diff --git a/.gitignore b/.gitignore index 35c08cca..fecb81e8 100644 --- a/.gitignore +++ b/.gitignore @@ -39,3 +39,5 @@ next-env.d.ts dbs/ tls/ dist/ + +.env \ No newline at end of file diff --git a/apps/certbot-service/.env.example b/apps/certbot-service/.env.example new file mode 100644 index 00000000..b913d9e0 --- /dev/null +++ b/apps/certbot-service/.env.example @@ -0,0 +1,9 @@ +CERTBOT_DOMAIN=db.postgres.new +CERTBOT_EMAIL= +CLOUDFLARE_API_TOKEN= +AWS_ACCESS_KEY_ID=minioadmin +AWS_ENDPOINT_URL_S3=http://minio:9000 +AWS_REGION=us-east-1 +AWS_SECRET_ACCESS_KEY=minioadmin +BUCKET_NAME=test +S3FS_MOUNT=/mnt/s3 \ No newline at end of file diff --git a/apps/certbot-service/.gitignore b/apps/certbot-service/.gitignore new file mode 100644 index 00000000..2eea525d --- /dev/null +++ b/apps/certbot-service/.gitignore @@ -0,0 +1 @@ +.env \ No newline at end of file diff --git a/apps/certbot-service/Dockerfile b/apps/certbot-service/Dockerfile new file mode 100644 index 00000000..802aeb3e --- /dev/null +++ b/apps/certbot-service/Dockerfile @@ -0,0 +1,47 @@ +# syntax = docker/dockerfile:1 + +# Adjust CERTBOT_VERSION as desired +ARG CERTBOT_VERSION=2.11.0 +FROM certbot/dns-cloudflare:v${CERTBOT_VERSION} as base + +WORKDIR /app + +# Build S3FS +FROM base as build-s3fs + +# Install dependencies +RUN apk add --no-cache \ + git \ + build-base \ + automake \ + autoconf \ + libxml2-dev \ + fuse-dev \ + curl-dev + +RUN git clone https://github.com/s3fs-fuse/s3fs-fuse.git --branch v1.94 && \ + cd s3fs-fuse && \ + ./autogen.sh && \ + ./configure && \ + make && \ + make install + +# Final stage +FROM base + +# Install dependencies +RUN apk add --no-cache \ + bash \ + curl \ + fuse \ + libxml2 + +COPY --from=build-s3fs /usr/local/bin/s3fs /usr/local/bin/s3fs +COPY certbot.sh deploy-hook.sh entrypoint.sh /app/ + +RUN chmod +x certbot.sh +RUN chmod +x deploy-hook.sh + +ENTRYPOINT [ "./entrypoint.sh" ] + +CMD [ "./certbot.sh" ] diff --git a/apps/certbot-service/README.md b/apps/certbot-service/README.md new file mode 100644 index 00000000..d95254e5 --- /dev/null +++ b/apps/certbot-service/README.md @@ -0,0 +1,105 @@ +# Certbot + +This service is responsible for managing the certificates for the PGLite instances. + +It uses `fly machine run --schedule weekly` to wake up the service every week to renew the certificates if needed. Let's Encrypt certificates are valid for 90 days. + +## Testing certbot-service locally + +Copy `.env.example` to `.env` and set the missing environment variables. + +Start minio to emulate the S3 service: + +```shell +docker compose up -d minio +``` + +Initialize the bucket: + +```shell +docker compose up minio-init +``` + +Build and run the certbot service: + +```shell +docker compose up --build certbot-service +``` + +The certificates will be generated in `/mnt/s3/tls`. + +## Deploying to fly.io + +1. Create a new app if it doesn't exist + +```shell +flyctl apps create postgres-new-certbot +``` + +2. Build and deploy the Docker image to fly.io image registry + +```shell +flyctl deploy --build-only --push -a postgres-new-certbot --image-label + latest +``` + +3. Set the appropriate environment variables and secrets for the app "postgres-new-certbot" (see `.env.example`) in fly.io UI (available in Bitwarden as a secure note "fly.io postgres.new cerbot .env") + +4. Setup [cron-manager](https://github.com/fly-apps/cron-manager?tab=readme-ov-file#getting-started) to run the certbot service every 2 weeks with the following `schedules.json`: + +```json +[ + { + "name": "postgres-new-certbot", + "app_name": "postgres-new-certbot", + "schedule": "0 0 1,15 * *", + "region": "ord", + "command": "./certbot.sh", + "command_timeout": 120, + "enabled": true, + "config": { + "metadata": { + "fly_process_group": "cron" + }, + "auto_destroy": true, + "disable_machine_autostart": true, + "guest": { + "cpu_kind": "shared", + "cpus": 1, + "memory_mb": 256 + }, + "image": "registry.fly.io/postgres-new-certbot:latest", + "restart": { + "max_retries": 1, + "policy": "no" + } + } + } +] +``` + +5. Test running the job by SSHing into cron-manager console + +Run this command in the cron-manager root folder: + +```shell +flyctl ssh console +``` + +Once in the cron-manager instance: + +```shell +cm jobs trigger 1 +``` + +If you open the "postgres-new-certbot" live logs in fly.io UI, you should see the job being executed. + +6. You can check if the certificates are present in the Tigris bucket + +Run this command in the apps/db-instance folder: + +```shell +flyctl storage dashboard +``` + +It should open the Tigris dashboard where you can check the bucket's content. The certificates should be created under `/tls`. \ No newline at end of file diff --git a/apps/certbot-service/certbot.sh b/apps/certbot-service/certbot.sh new file mode 100644 index 00000000..fb7ed4bd --- /dev/null +++ b/apps/certbot-service/certbot.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash + +set -euo pipefail + +CONFIG_DIR="${S3FS_MOUNT}/tls/letsencrypt" +CERT_PATH="${CONFIG_DIR}/live/${CERTBOT_DOMAIN}/fullchain.pem" +CLOUD_FLARE_INI="/app/cloudflare.ini" +DEPLOY_HOOK="/app/deploy-hook.sh" + +renew_certificate() { + echo "Certificates exist. Renewing..." + certbot renew --non-interactive \ + --dns-cloudflare \ + --dns-cloudflare-credentials "${CLOUD_FLARE_INI}" \ + --deploy-hook "${DEPLOY_HOOK}" \ + --config-dir "${CONFIG_DIR}" +} + +create_certificate() { + echo "Certificates do not exist. Creating..." + certbot certonly --non-interactive \ + --agree-tos \ + --email "${CERTBOT_EMAIL}" \ + --dns-cloudflare \ + --dns-cloudflare-credentials "${CLOUD_FLARE_INI}" \ + --dns-cloudflare-propagation-seconds 60 \ + -d "*.${CERTBOT_DOMAIN}" \ + --deploy-hook "${DEPLOY_HOOK}" \ + --config-dir "${CONFIG_DIR}" +} + +main() { + if [[ -f "${CERT_PATH}" ]]; then + renew_certificate + else + create_certificate + fi +} + +main "$@" \ No newline at end of file diff --git a/apps/certbot-service/deploy-hook.sh b/apps/certbot-service/deploy-hook.sh new file mode 100644 index 00000000..1e135f3e --- /dev/null +++ b/apps/certbot-service/deploy-hook.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +set -euo pipefail + +SOURCE_DIR="$S3FS_MOUNT/tls/letsencrypt/live/$CERTBOT_DOMAIN" +TARGET_DIR="$S3FS_MOUNT/tls" + +# Ensure the target directory exists +mkdir -p $TARGET_DIR + +# Copy the key and cert to the target directory +cp -f $SOURCE_DIR/privkey.pem $TARGET_DIR/key.pem +cp -f $SOURCE_DIR/fullchain.pem $TARGET_DIR/cert.pem \ No newline at end of file diff --git a/apps/certbot-service/docker-compose.yml b/apps/certbot-service/docker-compose.yml new file mode 100644 index 00000000..7085fc80 --- /dev/null +++ b/apps/certbot-service/docker-compose.yml @@ -0,0 +1,47 @@ +services: + certbot-service: + image: certbot-service + build: + context: . + environment: + AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID} + AWS_ENDPOINT_URL_S3: ${AWS_ENDPOINT_URL_S3} + AWS_REGION: ${AWS_REGION} + AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY} + BUCKET_NAME: ${BUCKET_NAME} + CERTBOT_DOMAIN: ${CERTBOT_DOMAIN} + CERTBOT_EMAIL: ${CERTBOT_EMAIL} + CLOUDFLARE_API_TOKEN: ${CLOUDFLARE_API_TOKEN} + S3FS_MOUNT: ${S3FS_MOUNT} + ports: + - 5432:5432 + devices: + - /dev/fuse + cap_add: + - SYS_ADMIN + depends_on: + minio: + condition: service_healthy + minio: + image: minio/minio + environment: + MINIO_ROOT_USER: minioadmin + MINIO_ROOT_PASSWORD: minioadmin + ports: + - 9000:9000 + command: server /data + healthcheck: + test: timeout 5s bash -c ':> /dev/tcp/127.0.0.1/9000' || exit 1 + interval: 5s + timeout: 5s + retries: 1 + minio-init: + image: minio/mc + entrypoint: > + /bin/sh -c " + mc alias set local http://minio:9000 minioadmin minioadmin; + (mc ls local/test || mc mb local/test); + " + depends_on: + minio: + condition: service_healthy diff --git a/apps/certbot-service/entrypoint.sh b/apps/certbot-service/entrypoint.sh new file mode 100755 index 00000000..fc083a79 --- /dev/null +++ b/apps/certbot-service/entrypoint.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash + +set -euo pipefail + +# s3fs ################################ +cleanup() { + echo "Unmounting s3fs..." + fusermount -u $S3FS_MOUNT + exit 0 +} + +forward_signal() { + kill -$1 "$MAIN_PID" +} + +trap 'forward_signal SIGINT' SIGINT +trap 'forward_signal SIGTERM' SIGTERM +trap 'cleanup' EXIT + +# Create the mount point directory +mkdir -p $S3FS_MOUNT + +# Mount the S3 bucket +s3fs $BUCKET_NAME $S3FS_MOUNT -o use_path_request_style -o url=$AWS_ENDPOINT_URL_S3 -o endpoint=$AWS_REGION + +# Check if the mount was successful +if mountpoint -q $S3FS_MOUNT; then + echo "S3 bucket mounted successfully at $S3FS_MOUNT" +else + echo "Failed to mount S3 bucket" + exit 1 +fi + +# cloudflare.ini ###################### +echo "dns_cloudflare_api_token = $CLOUDFLARE_API_TOKEN" > /app/cloudflare.ini +chmod 600 /app/cloudflare.ini + +# Execute the original command +"$@" & +MAIN_PID=$! + +wait $MAIN_PID diff --git a/apps/certbot-service/fly.toml b/apps/certbot-service/fly.toml new file mode 100644 index 00000000..2a27b20c --- /dev/null +++ b/apps/certbot-service/fly.toml @@ -0,0 +1,4 @@ +app = 'postgres-new-certbot' +primary_region = 'yyz' + +[build] diff --git a/apps/db-service/.env.example b/apps/db-service/.env.example new file mode 100644 index 00000000..8e154165 --- /dev/null +++ b/apps/db-service/.env.example @@ -0,0 +1,6 @@ +AWS_ACCESS_KEY_ID=minioadmin +AWS_ENDPOINT_URL_S3=http://minio:9000 +AWS_REGION=us-east-1 +AWS_SECRET_ACCESS_KEY=minioadmin +BUCKET_NAME=test +S3FS_MOUNT=/mnt/s3 \ No newline at end of file diff --git a/apps/db-service/README.md b/apps/db-service/README.md index b4383a68..715edfb1 100644 --- a/apps/db-service/README.md +++ b/apps/db-service/README.md @@ -99,3 +99,11 @@ To stop all Docker containers, run: ```shell docker compose down ``` + +# Fly deployment + +```shell +flyctl launch --org supabase-dev +``` + +In the browser, select "enable Tigris" and confirm. \ No newline at end of file diff --git a/apps/db-service/docker-compose.yml b/apps/db-service/docker-compose.yml index 13e26335..0a4cce0c 100644 --- a/apps/db-service/docker-compose.yml +++ b/apps/db-service/docker-compose.yml @@ -3,13 +3,8 @@ services: image: db-service build: context: . - environment: - S3FS_ENDPOINT: http://minio:9000 - S3FS_BUCKET: test - S3FS_REGION: us-east-1 # default region for s3-compatible APIs - S3FS_MOUNT: /mnt/s3 - AWS_ACCESS_KEY_ID: minioadmin - AWS_SECRET_ACCESS_KEY: minioadmin + env_file: + - .env ports: - 5432:5432 devices: @@ -23,13 +18,8 @@ services: image: tls-init build: context: . - environment: - S3FS_ENDPOINT: http://minio:9000 - S3FS_BUCKET: test - S3FS_REGION: us-east-1 # default region for s3-compatible APIs - S3FS_MOUNT: /mnt/s3 - AWS_ACCESS_KEY_ID: minioadmin - AWS_SECRET_ACCESS_KEY: minioadmin + env_file: + - .env devices: - /dev/fuse cap_add: diff --git a/apps/db-service/entrypoint.sh b/apps/db-service/entrypoint.sh index be930a28..ba8dfc11 100755 --- a/apps/db-service/entrypoint.sh +++ b/apps/db-service/entrypoint.sh @@ -21,7 +21,7 @@ trap 'cleanup' EXIT mkdir -p $S3FS_MOUNT # Mount the S3 bucket -s3fs $S3FS_BUCKET $S3FS_MOUNT -o use_path_request_style -o url=$S3FS_ENDPOINT -o endpoint=$S3FS_REGION +s3fs $BUCKET_NAME $S3FS_MOUNT -o url=$AWS_ENDPOINT_URL_S3 -o use_path_request_style # Check if the mount was successful if mountpoint -q $S3FS_MOUNT; then diff --git a/apps/db-service/fly.toml b/apps/db-service/fly.toml new file mode 100644 index 00000000..31db1d90 --- /dev/null +++ b/apps/db-service/fly.toml @@ -0,0 +1,29 @@ +# fly.toml app configuration file generated for postgres-new-dev on 2024-07-26T16:50:03-05:00 +# +# See https://fly.io/docs/reference/configuration/ for information about how to use this file. +# + +app = 'postgres-new-dev' +primary_region = 'yyz' + +[build] + +[[services]] +internal_port = 5432 +protocol = "tcp" +auto_stop_machines = true +auto_start_machines = true +min_machines_running = 0 + +[[services.ports]] +port = 5432 + +[services.concurrency] +type = "connections" +hard_limit = 25 +soft_limit = 20 + +[[vm]] +memory = '1gb' +cpu_kind = 'shared' +cpus = 1 diff --git a/apps/db-service/scripts/generate-certs.sh b/apps/db-service/scripts/generate-certs.sh index 8e474774..e3622819 100755 --- a/apps/db-service/scripts/generate-certs.sh +++ b/apps/db-service/scripts/generate-certs.sh @@ -16,3 +16,9 @@ openssl genpkey -algorithm RSA -out key.pem openssl req -new -key key.pem -out csr.pem -subj "/CN=*.db.example.com" openssl x509 -req -in csr.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -days 365 + +# Create fullchain by concatenating the server certificate and the CA certificate +cat cert.pem ca-cert.pem > fullchain.pem + +# Replace cert.pem with the fullchain +mv fullchain.pem cert.pem \ No newline at end of file diff --git a/apps/db-service/src/index.ts b/apps/db-service/src/index.ts index 9e28a20c..8f2eaaa4 100644 --- a/apps/db-service/src/index.ts +++ b/apps/db-service/src/index.ts @@ -13,7 +13,6 @@ await mkdir(tlsDir, { recursive: true }) const tls: TlsOptions = { key: await readFile(`${tlsDir}/key.pem`), cert: await readFile(`${tlsDir}/cert.pem`), - ca: await readFile(`${tlsDir}/ca-cert.pem`), } function getIdFromServerName(serverName: string) { @@ -63,7 +62,9 @@ const server = net.createServer((socket) => { console.log(`Serving database '${databaseId}'`) - db = new PGlite(`${dbDir}/${databaseId}`) + db = new PGlite(`${dbDir}/${databaseId}`, { + debug: 5 + }) }, async onStartup() { if (!db) { diff --git a/apps/db-service/with-minio.log b/apps/db-service/with-minio.log new file mode 100644 index 00000000..090baa9d --- /dev/null +++ b/apps/db-service/with-minio.log @@ -0,0 +1,152 @@ +db-service-1 | Server listening on port 5432 +db-service-1 | Serving database '12345' +db-service-1 | /app/dist/index.js PGDATA='/tmp/pglite/base' +db-service-1 | PREFIX='/tmp/pglite' +db-service-1 | MODE='REACT' +db-service-1 | REPL='N' +db-service-1 | prerun(C-node) worker= false +db-service-1 | # no '/tmp/pgdata' directory, creating one ... +db-service-1 | # USER=web_user +db-service-1 | # LOGNAME=web_user +db-service-1 | # PATH=/ +db-service-1 | # PWD=/ +db-service-1 | # HOME=/home/web_user +db-service-1 | # LANG=C.UTF-8 +db-service-1 | # _=/app/dist/index.js +db-service-1 | # PGDATA=/tmp/pglite/base +db-service-1 | # PREFIX=/tmp/pglite +db-service-1 | # MODE=REACT +db-service-1 | # REPL=N +db-service-1 | # ENVIRONMENT=node +db-service-1 | # PGSYSCONFDIR=/tmp/pglite +db-service-1 | # PGCLIENTENCODING=UTF8 +db-service-1 | # LC_CTYPE=C +db-service-1 | # PGUSER=postgres +db-service-1 | # PG_COLOR=always +db-service-1 | # argv0 (/tmp/pglite/bin/postgres) PGUSER=postgres PGDATA=/tmp/pglite/base +db-service-1 | pglite: no db +db-service-1 | pg_initdb: no db found at : /tmp/pglite/base +db-service-1 | # WARNING: program "postgres" is needed by initdb but was not found in the same directory as "/tmp/pglite/bin/initdb" +db-service-1 | The files belonging to this database system will be owned by user "postgres". +db-service-1 | popen failure: Function not implemented +db-service-1 | This user must also own the server process. +db-service-1 | +db-service-1 | # 3442 +db-service-1 | The database cluster will be initialized with this locale configuration: +db-service-1 | provider: libc +db-service-1 | LC_COLLATE: C +db-service-1 | LC_CTYPE: C.UTF-8 +db-service-1 | LC_MESSAGES: C +db-service-1 | LC_MONETARY: C +db-service-1 | LC_NUMERIC: C +db-service-1 | LC_TIME: C +db-service-1 | # 2651 +db-service-1 | # 2705 +db-service-1 | # 2706 +db-service-1 | # 3444 +db-service-1 | The default text search configuration will be set to "english". +db-service-1 | # 3446 +db-service-1 | +db-service-1 | Data page checksums are disabled. +db-service-1 | +db-service-1 | # 3458 +db-service-1 | fixing permissions on existing directory /tmp/pglite/base ... ok +db-service-1 | creating subdirectories ... ok +db-service-1 | creating configuration files ... ok +db-service-1 | # popen["/tmp/pglite/bin/postgres" --boot -X 1048576 -F -c log_checkpoints=false ] (BOOT) +db-service-1 | running bootstrap script ... ok +db-service-1 | # pg_pclose(/tmp/initdb.boot.txt) 129:../../src/include/pg_config_os.h +db-service-1 | # popen["/tmp/pglite/bin/postgres" --single -F -O -j -c search_path=pg_catalog -c exit_on_error=true -c log_checkpoints=false template1 >/dev/null] (SINGLE) +db-service-1 | # pg_pclose(/tmp/initdb.single.txt) 129:../../src/include/pg_config_os.h +db-service-1 | performing post-bootstrap initialization ... ok +db-service-1 | # 3461: TODO: fsync_pgdata ? +db-service-1 | # pg_initdb_main result = 0 +db-service-1 | 2024-08-01 15:12:59.850 GMT [42] DEBUG: invoking IpcMemoryCreate(size=144367616) +db-service-1 | # FIXING: int shmget (key_t __key=6, size_t __size=40, int __shmflg=1920) pagesize default=65536 +db-service-1 | # FIXING: void *shmat (int __shmid=666, const void *__shmaddr=0, int __shmflg=0) +db-service-1 | 2024-08-01 15:12:59.872 GMT [42] DEBUG: dynamic shared memory system will support 224 segments +db-service-1 | 2024-08-01 15:12:59.872 GMT [42] DEBUG: created dynamic shared memory control segment 197181156 (5388 bytes) +db-service-1 | 2024-08-01 15:12:59.873 GMT [42] DEBUG: transaction ID wrap limit is 2147483650, limited by database with OID 1 +db-service-1 | 2024-08-01 15:12:59.873 GMT [42] DEBUG: MultiXactId wrap limit is 2147483648, limited by database with OID 1 +db-service-1 | 2024-08-01 15:12:59.874 GMT [42] DEBUG: creating and filling new WAL file +db-service-1 | 2024-08-01 15:12:59.896 GMT [42] DEBUG: done creating and filling new WAL file +db-service-1 | # 360: InitPostgres(boot): /home/runner/work/pglite/pglite/postgresql-16.3/src/backend/bootstrap/bootstrap.c +db-service-1 | 2024-08-01 15:12:59.934 GMT [42] DEBUG: InitPostgres +db-service-1 | 2024-08-01 15:12:59.934 GMT [42] NOTICE: database system was shut down at 2024-08-01 15:12:59 GMT +db-service-1 | 2024-08-01 15:12:59.938 GMT [42] DEBUG: checkpoint record is at 0/100028 +db-service-1 | 2024-08-01 15:12:59.938 GMT [42] DEBUG: redo record is at 0/100028; shutdown true +db-service-1 | 2024-08-01 15:12:59.938 GMT [42] DEBUG: next transaction ID: 3; next OID: 10000 +db-service-1 | 2024-08-01 15:12:59.938 GMT [42] DEBUG: next MultiXactId: 1; next MultiXactOffset: 0 +db-service-1 | 2024-08-01 15:12:59.938 GMT [42] DEBUG: oldest unfrozen transaction ID: 3, in database 1 +db-service-1 | 2024-08-01 15:12:59.938 GMT [42] DEBUG: oldest MultiXactId: 1, in database 1 +db-service-1 | 2024-08-01 15:12:59.938 GMT [42] DEBUG: commit timestamp Xid oldest/newest: 0/0 +db-service-1 | 2024-08-01 15:12:59.938 GMT [42] DEBUG: transaction ID wrap limit is 2147483650, limited by database with OID 1 +db-service-1 | 2024-08-01 15:12:59.938 GMT [42] DEBUG: MultiXactId wrap limit is 2147483648, limited by database with OID 1 +db-service-1 | 2024-08-01 15:12:59.940 GMT [42] DEBUG: starting up replication slots +db-service-1 | 2024-08-01 15:12:59.940 GMT [42] DEBUG: xmin required by slots: data 0, catalog 0 +db-service-1 | 2024-08-01 15:12:59.941 GMT [42] DEBUG: starting up replication origin progress state +db-service-1 | 2024-08-01 15:12:59.942 GMT [42] DEBUG: reading stats file "pg_stat/pgstat.stat" +db-service-1 | 2024-08-01 15:12:59.942 GMT [42] DEBUG: MultiXactId wrap limit is 2147483648, limited by database with OID 1 +db-service-1 | 2024-08-01 15:12:59.942 GMT [42] DEBUG: MultiXact member stop limit is now 4294914944 based on MultiXact 1 +db-service-1 | 2024-08-01 15:13:00.583 GMT [42] DEBUG: rehashing catalog cache id 6 for pg_attribute; 65 tups, 32 buckets +db-service-1 | 2024-08-01 15:13:00.735 GMT [42] DEBUG: rehashing catalog cache id 6 for pg_attribute; 129 tups, 64 buckets +db-service-1 | 2024-08-01 15:13:00.785 GMT [42] DEBUG: rehashing catalog cache id 32 for pg_index; 129 tups, 64 buckets +db-service-1 | # 338 cleanup(boot): /home/runner/work/pglite/pglite/postgresql-16.3/src/backend/bootstrap/bootstrap.c +db-service-1 | # 108:fake shutdown +db-service-1 | # skipped shmem_exit_index=5/6 +db-service-1 | # before_shmem_exit_index=4/6 +db-service-1 | 2024-08-01 15:13:01.501 GMT [42] NOTICE: shutting down +db-service-1 | 2024-08-01 15:13:01.504 GMT [42] DEBUG: performing replication slot checkpoint +db-service-1 | 2024-08-01 15:13:01.744 GMT [42] DEBUG: attempting to remove WAL segments older than log file 000000000000000000000000 +db-service-1 | 2024-08-01 15:13:01.746 GMT [42] DEBUG: SlruScanDirectory invoking callback on pg_subtrans/0000 +db-service-1 | # skipped shmem_exit_index=3/6 +db-service-1 | # skipped shmem_exit_index=2/6 +db-service-1 | # skipped shmem_exit_index=1/6 +db-service-1 | # skipped shmem_exit_index=0/6 +db-service-1 | # dsm_backend_shutdown ? +db-service-1 | # 54: RePostgresSingleUserMain progname=postgres for /tmp/pglite/bin/postgres +db-service-1 | # 67: dbname=template1 +db-service-1 | 2024-08-01 15:13:01.747 GMT [42] NOTICE: database system was shut down at 2024-08-01 15:13:01 GMT +db-service-1 | 2024-08-01 15:13:01.750 GMT [42] DEBUG: checkpoint record is at 0/1B2668 +db-service-1 | 2024-08-01 15:13:01.750 GMT [42] DEBUG: redo record is at 0/1B2668; shutdown true +db-service-1 | 2024-08-01 15:13:01.750 GMT [42] DEBUG: next transaction ID: 3; next OID: 10115 +db-service-1 | 2024-08-01 15:13:01.750 GMT [42] DEBUG: next MultiXactId: 1; next MultiXactOffset: 0 +db-service-1 | 2024-08-01 15:13:01.750 GMT [42] DEBUG: oldest unfrozen transaction ID: 3, in database 1 +db-service-1 | 2024-08-01 15:13:01.750 GMT [42] DEBUG: oldest MultiXactId: 1, in database 1 +db-service-1 | 2024-08-01 15:13:01.750 GMT [42] DEBUG: commit timestamp Xid oldest/newest: 0/0 +db-service-1 | 2024-08-01 15:13:01.750 GMT [42] DEBUG: transaction ID wrap limit is 2147483650, limited by database with OID 1 +db-service-1 | 2024-08-01 15:13:01.750 GMT [42] DEBUG: MultiXactId wrap limit is 2147483648, limited by database with OID 1 +db-service-1 | 2024-08-01 15:13:01.750 GMT [42] DEBUG: MultiXact member stop limit is now 4294914944 based on MultiXact 1 +db-service-1 | 2024-08-01 15:13:01.751 GMT [42] DEBUG: starting up replication slots +db-service-1 | 2024-08-01 15:13:01.751 GMT [42] DEBUG: xmin required by slots: data 0, catalog 0 +db-service-1 | 2024-08-01 15:13:01.752 GMT [42] DEBUG: MultiXactId wrap limit is 2147483648, limited by database with OID 1 +db-service-1 | 2024-08-01 15:13:01.752 GMT [42] DEBUG: MultiXact member stop limit is now 4294914944 based on MultiXact 1 +db-service-1 | +db-service-1 | PostgreSQL stand-alone backend 16.3 +db-service-1 | 2024-08-01 15:13:02.350 GMT [42] DEBUG: rehashing catalog cache id 7 for pg_attribute; 257 tups, 128 buckets +db-service-1 | 2024-08-01 15:13:02.384 GMT [42] DEBUG: rehashing catalog cache id 6 for pg_attribute; 65 tups, 32 buckets +db-service-1 | 2024-08-01 15:13:02.842 GMT [42] DEBUG: rehashing catalog cache id 69 for pg_transform; 33 tups, 16 buckets +db-service-1 | 1: pg_stop_making_pinned_objects (typeid = 2278, len = 4, typmod = -1, byval = t) +db-service-1 | ---- +db-service-1 | 1: pg_stop_making_pinned_objects = "" (typeid = 2278, len = 4, typmod = -1, byval = t) +db-service-1 | ---- +db-service-1 | 2024-08-01 15:13:03.778 GMT [42] DEBUG: rehashing catalog cache id 37 for pg_operator; 33 lists, 16 buckets +db-service-1 | 2024-08-01 15:13:03.815 GMT [42] DEBUG: rehashing catalog cache id 44 for pg_proc; 33 lists, 16 buckets at character 882 +db-service-1 | 2024-08-01 15:13:04.008 GMT [42] DEBUG: rehashing catalog cache id 44 for pg_proc; 65 lists, 32 buckets at character 2338 +db-service-1 | 2024-08-01 15:13:04.029 GMT [42] DEBUG: rehashing catalog cache id 44 for pg_proc; 257 tups, 128 buckets at character 168 +db-service-1 | 1: pg_import_system_collations (typeid = 23, len = 4, typmod = -1, byval = t) +db-service-1 | ---- +db-service-1 | # 204:../../../../src/include/pg_config_os.h: OpenPipeStream(command=locale -a, mode=r) +db-service-1 | # redirected to /tmp/pglite/locale +db-service-1 | #211 locale created +db-service-1 | 2024-08-01 15:13:04.202 GMT [42] WARNING: file passed to ClosePipeStream was not obtained from OpenPipeStream +db-service-1 | 1: pg_import_system_collations = "3" (typeid = 23, len = 4, typmod = -1, byval = t) +db-service-1 | ---- +db-service-1 | 2024-08-01 15:13:04.370 GMT [42] DEBUG: rehashing catalog cache id 73 for pg_ts_dict; 5 tups, 2 buckets +db-service-1 | 2024-08-01 15:13:04.413 GMT [42] DEBUG: rehashing catalog cache id 71 for pg_ts_config; 5 tups, 2 buckets +db-service-1 | 2024-08-01 15:13:04.419 GMT [42] DEBUG: rehashing catalog cache id 72 for pg_ts_config; 5 tups, 2 buckets +db-service-1 | 2024-08-01 15:13:04.503 GMT [42] DEBUG: rehashing catalog cache id 73 for pg_ts_dict; 9 tups, 4 buckets +db-service-1 | 2024-08-01 15:13:04.549 GMT [42] DEBUG: rehashing catalog cache id 71 for pg_ts_config; 9 tups, 4 buckets +db-service-1 | 2024-08-01 15:13:04.555 GMT [42] DEBUG: rehashing catalog cache id 72 for pg_ts_config; 9 tups, 4 buckets +db-service-1 | 2024-08-01 15:13:04.779 GMT [42] DEBUG: rehashing catalog cache id 73 for pg_ts_dict; 17 tups, 8 buckets +db-service-1 | 2024-08-01 15:13:04.827 GMT [42] DEBUG: rehashing catalog cache id 71 for pg_ts_config; 17 tups, 8 buckets \ No newline at end of file diff --git a/apps/db-service/with-s3.log b/apps/db-service/with-s3.log new file mode 100644 index 00000000..1d946b03 --- /dev/null +++ b/apps/db-service/with-s3.log @@ -0,0 +1,90 @@ +db-service-1 | Server listening on port 5432 +db-service-1 | Serving database '12345' +db-service-1 | /app/dist/index.js PGDATA='/tmp/pglite/base' +db-service-1 | PREFIX='/tmp/pglite' +db-service-1 | MODE='REACT' +db-service-1 | REPL='N' +db-service-1 | prerun(C-node) worker= false +db-service-1 | # no '/tmp/pgdata' directory, creating one ... +db-service-1 | # USER=web_user +db-service-1 | # LOGNAME=web_user +db-service-1 | # PATH=/ +db-service-1 | # PWD=/ +db-service-1 | # HOME=/home/web_user +db-service-1 | # LANG=C.UTF-8 +db-service-1 | # _=/app/dist/index.js +db-service-1 | # PGDATA=/tmp/pglite/base +db-service-1 | # PREFIX=/tmp/pglite +db-service-1 | # MODE=REACT +db-service-1 | # REPL=N +db-service-1 | # ENVIRONMENT=node +db-service-1 | # PGSYSCONFDIR=/tmp/pglite +db-service-1 | # PGCLIENTENCODING=UTF8 +db-service-1 | # LC_CTYPE=C +db-service-1 | # PGUSER=postgres +db-service-1 | # PG_COLOR=always +db-service-1 | # argv0 (/tmp/pglite/bin/postgres) PGUSER=postgres PGDATA=/tmp/pglite/base +db-service-1 | pglite: no db +db-service-1 | pg_initdb: no db found at : /tmp/pglite/base +db-service-1 | popen failure: Function not implemented +db-service-1 | # WARNING: program "postgres" is needed by initdb but was not found in the same directory as "/tmp/pglite/bin/initdb" +db-service-1 | The files belonging to this database system will be owned by user "postgres". +db-service-1 | This user must also own the server process. +db-service-1 | +db-service-1 | # 3442 +db-service-1 | The database cluster will be initialized with this locale configuration: +db-service-1 | provider: libc +db-service-1 | LC_COLLATE: C +db-service-1 | LC_CTYPE: C.UTF-8 +db-service-1 | LC_MESSAGES: C +db-service-1 | LC_MONETARY: C +db-service-1 | LC_NUMERIC: C +db-service-1 | LC_TIME: C +db-service-1 | # 2651 +db-service-1 | # 2705 +db-service-1 | # 2706 +db-service-1 | # 3444 +db-service-1 | The default text search configuration will be set to "english". +db-service-1 | # 3446 +db-service-1 | +db-service-1 | Data page checksums are disabled. +db-service-1 | +db-service-1 | # 3458 +db-service-1 | fixing permissions on existing directory /tmp/pglite/base ... ok +db-service-1 | creating subdirectories ... ok +db-service-1 | creating configuration files ... ok +db-service-1 | # popen["/tmp/pglite/bin/postgres" --boot -X 1048576 -F -c log_checkpoints=false ] (BOOT) +db-service-1 | # pg_pclose(/tmp/initdb.boot.txt) 129:../../src/include/pg_config_os.h +db-service-1 | running bootstrap script ... ok +db-service-1 | # popen["/tmp/pglite/bin/postgres" --single -F -O -j -c search_path=pg_catalog -c exit_on_error=true -c log_checkpoints=false template1 >/dev/null] (SINGLE) +db-service-1 | performing post-bootstrap initialization ... ok +db-service-1 | # 3461: TODO: fsync_pgdata ? +db-service-1 | # pg_initdb_main result = 0 +db-service-1 | # pg_pclose(/tmp/initdb.single.txt) 129:../../src/include/pg_config_os.h +db-service-1 | 2024-08-01 15:02:20.610 GMT [42] DEBUG: invoking IpcMemoryCreate(size=144367616) +db-service-1 | # FIXING: int shmget (key_t __key=6, size_t __size=40, int __shmflg=1920) pagesize default=65536 +db-service-1 | # FIXING: void *shmat (int __shmid=666, const void *__shmaddr=0, int __shmflg=0) +db-service-1 | 2024-08-01 15:02:21.682 GMT [42] DEBUG: dynamic shared memory system will support 224 segments +db-service-1 | 2024-08-01 15:02:21.684 GMT [42] DEBUG: created dynamic shared memory control segment 982032434 (5388 bytes) +db-service-1 | 2024-08-01 15:02:21.684 GMT [42] DEBUG: transaction ID wrap limit is 2147483650, limited by database with OID 1 +db-service-1 | 2024-08-01 15:02:21.684 GMT [42] DEBUG: MultiXactId wrap limit is 2147483648, limited by database with OID 1 +db-service-1 | 2024-08-01 15:02:22.256 GMT [42] DEBUG: creating and filling new WAL file +db-service-1 | 2024-08-01 15:02:26.479 GMT [42] DEBUG: done creating and filling new WAL file +db-service-1 | # 360: InitPostgres(boot): /home/runner/work/pglite/pglite/postgresql-16.3/src/backend/bootstrap/bootstrap.c +db-service-1 | 2024-08-01 15:02:40.948 GMT [42] DEBUG: InitPostgres +db-service-1 | 2024-08-01 15:02:40.948 GMT [42] NOTICE: database system was shut down at 2024-08-01 15:02:21 GMT +db-service-1 | 2024-08-01 15:02:44.793 GMT [42] DEBUG: checkpoint record is at 0/100028 +db-service-1 | 2024-08-01 15:02:44.794 GMT [42] DEBUG: redo record is at 0/100028; shutdown true +db-service-1 | 2024-08-01 15:02:44.794 GMT [42] DEBUG: next transaction ID: 3; next OID: 10000 +db-service-1 | 2024-08-01 15:02:44.794 GMT [42] DEBUG: next MultiXactId: 1; next MultiXactOffset: 0 +db-service-1 | 2024-08-01 15:02:44.794 GMT [42] DEBUG: oldest unfrozen transaction ID: 3, in database 1 +db-service-1 | 2024-08-01 15:02:44.794 GMT [42] DEBUG: oldest MultiXactId: 1, in database 1 +db-service-1 | 2024-08-01 15:02:44.794 GMT [42] DEBUG: commit timestamp Xid oldest/newest: 0/0 +db-service-1 | 2024-08-01 15:02:44.795 GMT [42] DEBUG: transaction ID wrap limit is 2147483650, limited by database with OID 1 +db-service-1 | 2024-08-01 15:02:44.795 GMT [42] DEBUG: MultiXactId wrap limit is 2147483648, limited by database with OID 1 +db-service-1 | 2024-08-01 15:02:46.972 GMT [42] DEBUG: starting up replication slots +db-service-1 | 2024-08-01 15:02:47.166 GMT [42] DEBUG: xmin required by slots: data 0, catalog 0 +db-service-1 | 2024-08-01 15:02:47.360 GMT [42] DEBUG: starting up replication origin progress state +db-service-1 | 2024-08-01 15:02:48.124 GMT [42] DEBUG: reading stats file "pg_stat/pgstat.stat" +db-service-1 | 2024-08-01 15:02:48.690 GMT [42] DEBUG: MultiXactId wrap limit is 2147483648, limited by database with OID 1 +db-service-1 | 2024-08-01 15:02:48.690 GMT [42] DEBUG: MultiXact member stop limit is now 4294914944 based on MultiXact 1