ip, ssh_identity_file, max_retries=10): else: raise Exception("SSH test command failed") - except Exception as e: + except Exception: if attempt == max_retries - 1: raise logger.warning(