Release/v23.34 #187
Merged
Release/v23.34 #187
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When taking a first barman backup from a replica, we force a switch to a new WAL segment. If we do this too quickly after starting the backup, then barman will still be backing up the data files and will need the new WAL segment as well as the old one. So after asking for the backup, we check on its status and wait for it to reach WAITING_FOR_WALS before we force the switch. Because a backup from a replica might still have to wait for the next barman-cron run to have the WAL moved into the correct directory, the default backup_wait_timeout is increased to 90 seconds on a replica. Fixes: TPA-719
Bumps [pipdeptree](https://github.com/tox-dev/pipdeptree) from 2.22.0 to 2.23.0. - [Release notes](https://github.com/tox-dev/pipdeptree/releases) - [Commits](tox-dev/pipdeptree@2.22.0...2.23.0) --- updated-dependencies: - dependency-name: pipdeptree dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [black](https://github.com/psf/black) from 24.2.0 to 24.3.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](psf/black@24.2.0...24.3.0) --- updated-dependencies: - dependency-name: black dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pylint](https://github.com/pylint-dev/pylint) from 3.2.3 to 3.2.5. - [Release notes](https://github.com/pylint-dev/pylint/releases) - [Commits](pylint-dev/pylint@v3.2.3...v3.2.5) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
The current primary is determined from EFM to set the 'upstream_primary' fact. This allows for the EFM cluster properties file to be correctly configured for each node after the primary is changed (via the switchover command)
This ensures the block is executed on a primary and/or replica node
tpaexec switchover now sets EFM properties settings based on target. tpaexec deploy now runs tasks to determine upstream_primary in properties.yml
Symbolic link for efm.properties.j2 template file under switchover points to original in config/templates using a relative path
Was switched to false for visibility during development Co-authored-by: Jonathan Renon <98327055+JonathanRenon-EDB@users.noreply.github.com>
All EBS volumes are automatically replicated across different servers so using RAID on top of EBS volumes is redundant. Further information at: https://docs.aws.amazon.com/ebs/latest/userguide/raid-config.html References: TPA-13 Co-authored-by: Jonathan Renon <98327055+JonathanRenon-EDB@users.noreply.github.com>
Bumps [pyfakefs](https://github.com/pytest-dev/pyfakefs) from 5.5.0 to 5.6.0. - [Release notes](https://github.com/pytest-dev/pyfakefs/releases) - [Changelog](https://github.com/pytest-dev/pyfakefs/blob/main/CHANGES.md) - [Commits](pytest-dev/pyfakefs@v5.5.0...v5.6.0) --- updated-dependencies: - dependency-name: pyfakefs dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [zipp](https://github.com/jaraco/zipp) from 3.17.0 to 3.19.1. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](jaraco/zipp@v3.17.0...v3.19.1) --- updated-dependencies: - dependency-name: zipp dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Add conditional logic to set parameters if node is pem-server or not.
Added text to explicitly tell the user that TPA is setting the auto.allow.hosts and stable.nodes.file properties to true so that agents can join the cluster without a separate step needed. Also removed some example properties that might not have been good options (see below). To have some example properties, I've added the property that limits notifications to only warnings and above to cut down on noise, and ping.serverp that a user should ideally (but not necessarily) set to some WKA in their environment. In case anyone is curious, this is why I've removed these properties: - standby.restart.delay: This would add a delay to restarting every standby after a promotion, which just makes failovers take longer. I'm not convinced there's any *good* use case for this property, but the use case that prompted it was a customer with twenty standbys in a cluster and they didn't want them all restarted at the same time after a promotion. - application.name: This property only makes sense when standbys use an application name in primary_conninfo, which isn't set up by default by TPA. If standbys are using it, this property only makes sense when the nodes use different names. By setting it here, any node that used to be a primary will have application_name set during a switchover, leading to a confusing mix of some standbys with the specified name and some without. - reconfigure.sync.primary: It's generally bad to take the cluster out of synchronous mode without a good reason, so it's probably best not to suggest it. - reconfigure.num.sync and reconfigure.num.sync.max: It's fine to use these, but they only make sense when there is more than one standby (and a max value of less than two doesn't make sense because the lowest it can be is one).
Two fixes to cgroup detection: - on MacOSX, there is no /proc/mounts so we mustn't try to grep it - on some older systems (reported on Ubuntu 20.04), /sys/fs/cgroup can be mounted ro but have filesystems under it mounted rw, so we need a slightly more complicated regex to check for it. Fixes: TPA-760
Remove EOL OSes, update pg versions for compatible architectures for default and simple integration tests.
ensure build-requirements are updated along the other requirement files. References: TPA-765
Bumps [pipdeptree](https://github.com/tox-dev/pipdeptree) from 2.23.0 to 2.23.1. - [Release notes](https://github.com/tox-dev/pipdeptree/releases) - [Commits](tox-dev/pipdeptree@2.23.0...2.23.1) --- updated-dependencies: - dependency-name: pipdeptree dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Without this change, our integration tests fail with: "Architecture error: TPA does not support Patroni with multiple locations" References: TPA-699
Now that `create-or-update-comment` exists in `repo-actions`, we can use that action to maintain a “pinned” comment in each PR that is opened against the TPA repository. So far we have been running the `validate_relnotes.yml` workflow only on `opened`/`reopened` PR events to avoid flooding the PRs with comments as the current implementation appends a comment each time it is run. Besides that, we were avoiding to mark the run as "failed" in Actions because the workflow would be triggered only on `opened`/`reopened` events, and that would prevent the PR from being merged because of failed checks. With this commit we intend to use the `create-or-update-comment` action to create a comment when the PR is opened, and keep updating the comment when the PR is synchronized or reopened. That behavior also allows us to mark the workflow run as a failed check if we hit either of these situations: * Invalid release notes files are found in the folder; * Unexpected files are found in the folder. We still avoid failing when the PR introduces no release notes files because some PRs are non-customer facing changes, so wouldn't require a release note. Signed-off-by: Israel Barth Rubio <israel.barth@enterprisedb.com>
Use postgres_port when trying to register a witness node in repmgr via repmgr witness register command. Add relnote References: TPA-772 Signed-off-by: Nick Ivanov <nick.ivanov@enterprisedb.com>
Add relnote References: TPA-768
099f65d added support for accepting repmgr as a valid option for failover_manager for PGD clusters with the limited use that allows installation of repmgr and subsequent configuration when HA setup is required for a subscriber-only node. This however didn't work as intended for clusters using PGD version 5+. This change intends to fix just that. References: TPA-767 Signed-off-by: Muhammad Haroon <muhammad.haroon@enterprisedb.com>
Add to the list of field we query when checking the actual pgd proxy config in tpaexec test comand.
Github's handling of output was masking the actual exit code of tpaexec test command inside the action step. this fix saves the value of the actual tpaexec test exit code and use it as the global exit code for the action step.
…ort changed: true.
Add the option to use hostnames instead of ip addresses when configuring efm cluster. `--efm-bind-by-hostname` defaults to false when omitted. Ensure that the option is only available for M1 + efm clusters. Set the `bind.address` entry to use the hostname of the node instead of ip address. Set the .nodes file for efm to use hostnames. Add doc entry for the option. Add relnote entry. Black formatting References: TPA-758
After generating new config, we must flush handlers to ensure that we later restart postgres (if required); if we leave it for the flush to happen later, the outstanding handlers can be forgotten. Fixes: TPA-781
The efm-pre-config hook runs after efm has been installed and its configuration directory and user have been created, but before its configuration is generated. It can be used to install efm helper scripts. It runs from inside the efm/config role because the user is created as part of the role and it is useful for the user to already exist when installing scripts from the hook. Fixes: TPA-791
This commit enables PostgreSQL to use a root CA and certificate authentication. Also pgbouncer is configured to use cert authentication when `pgbouncer_use_cert_authentication` is set to true in cluster_vars. References: TPA-650
dependabot can now traverse directories and automatically detect the different sub directories it might encounter whilst it's walking through them. Further information at: https://github.blog/changelog/2024-06-25-simplified-dependabot-yml-configuration-with-multi-directory-key-directories-and-wildcard-glob-support/ References: TPA-769
The new plugin "tpa" writes task output to stdout, writing only one line for each task. Each task name is followed by three colour-coded numbers: a green one showing how many hosts successfully executed the task, a blue one showing how many hosts skipped the task, and a pink one showing how many hosts failed to run the task, if the task is marked with "ignore_errors: true". Tasks are indented according to include levels. If you set the TPA_STANDARD_OUTPUT environment variable to a truthy value, or set the standard_plugin option in ansible.cfg, or use -v on the command line, the TPA output plugin will behave just like the default one. This effectively enables ad-hoc flipping between the two output styles. References: TPA-778, TPA-673
Previously, EFM was queried for the current primary on a deploy after a switchover. If EFM is not running, this will fail. Now the cluster_facts collected through Postgres are used to determine the current primary after a switchover, removing the dependency on EFM.
Legacy 2ndQuadrant repositories are no longer supported. All new clusters configured and deployed with the recent versions of TPA default to using EDB Repos 2.0 and therefore it is only fair that docs reflect the same. References: TPA-726
Signed-off-by: Muhammad Haroon <muhammad.haroon@enterprisedb.com>
The Ansible default is to use a proxy, if defined. This does not work in the (rather common) case of an airgapped environment that needs a proxy to download packages from the internet, because the proxy also intercepts (and disrupts) calls to the Patroni API. This commit changes the default behaviour, but I cannot think of any scenario where the former behaviour could be useful; hence I did not implement a user parameter to override it. Should we ever need it, we can introduce it at a later point in time. References: TPA-790 Signed-off-by: Gianni Ciolli <gianni.ciolli@enterprisedb.com>
References: TPA-769
Adding the ppc64le file with arch specific hashes.
PR submitted by the update-requirements GH action.
requirements-ppc64le.txt.cryptography.version:42.0.8 could not be matched in the new requirement files.
requirements-ppc64le.txt.cryptography.hash_set:{'8fb57023a4416678c09f4f547f108363cd9ecfc4781fc8e6ccf64a2ac30a6bee'} could not be matched in the new requirement files.
requirements-ppc64le.txt.markupsafe.hash_set:{'9ba81866a78622e383f48a82bc70e7c6835b8a514ce9047bbb873d022df98aa5'} could not be matched in the new requirement files.
requirements-ppc64le.txt.psutil.version:5.9.8 could not be matched in the new requirement files.
requirements-ppc64le.txt.psutil.hash_set:{'42f94b3539dbcca65ca7510a568f17e1abc2008111e01a3961dc87e0d978443f'} could not be matched in the new requirement files.
requirements-ppc64le.txt.pyyaml.hash_set:{'a56cbdb91d2413864b72f551376b902191f5bb9cf3881b01944c771e04fe72dc'} could not be matched in the new requirement files.
requirements-arm64.txt.psutil.version:5.9.8 could not be matched in the new requirement files.
requirements-arm64.txt.psutil.hash_set:{'aaea6ba26520aae0e7a8bd9bbcd28678579e6c1a66a4de7a7ad3a31dda5cf277'} could not be matched in the new requirement files.
Triggered by PR#<no value> at ref refs/heads/dev/ppc64le-missing being merged into
main.
pyyaml and markupsafe didn't change version but the current state of the action and pip-compile make this necessary for ARM and PPC deps.
This file was required because upstream wasn't building a wheel for that architecture. That has changed a few weeks ago and upstream added ARM64 to its building/release process.
Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.2.2 to 8.3.2. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@8.2.2...8.3.2) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [jq](https://github.com/mwilliamson/jq.py) from 1.7.0 to 1.8.0. - [Changelog](https://github.com/mwilliamson/jq.py/blob/master/CHANGELOG.rst) - [Commits](mwilliamson/jq.py@1.7.0...1.8.0) --- updated-dependencies: - dependency-name: jq dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
In PEM 9.7.0 httpd is no longer a package dep so we need to install it Install correct mod_wsgi version for OS Add mod_ssl package to list of pem_server_webserver_packages Add release note
Also, adding some cosmetic changes that help readability of the code when default values are being used. Related: TPA-650
Working directory is now 'release_notes', no longer 'relnotes'.
JonathanRenon-EDB
approved these changes
Aug 27, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.