From 7c4dbefefab6d6cfb3a4d671af4f871dc5d2e097 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 18 Jun 2025 11:21:17 -0400 Subject: [PATCH 01/17] fix: pin version of libpq to the major version installed --- ansible/tasks/setup-postgrest.yml | 2 +- ansible/vars.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index a98d1990f..823246eb0 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -20,7 +20,7 @@ - name: PostgREST - system dependencies apt: pkg: - - libpq5 + - "libpq5={{ postgresql_major }}.*" - libnuma-dev - name: PostgREST - remove Postgres PPA gpg key diff --git a/ansible/vars.yml b/ansible/vars.yml index 2838d6f92..f3a124e27 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -9,9 +9,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.0.1.093-orioledb" - postgres17: "17.4.1.043" - postgres15: "15.8.1.100" + postgresorioledb-17: "17.0.1.094-orioledb-libpq-1" + postgres17: "17.4.1.044-libpq-1" + postgres15: "15.8.1.101-libpq-1" # Non Postgres Extensions pgbouncer_release: "1.19.0" From cbf05aefee58563ab2488521a5cb9bf98837086e Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 18 Jun 2025 11:32:36 -0400 Subject: [PATCH 02/17] fix: the variable is postgresql_major_version --- ansible/tasks/setup-postgrest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index 823246eb0..301952289 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -20,7 +20,7 @@ - name: PostgREST - system dependencies apt: pkg: - - "libpq5={{ postgresql_major }}.*" + - "libpq5={{ postgresql_major_version }}.*" - libnuma-dev - name: PostgREST - remove Postgres PPA gpg key From e41315230e6b1c722838e5249af0cc41a0d067d8 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 18 Jun 2025 13:10:23 -0400 Subject: [PATCH 03/17] fix: using the correct var --- ansible/tasks/setup-postgrest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index 301952289..823246eb0 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -20,7 +20,7 @@ - name: PostgREST - system dependencies apt: pkg: - - "libpq5={{ postgresql_major_version }}.*" + - "libpq5={{ postgresql_major }}.*" - libnuma-dev - name: PostgREST - remove Postgres PPA gpg key From 8882dd157843fbe17cdc626362f71dfc3c1d663f Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 18 Jun 2025 15:45:34 -0400 Subject: [PATCH 04/17] fix: default to postgres 15 major version --- ansible/tasks/setup-postgrest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index 823246eb0..70486a085 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -20,7 +20,7 @@ - name: PostgREST - system dependencies apt: pkg: - - "libpq5={{ postgresql_major }}.*" + - "libpq5={{ postgresql_major | default('15') }}.*" - libnuma-dev - name: PostgREST - remove Postgres PPA gpg key From b6291c97810cceeddda8be428b1c346270edbddd Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 18 Jun 2025 16:03:16 -0400 Subject: [PATCH 05/17] fix: default to 15 --- ansible/tasks/setup-postgrest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index 70486a085..0738a820b 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -20,7 +20,7 @@ - name: PostgREST - system dependencies apt: pkg: - - "libpq5={{ postgresql_major | default('15') }}.*" + - "libpq5=15.*" - libnuma-dev - name: PostgREST - remove Postgres PPA gpg key From 2e1479e7c481995c60a246ca0d9c1b6af01e0677 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 18 Jun 2025 16:36:10 -0400 Subject: [PATCH 06/17] fix: supposedly main contains all releases for libpq5 --- ansible/tasks/setup-postgrest.yml | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index 0738a820b..b261d5e52 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -8,20 +8,23 @@ - name: PostgREST - add Postgres PPA apt_repository: - repo: "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg {{ postgresql_major }}" + repo: "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" state: present + filename: postgresql-pgdg -- name: PostgREST - update apt cache - apt: - update_cache: yes - -# libpq is a C library that enables user programs to communicate with -# the PostgreSQL database server. -- name: PostgREST - system dependencies +- name: PostgREST - install system dependencies apt: pkg: - - "libpq5=15.*" + - "libpq5>=15" - libnuma-dev + update_cache: yes + state: present + +- name: PostgREST - verify libpq5 version + shell: dpkg -l libpq5 | grep '^ii' | awk '{print $3}' | grep -E '^15' + register: libpq5_version + failed_when: libpq5_version.rc != 0 + changed_when: false - name: PostgREST - remove Postgres PPA gpg key apt_key: @@ -88,7 +91,6 @@ #! /usr/bin/env bash set -euo pipefail set -x - cd "$(dirname "$0")" cat $@ > merged.conf dest: /etc/postgrest/merge.sh From 938cb00aa0253b9d0ffdf91ec3599a1b1454624f Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 18 Jun 2025 22:10:44 -0400 Subject: [PATCH 07/17] fix: syntax --- ansible/tasks/setup-postgrest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index b261d5e52..752164d75 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -15,7 +15,7 @@ - name: PostgREST - install system dependencies apt: pkg: - - "libpq5>=15" + - "libpq5 (>= 15)" - libnuma-dev update_cache: yes state: present From 6e63752beb6efe356f93cb57bf63e4fa111280b5 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 19 Jun 2025 04:50:07 -0400 Subject: [PATCH 08/17] fix: different syntax --- ansible/tasks/setup-postgrest.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index 752164d75..6efcb0db3 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -14,10 +14,14 @@ - name: PostgREST - install system dependencies apt: - pkg: - - "libpq5 (>= 15)" - - libnuma-dev + name: libpq5 + version: ">=15" + state: present update_cache: yes + +- name: PostgREST - install libnuma-dev + apt: + name: libnuma-dev state: present - name: PostgREST - verify libpq5 version From d9499519868f868ca20aa4366056470f2452d749 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 19 Jun 2025 05:10:51 -0400 Subject: [PATCH 09/17] fix: rely on ppa --- ansible/tasks/setup-postgrest.yml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index 6efcb0db3..fcd489f3c 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -14,22 +14,21 @@ - name: PostgREST - install system dependencies apt: - name: libpq5 - version: ">=15" - state: present + package: + - libpq5 + - libnuma-dev update_cache: yes - -- name: PostgREST - install libnuma-dev - apt: - name: libnuma-dev state: present - name: PostgREST - verify libpq5 version - shell: dpkg -l libpq5 | grep '^ii' | awk '{print $3}' | grep -E '^15' + shell: dpkg -l libpq5 | grep '^ii' | awk '{print $3}' register: libpq5_version - failed_when: libpq5_version.rc != 0 changed_when: false +- name: Show installed libpq5 version + debug: + msg: "Installed libpq5 version: {{ libpq5_version.stdout }}" + - name: PostgREST - remove Postgres PPA gpg key apt_key: url: https://www.postgresql.org/media/keys/ACCC4CF8.asc From 911c87c907d7c6fe26f4aa188307779d4b0d29d5 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 19 Jun 2025 06:32:14 -0400 Subject: [PATCH 10/17] fix: ppa removal --- ansible/tasks/setup-postgrest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index fcd489f3c..cd88f585c 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -36,7 +36,7 @@ - name: PostgREST - remove Postgres PPA apt_repository: - repo: "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg {{ postgresql_major }}" + repo: "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" state: absent - name: postgis - ensure dependencies do not get autoremoved From 76a37dea6296fe6af9a97eef76df793b341b248f Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 19 Jun 2025 06:58:07 -0400 Subject: [PATCH 11/17] fix: change to trigger workflow --- ansible/tasks/setup-postgrest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index cd88f585c..b6e0f951c 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -6,7 +6,7 @@ url: https://www.postgresql.org/media/keys/ACCC4CF8.asc state: present -- name: PostgREST - add Postgres PPA +- name: PostgREST - add Postgres PPA main apt_repository: repo: "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" state: present From 7764605433fdce39ce5a9c4976e826f5979c462d Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 19 Jun 2025 12:30:35 -0400 Subject: [PATCH 12/17] fix: adding a test to see postgres version --- testinfra/test_ami_nix.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py index 1975818d6..cc09cc501 100644 --- a/testinfra/test_ami_nix.py +++ b/testinfra/test_ami_nix.py @@ -507,3 +507,22 @@ def test_postgrest_ending_empty_key_query_parameter_is_removed(host): }, ) assert res.ok + + +def test_postgresql_version(host): + """Print the PostgreSQL version being tested.""" + result = run_ssh_command(host['ssh'], "sudo -u postgres psql -c 'SELECT version();'") + if result['succeeded']: + print(f"\nPostgreSQL Version:\n{result['stdout']}") + else: + print(f"\nFailed to get PostgreSQL version: {result['stderr']}") + + # Also get the version from the command line + result = run_ssh_command(host['ssh'], "sudo -u postgres psql --version") + if result['succeeded']: + print(f"PostgreSQL Client Version: {result['stdout'].strip()}") + else: + print(f"Failed to get PostgreSQL client version: {result['stderr']}") + + # This test always passes, it's just for informational purposes + assert True From f2341041109e9538fc479ca38683f8e8f4204300 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 19 Jun 2025 14:38:57 -0400 Subject: [PATCH 13/17] fix: testing for failure related to libpq5 version issue --- testinfra/test_ami_nix.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py index cc09cc501..27d70a831 100644 --- a/testinfra/test_ami_nix.py +++ b/testinfra/test_ami_nix.py @@ -526,3 +526,25 @@ def test_postgresql_version(host): # This test always passes, it's just for informational purposes assert True + + +def test_postgrest_logs_no_target_session_attrs_error(host): + """Check that PostgREST logs don't contain the target_session_attrs error.""" + # Check recent PostgREST logs for the specific error + result = run_ssh_command(host['ssh'], "sudo journalctl -u postgrest --since '1 hour ago' | grep -i 'target_session_attrs' || true") + + if result['stdout'].strip(): + print(f"\nFound target_session_attrs errors in PostgREST logs:\n{result['stdout']}") + assert False, "PostgREST logs contain target_session_attrs errors" + else: + print("\nNo target_session_attrs errors found in PostgREST logs") + + # Also check for the specific error pattern mentioned + result = run_ssh_command(host['ssh'], "sudo journalctl -u postgrest --since '1 hour ago' | grep -i 'invalid target_session_attrs value.*read-only' || true") + + if result['stdout'].strip(): + print(f"\nFound specific target_session_attrs read-only error:\n{result['stdout']}") + assert False, "PostgREST logs contain invalid target_session_attrs read-only error" + else: + print("No invalid target_session_attrs read-only errors found in PostgREST logs") + From 9e1a7c6ece3ca29eb7eb144ee63768dce4973ba4 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 19 Jun 2025 16:13:38 -0400 Subject: [PATCH 14/17] test: include read-only test for postgrest --- testinfra/test_ami_nix.py | 197 +++++++++++++++++++++++++++++++++++--- 1 file changed, 182 insertions(+), 15 deletions(-) diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py index 27d70a831..3f454c7c3 100644 --- a/testinfra/test_ami_nix.py +++ b/testinfra/test_ami_nix.py @@ -510,12 +510,24 @@ def test_postgrest_ending_empty_key_query_parameter_is_removed(host): def test_postgresql_version(host): - """Print the PostgreSQL version being tested.""" + """Print the PostgreSQL version being tested and ensure it's >= 14.""" result = run_ssh_command(host['ssh'], "sudo -u postgres psql -c 'SELECT version();'") if result['succeeded']: print(f"\nPostgreSQL Version:\n{result['stdout']}") + # Extract version number from the output + version_line = result['stdout'].strip().split('\n')[2] # Skip header and get the actual version + # Extract major version number (e.g., "15.8" -> 15) + import re + version_match = re.search(r'PostgreSQL (\d+)\.', version_line) + if version_match: + major_version = int(version_match.group(1)) + print(f"PostgreSQL major version: {major_version}") + assert major_version >= 14, f"PostgreSQL version {major_version} is less than 14" + else: + assert False, "Could not parse PostgreSQL version number" else: print(f"\nFailed to get PostgreSQL version: {result['stderr']}") + assert False, "Failed to get PostgreSQL version" # Also get the version from the command line result = run_ssh_command(host['ssh'], "sudo -u postgres psql --version") @@ -524,27 +536,182 @@ def test_postgresql_version(host): else: print(f"Failed to get PostgreSQL client version: {result['stderr']}") + print("✓ PostgreSQL version is >= 14") + + +def test_libpq5_version(host): + """Print the libpq5 version installed.""" + # Try different package managers to find libpq5 + result = run_ssh_command(host['ssh'], "dpkg -l | grep libpq5 || true") + if result['succeeded'] and result['stdout'].strip(): + print(f"\nlibpq5 package info:\n{result['stdout']}") + else: + print("\nlibpq5 not found via dpkg") + + # Also try to find libpq.so files + result = run_ssh_command(host['ssh'], "find /usr -name '*libpq*' -type f 2>/dev/null | head -10") + if result['succeeded'] and result['stdout'].strip(): + print(f"\nlibpq files found:\n{result['stdout']}") + else: + print("\nNo libpq files found") + + # Check if we can get version from a libpq file + result = run_ssh_command(host['ssh'], "ldd /usr/bin/psql | grep libpq || true") + if result['succeeded'] and result['stdout'].strip(): + print(f"\npsql libpq dependency:\n{result['stdout']}") + else: + print("\nCould not find libpq dependency for psql") + # This test always passes, it's just for informational purposes assert True -def test_postgrest_logs_no_target_session_attrs_error(host): - """Check that PostgREST logs don't contain the target_session_attrs error.""" - # Check recent PostgREST logs for the specific error - result = run_ssh_command(host['ssh'], "sudo journalctl -u postgrest --since '1 hour ago' | grep -i 'target_session_attrs' || true") +def test_postgrest_read_only_session_attrs(host): + """Test PostgREST with target_session_attrs=read-only and check for session errors.""" + # First, check if PostgreSQL is configured for read-only mode + result = run_ssh_command(host['ssh'], "sudo -u postgres psql -c \"SHOW default_transaction_read_only;\"") + if result['succeeded']: + default_read_only = result['stdout'].strip() + print(f"PostgreSQL default_transaction_read_only: {default_read_only}") + else: + print("Could not check PostgreSQL read-only setting") + default_read_only = "unknown" + + # Check if PostgreSQL is in recovery mode (standby) + result = run_ssh_command(host['ssh'], "sudo -u postgres psql -c \"SELECT pg_is_in_recovery();\"") + if result['succeeded']: + in_recovery = result['stdout'].strip() + print(f"PostgreSQL pg_is_in_recovery: {in_recovery}") + else: + print("Could not check PostgreSQL recovery status") + in_recovery = "unknown" - if result['stdout'].strip(): - print(f"\nFound target_session_attrs errors in PostgREST logs:\n{result['stdout']}") - assert False, "PostgREST logs contain target_session_attrs errors" + # Find PostgreSQL configuration file + result = run_ssh_command(host['ssh'], "sudo -u postgres psql -c \"SHOW config_file;\"") + if result['succeeded']: + config_file = result['stdout'].strip().split('\n')[2].strip() # Skip header and get the actual path + print(f"PostgreSQL config file: {config_file}") else: - print("\nNo target_session_attrs errors found in PostgREST logs") + print("Could not find PostgreSQL config file") + config_file = "/etc/postgresql/15/main/postgresql.conf" # Default fallback + + # Backup PostgreSQL config + result = run_ssh_command(host['ssh'], f"sudo cp {config_file} {config_file}.backup") + assert result['succeeded'], "Failed to backup PostgreSQL config" + + # Add read-only setting to PostgreSQL config + result = run_ssh_command(host['ssh'], f"echo 'default_transaction_read_only = on' | sudo tee -a {config_file}") + assert result['succeeded'], "Failed to add read-only setting to PostgreSQL config" + + # Restart PostgreSQL to apply the new configuration + result = run_ssh_command(host['ssh'], "sudo systemctl restart postgresql") + assert result['succeeded'], "Failed to restart PostgreSQL" - # Also check for the specific error pattern mentioned - result = run_ssh_command(host['ssh'], "sudo journalctl -u postgrest --since '1 hour ago' | grep -i 'invalid target_session_attrs value.*read-only' || true") + # Wait for PostgreSQL to start up + sleep(5) - if result['stdout'].strip(): - print(f"\nFound specific target_session_attrs read-only error:\n{result['stdout']}") - assert False, "PostgREST logs contain invalid target_session_attrs read-only error" + # Verify the change took effect + result = run_ssh_command(host['ssh'], "sudo -u postgres psql -c \"SHOW default_transaction_read_only;\"") + if result['succeeded']: + new_default_read_only = result['stdout'].strip() + print(f"PostgreSQL default_transaction_read_only after change: {new_default_read_only}") else: - print("No invalid target_session_attrs read-only errors found in PostgREST logs") + print("Could not verify PostgreSQL read-only setting change") + + # First, backup the current PostgREST config + result = run_ssh_command(host['ssh'], "sudo cp /etc/postgrest/base.conf /etc/postgrest/base.conf.backup") + assert result['succeeded'], "Failed to backup PostgREST config" + + try: + # Read the current config to get the db-uri + result = run_ssh_command(host['ssh'], "sudo cat /etc/postgrest/base.conf | grep '^db-uri'") + assert result['succeeded'], "Failed to read current db-uri" + + current_db_uri = result['stdout'].strip() + print(f"Current db-uri: {current_db_uri}") + + # Extract just the URI part (remove the db-uri = " prefix and trailing quote) + uri_start = current_db_uri.find('"') + 1 + uri_end = current_db_uri.rfind('"') + base_uri = current_db_uri[uri_start:uri_end] + + # Modify the URI to add target_session_attrs=read-only + if '?' in base_uri: + # URI already has parameters, add target_session_attrs + modified_uri = base_uri + "&target_session_attrs=read-only" + else: + # URI has no parameters, add target_session_attrs + modified_uri = base_uri + "?target_session_attrs=read-only" + + print(f"Modified URI: {modified_uri}") + + # Use awk to replace the db-uri line more reliably + result = run_ssh_command(host['ssh'], f"sudo awk '{{if ($1 == \"db-uri\") print \"db-uri = \\\"{modified_uri}\\\"\"; else print $0}}' /etc/postgrest/base.conf > /tmp/new_base.conf && sudo mv /tmp/new_base.conf /etc/postgrest/base.conf") + assert result['succeeded'], "Failed to update db-uri in config" + + # Verify the change was made correctly + result = run_ssh_command(host['ssh'], "sudo cat /etc/postgrest/base.conf | grep '^db-uri'") + print(f"Updated db-uri line: {result['stdout'].strip()}") + + # Also show the full config to debug + result = run_ssh_command(host['ssh'], "sudo cat /etc/postgrest/base.conf") + print(f"Full config after change:\n{result['stdout']}") + + # Restart PostgREST to apply the new configuration + result = run_ssh_command(host['ssh'], "sudo systemctl restart postgrest") + assert result['succeeded'], "Failed to restart PostgREST" + + # Wait a moment for PostgREST to start up + sleep(5) + + # Check if PostgREST is running + result = run_ssh_command(host['ssh'], "sudo systemctl is-active postgrest") + if not (result['succeeded'] and result['stdout'].strip() == 'active'): + # If PostgREST failed to start, check the logs to see why + log_result = run_ssh_command(host['ssh'], "sudo journalctl -u postgrest --since '5 minutes ago' --no-pager") + print(f"PostgREST failed to start. Recent logs:\n{log_result['stdout']}") + assert False, "PostgREST failed to start after config change" + + # Make a test request to trigger any potential session errors + try: + response = requests.get( + f"http://{host['ip']}/rest/v1/", + headers={"apikey": anon_key, "authorization": f"Bearer {anon_key}"}, + timeout=10 + ) + print(f"Test request status: {response.status_code}") + except Exception as e: + print(f"Test request failed: {str(e)}") + + # Check PostgREST logs for "session is not read-only" errors + result = run_ssh_command(host['ssh'], "sudo journalctl -u postgrest --since '5 minutes ago' | grep -i 'session is not read-only' || true") + + if result['stdout'].strip(): + print(f"\nFound 'session is not read-only' errors in PostgREST logs:\n{result['stdout']}") + assert False, "PostgREST logs contain 'session is not read-only' errors even though PostgreSQL is configured for read-only mode" + else: + print("\nNo 'session is not read-only' errors found in PostgREST logs") + + finally: + # Restore the original configuration + result = run_ssh_command(host['ssh'], "sudo cp /etc/postgrest/base.conf.backup /etc/postgrest/base.conf") + if result['succeeded']: + result = run_ssh_command(host['ssh'], "sudo systemctl restart postgrest") + if result['succeeded']: + print("Restored original PostgREST configuration") + else: + print("Warning: Failed to restart PostgREST after restoring config") + else: + print("Warning: Failed to restore original PostgREST configuration") + + # Restore PostgreSQL to original configuration + result = run_ssh_command(host['ssh'], f"sudo cp {config_file}.backup {config_file}") + if result['succeeded']: + result = run_ssh_command(host['ssh'], "sudo systemctl restart postgresql") + if result['succeeded']: + print("Restored PostgreSQL to original configuration") + else: + print("Warning: Failed to restart PostgreSQL after restoring config") + else: + print("Warning: Failed to restore PostgreSQL configuration") From 1e5713de6d32fa34cf18fb4cf655089653072468 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 19 Jun 2025 20:41:17 -0400 Subject: [PATCH 15/17] test: reduce log access time --- testinfra/test_ami_nix.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py index 3f454c7c3..72cfeb603 100644 --- a/testinfra/test_ami_nix.py +++ b/testinfra/test_ami_nix.py @@ -668,7 +668,7 @@ def test_postgrest_read_only_session_attrs(host): result = run_ssh_command(host['ssh'], "sudo systemctl is-active postgrest") if not (result['succeeded'] and result['stdout'].strip() == 'active'): # If PostgREST failed to start, check the logs to see why - log_result = run_ssh_command(host['ssh'], "sudo journalctl -u postgrest --since '5 minutes ago' --no-pager") + log_result = run_ssh_command(host['ssh'], "sudo journalctl -u postgrest --since '5 seconds ago' --no-pager") print(f"PostgREST failed to start. Recent logs:\n{log_result['stdout']}") assert False, "PostgREST failed to start after config change" @@ -684,7 +684,7 @@ def test_postgrest_read_only_session_attrs(host): print(f"Test request failed: {str(e)}") # Check PostgREST logs for "session is not read-only" errors - result = run_ssh_command(host['ssh'], "sudo journalctl -u postgrest --since '5 minutes ago' | grep -i 'session is not read-only' || true") + result = run_ssh_command(host['ssh'], "sudo journalctl -u postgrest --since '5 seconds ago' | grep -i 'session is not read-only' || true") if result['stdout'].strip(): print(f"\nFound 'session is not read-only' errors in PostgREST logs:\n{result['stdout']}") From 1c0b642f6a2ac3175267bfbac9afaed68fc6d25b Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 19 Jun 2025 20:53:59 -0400 Subject: [PATCH 16/17] test: make sure to fail if version wrong --- testinfra/test_ami_nix.py | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py index 72cfeb603..864ab2861 100644 --- a/testinfra/test_ami_nix.py +++ b/testinfra/test_ami_nix.py @@ -540,11 +540,20 @@ def test_postgresql_version(host): def test_libpq5_version(host): - """Print the libpq5 version installed.""" + """Print the libpq5 version installed and ensure it's >= 14.""" # Try different package managers to find libpq5 result = run_ssh_command(host['ssh'], "dpkg -l | grep libpq5 || true") if result['succeeded'] and result['stdout'].strip(): print(f"\nlibpq5 package info:\n{result['stdout']}") + # Extract version from dpkg output (format: ii libpq5:arm64 17.5-1.pgdg20.04+1) + import re + version_match = re.search(r'libpq5[^ ]* +(\d+)\.', result['stdout']) + if version_match: + major_version = int(version_match.group(1)) + print(f"libpq5 major version: {major_version}") + assert major_version >= 14, f"libpq5 version {major_version} is less than 14" + else: + print("Could not parse libpq5 version from dpkg output") else: print("\nlibpq5 not found via dpkg") @@ -562,8 +571,21 @@ def test_libpq5_version(host): else: print("\nCould not find libpq dependency for psql") - # This test always passes, it's just for informational purposes - assert True + # Try to get version from libpq directly + result = run_ssh_command(host['ssh'], "psql --version 2>&1 | head -1") + if result['succeeded'] and result['stdout'].strip(): + print(f"\npsql version output: {result['stdout'].strip()}") + # The psql version should match the libpq version + import re + version_match = re.search(r'psql \(PostgreSQL\) (\d+)\.', result['stdout']) + if version_match: + major_version = int(version_match.group(1)) + print(f"psql/libpq major version: {major_version}") + assert major_version >= 14, f"psql/libpq version {major_version} is less than 14" + else: + print("Could not parse psql version") + + print("✓ libpq5 version is >= 14") def test_postgrest_read_only_session_attrs(host): From e4471a56aeae1abe50c621fee25c81e2cb32805e Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Mon, 23 Jun 2025 14:19:32 -0400 Subject: [PATCH 17/17] chore: bump vars --- ansible/vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index f3a124e27..f23aaf2ab 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -9,9 +9,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.0.1.094-orioledb-libpq-1" - postgres17: "17.4.1.044-libpq-1" - postgres15: "15.8.1.101-libpq-1" + postgresorioledb-17: "17.0.1.094-orioledb" + postgres17: "17.4.1.044" + postgres15: "15.8.1.101" # Non Postgres Extensions pgbouncer_release: "1.19.0"