Skip to content

refactor(ansible): bring our ansible up to modern ansible-lint standards #1881

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 27 commits into from
Nov 5, 2025
Merged

refactor(ansible): bring our ansible up to modern ansible-lint standards #1881

Changes from all commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
fa85934
refactor(ansible): bring our ansible up to modern ansible-lint standards
hunleyd Oct 27, 2025
309d4fd
fix(stage2-setup-postgres): typo fixup
hunleyd Oct 27, 2025
f673e00
fix(stage2-setup-postgres): lazy eval means we trip over variable nam…
hunleyd Oct 27, 2025
113abe7
fix(stage2-setup-postgres): more playing w/ the variable evaluation
hunleyd Oct 27, 2025
b9ec118
fix(stage2-setup-postgres): fine, you win. we won't loop, and we'll d…
hunleyd Oct 27, 2025
f634b88
fix(stage2-setup-postgres): when moving stuff around it hekps to move…
hunleyd Oct 28, 2025
c22b0a3
fix(stage2-setup-postgres): not sure how i munged that path so badly.…
hunleyd Oct 28, 2025
cb12bb5
fix(stage2-setup-postgres): force overwriting
hunleyd Oct 28, 2025
8caec8b
fix(stage2-setup-postgres): stop making things harder and just symlin…
hunleyd Oct 28, 2025
ecaabda
fix(stage2-setup-postgres): nuke the dir so we can recreate it as a s…
hunleyd Oct 28, 2025
cbd5986
test(test-image): cat the pg conf file to stdout so i can see wtf is …
hunleyd Oct 28, 2025
fccdaaa
test(test-image): don't let nvim autocomplete conf to config, damnit
hunleyd Oct 28, 2025
ef92862
fix(stage2-setup-postgres): the replacement isn't a regex so don't tr…
hunleyd Oct 28, 2025
452bce8
test(test-image): remove my debug output s things are sorted out now
hunleyd Oct 28, 2025
7d2f6cb
Merge remote-tracking branch 'origin' into ansible_cleanups
hunleyd Oct 30, 2025
f0f2a64
refactor(ansible): bring our ansible up to modern ansible-lint standards
hunleyd Oct 30, 2025
49c832c
fix(test-image): remove errant double quote
hunleyd Oct 31, 2025
5099b3f
fix(test-image): typo fix
hunleyd Oct 31, 2025
5007446
Merge remote-tracking branch 'origin' into ansible_cleanups
hunleyd Oct 31, 2025
b5855ea
fix(test-image): le sigh. mandatory args are mandatory
hunleyd Oct 31, 2025
5e2ecf6
Merge branch 'develop' of github.com:supabase/postgres into ansible_c…
hunleyd Oct 31, 2025
1d1f7cc
fix(test-image): thinko. we should be looking for the regex to be rem…
hunleyd Oct 31, 2025
6531bed
fix(test-image): a double ** is a no-no, and removing it makes the 2 …
hunleyd Oct 31, 2025
3a7bb75
fix(test-image): community.postgresql needs psycopg2
hunleyd Nov 1, 2025
a8b6e31
fix(test-image): restart PG and then try resetting stats
hunleyd Nov 1, 2025
634978e
fix(test-image): put the reset task where it was and just skip pg_sta…
hunleyd Nov 1, 2025
210e997
Merge branch 'develop' into ansible_cleanups
hunleyd Nov 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
171 changes: 94 additions & 77 deletions ansible/tasks/test-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,87 +1,104 @@
# - name: Temporarily disable PG Sodium references in config
# become: yes
# become_user: postgres
# shell:
# cmd: sed -i.bak -e "s/pg_net,\ pgsodium,\ timescaledb/pg_net,\ timescaledb/g" -e "s/pgsodium.getkey_script=/#pgsodium.getkey_script=/g" /etc/postgresql/postgresql.conf
# when: debpkg_mode or stage2_nix
- name: Execute tasks when (debpkg_mode or stage2_nix)
when:
- (debpkg_mode or stage2_nix)
block:
- name: Make a backup of the /etc/postgresql/postgresql.conf file
ansible.builtin.copy:
dest: '/etc/postgresql/postgresql.conf.bak'
src: '/etc/postgresql/postgresql.conf'
become: true

- name: Temporarily disable PG Sodium and Supabase Vault references in config
become: yes
become_user: postgres
shell:
cmd: >
sed -i.bak
-e 's/\(shared_preload_libraries = '\''.*\)pgsodium,\(.*'\''\)/\1\2/'
-e 's/\(shared_preload_libraries = '\''.*\)supabase_vault,\(.*'\''\)/\1\2/'
-e 's/\(shared_preload_libraries = '\''.*\), *supabase_vault'\''/\1'\''/'
-e 's/pgsodium.getkey_script=/#pgsodium.getkey_script=/'
/etc/postgresql/postgresql.conf
when: debpkg_mode or stage2_nix
- name: Temporarily disable PG Sodium and Supabase Vault references in /etc/postgresql/postgresql.conf
ansible.builtin.replace:
path: '/etc/postgresql/postgresql.conf'
regexp: "{{ regx['in'] }}"
replace: "{{ regx['out'] }}"
become: true
become_user: 'postgres'
loop:
- { in: "^(shared_preload_libraries = '.*)pgsodium(.*')", out: '\1\2' }
- { in: "^(shared_preload_libraries = '.*)supabase_vault(.*')", out: '\1\2' }
- { in: "^(shared_preload_libraries = '.*)*supabase_vault(.*')", out: '\1\2' }
- { in: '^(pgsodium\.getkey_script=)', out: '#\1' }
loop_control:
loop_var: 'regx'

- name: Verify pgsodium and vault removal from config
become: yes
become_user: postgres
shell:
cmd: |
FOUND=$(grep -E "shared_preload_libraries.*pgsodium|shared_preload_libraries.*supabase_vault|^pgsodium\.getkey_script" /etc/postgresql/postgresql.conf)
if [ ! -z "$FOUND" ]; then
echo "Found unremoved references:"
echo "$FOUND"
exit 1
fi
register: verify_result
failed_when: verify_result.rc != 0
when: debpkg_mode or stage2_nix
- name: Make sure we disabled all the things
ansible.builtin.lineinfile:
path: '/etc/postgresql/postgresql.conf'
regexp: "{{ regx }}"
state: 'absent'
check_mode: true
failed_when:
- (pgconf is changed) or (pgconf is failed)
loop:
- "^shared_preload_libraries = '.*pgsodium.*'"
- "^shared_preload_libraries = '.*supabase_vault.*'"
- '^pgsodium\.getkey_script='
loop_control:
loop_var: 'regx'
register: 'pgconf'

- name: Start Postgres Database to load all extensions.
become: yes
become_user: postgres
shell:
ansible.builtin.command:
cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data start "-o -c config_file=/etc/postgresql/postgresql.conf"
when: debpkg_mode
become: true
become_user: 'postgres'
when:
- debpkg_mode

- name: Stop Postgres Database in stage 2
become: yes
become_user: postgres
shell: source /var/lib/postgresql/.bashrc && /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data stop
args:
executable: /bin/bash
environment:
LANG: en_US.UTF-8
LANGUAGE: en_US.UTF-8
LC_ALL: en_US.UTF-8
LC_CTYPE: en_US.UTF-8
LOCALE_ARCHIVE: /usr/lib/locale/locale-archive
when: stage2_nix
- name: Execute tasks when stage2_nix
when:
- stage2_nix
block:
- name: Restart Postgres Database in stage 2 to load all extensions
ansible.builtin.command:
cmd: "/usr/lib/postgresql/bin/pg_ctl --pgdata /var/lib/postgresql/data --mode fast --options '-c config_file=/etc/postgresql/postgresql.conf' {{ ctlcmd }}"
become: true
become_user: 'postgres'
environment:
LANG: 'en_US.UTF-8'
LANGUAGE: 'en_US.UTF-8'
LC_ALL: 'en_US.UTF-8'
LC_CTYPE: 'en_US.UTF-8'
LOCALE_ARCHIVE: '/usr/lib/locale/locale-archive'
loop:
- stop
- start
loop_control:
loop_var: 'ctlcmd'

- name: Start Postgres Database to load all extensions.
become: yes
become_user: postgres
shell: source /var/lib/postgresql/.bashrc && /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data start "-o -c config_file=/etc/postgresql/postgresql.conf"
args:
executable: /bin/bash
environment:
LANG: en_US.UTF-8
LANGUAGE: en_US.UTF-8
LC_ALL: en_US.UTF-8
LC_CTYPE: en_US.UTF-8
LOCALE_ARCHIVE: /usr/lib/locale/locale-archive
when: stage2_nix
- name: Execute tasks when (debpkg_mode or stage2_nix)
when:
- (debpkg_mode or stage2_nix)
block:
- name: Re-enable PG Sodium references in /etc/postgresql/postgresql.conf
ansible.builtin.command:
cmd: mv /etc/postgresql/postgresql.conf.bak /etc/postgresql/postgresql.conf
become: true
become_user: 'postgres'

- name: Re-enable PG Sodium references in config
become: yes
become_user: postgres
shell:
cmd: mv /etc/postgresql/postgresql.conf.bak /etc/postgresql/postgresql.conf
when: debpkg_mode or stage2_nix
- name: Install psycopg2
ansible.builtin.apt:
name: 'python3-psycopg2'
state: 'present'
update_cache: true
become: true

- name: Reset db stats
shell: /usr/lib/postgresql/bin/psql --no-password --no-psqlrc -d postgres -h localhost -U supabase_admin -c 'SELECT pg_stat_statements_reset(); SELECT pg_stat_reset();'
when: debpkg_mode or stage2_nix
- name: Reset db stats
community.postgresql.postgresql_query:
login_db: 'postgres'
login_host: 'localhost'
login_user: 'supabase_admin'
query: "{{ stat_item }}"
loop:
# - 'SELECT pg_stat_statements_reset()'
- 'SELECT pg_stat_reset()'
loop_control:
loop_var: 'stat_item'

- name: Stop Postgres Database
become: yes
become_user: postgres
shell:
cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data stop
when: debpkg_mode or stage2_nix
- name: Restart Postgres Database in stage 2 to load all extensions
ansible.builtin.command:
cmd: /usr/lib/postgresql/bin/pg_ctl --pgdata /var/lib/postgresql/data --mode fast --options '-c config_file=/etc/postgresql/postgresql.conf' stop
become: true
become_user: 'postgres'