From 2cc60301ba7758b0c46c0339f302d42fb2a10fa9 Mon Sep 17 00:00:00 2001 From: Jason Montleon Date: Tue, 2 Apr 2024 19:34:14 -0400 Subject: [PATCH] :sparkles: Upgrade keycloak postgresql to version 15 Signed-off-by: Jason Montleon --- .github/workflows/create-release.yml | 2 +- Dockerfile | 6 ++ ...nveyor-operator.clusterserviceversion.yaml | 4 +- helm/values.yaml | 2 +- roles/tackle/defaults/main.yml | 3 +- roles/tackle/tasks/main.yml | 64 +++++++++++++++++-- .../deployment-keycloak-postgresql.yml.j2 | 5 +- ...rvice-keycloak-postgresql-migration.yml.j2 | 21 ++++++ .../service-keycloak-postgresql.yml.j2 | 1 + 9 files changed, 97 insertions(+), 11 deletions(-) create mode 100644 roles/tackle/templates/service-keycloak-postgresql-migration.yml.j2 diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index f32754f6..ffcb9353 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -205,7 +205,7 @@ jobs: addon_analyzer: quay.io/konveyor/tackle2-addon-analyzer:${{ inputs.version }} # The ones we don't own oauth_proxy: quay.io/konveyor/origin-oauth-proxy:${{ inputs.version }} - tackle_postgres: quay.io/konveyor/postgresql-12-centos7:${{ inputs.version }} + tackle_postgres: quay.io/konveyor/postgresql-15-c9s:${{ inputs.version }} keycloak_sso: quay.io/konveyor/keycloak:${{ inputs.version }} # Bundle specific args version: ${{ inputs.version }} diff --git a/Dockerfile b/Dockerfile index 59c79130..52c69f60 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,6 +5,12 @@ USER 0 COPY tools/upgrades/migrate-pathfinder-assessments.py /usr/local/bin/migrate-pathfinder-assessments.py COPY tools/upgrades/jwt.sh /usr/local/bin/jwt.sh RUN dnf -y install openssl && dnf clean all +RUN echo -e "[centos8-appstream]" \ + "\nname = centos8-appstream" \ + "\nbaseurl = http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/" \ + "\nenabled = 1" \ + "\ngpgcheck = 0" > /etc/yum.repos.d/centos.repo +RUN dnf -y module enable postgresql:15 && dnf -y install postgresql && dnf clean all USER 1001 COPY requirements.yml ${HOME}/requirements.yml diff --git a/bundle/manifests/konveyor-operator.clusterserviceversion.yaml b/bundle/manifests/konveyor-operator.clusterserviceversion.yaml index 14176864..e3f55cf4 100644 --- a/bundle/manifests/konveyor-operator.clusterserviceversion.yaml +++ b/bundle/manifests/konveyor-operator.clusterserviceversion.yaml @@ -169,7 +169,7 @@ spec: - name: RELATED_IMAGE_TACKLE_HUB value: quay.io/konveyor/tackle2-hub:latest - name: RELATED_IMAGE_TACKLE_POSTGRES - value: quay.io/centos7/postgresql-12-centos7:centos7 + value: quay.io/sclorg/postgresql-15-c9s:latest - name: RELATED_IMAGE_KEYCLOAK_SSO value: quay.io/keycloak/keycloak:18.0.2-legacy - name: RELATED_IMAGE_KEYCLOAK_INIT @@ -354,7 +354,7 @@ spec: name: oauth-proxy - image: quay.io/konveyor/tackle2-hub:latest name: tackle-hub - - image: quay.io/centos7/postgresql-12-centos7:centos7 + - image: quay.io/sclorg/postgresql-15-c9s:latest name: tackle-postgres - image: quay.io/keycloak/keycloak:18.0.2-legacy name: keycloak-sso diff --git a/helm/values.yaml b/helm/values.yaml index 2f22dd40..c6cba9b0 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -14,7 +14,7 @@ images: operator: quay.io/konveyor/tackle2-operator:latest oauth_proxy: quay.io/openshift/origin-oauth-proxy:latest tackle_hub: quay.io/konveyor/tackle2-hub:latest - tackle_postgres: quay.io/centos7/postgresql-12-centos7:centos7 + tackle_postgres: quay.io/sclorg/postgresql-15-c9s:latest keycloak_sso: quay.io/keycloak/keycloak:18.0.2-legacy keycloak_init: quay.io/konveyor/tackle-keycloak-init:latest tackle_ui: quay.io/konveyor/tackle2-ui:latest diff --git a/roles/tackle/defaults/main.yml b/roles/tackle/defaults/main.yml index 06cbc0d8..987bc6cf 100644 --- a/roles/tackle/defaults/main.yml +++ b/roles/tackle/defaults/main.yml @@ -81,9 +81,10 @@ keycloak_database_container_requests_memory: "350Mi" keycloak_database_data_volume_name: "{{ keycloak_database_service_name }}-database" keycloak_database_data_volume_size: "1Gi" keycloak_database_data_volume_path: "/var/lib/pgsql" -keycloak_database_data_volume_claim_name: "{{ keycloak_database_service_name }}-volume-claim" +keycloak_database_data_volume_claim_name: "{{ keycloak_database_service_name }}-{{ keycloak_database_db_version }}-volume-claim" keycloak_database_db_name: "keycloak_db" keycloak_database_db_name_b64: "{{ keycloak_database_db_name | b64encode }}" +keycloak_database_db_version: "15" keycloak_sso_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_KEYCLOAK_SSO') }}" keycloak_init_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_KEYCLOAK_INIT') }}" diff --git a/roles/tackle/tasks/main.yml b/roles/tackle/tasks/main.yml index b0b4d762..84eef71f 100644 --- a/roles/tackle/tasks/main.yml +++ b/roles/tackle/tasks/main.yml @@ -130,11 +130,6 @@ name: "{{ keycloak_database_service_name }}" namespace: "{{ app_namespace }}" - - name: "Setup Keycloak PostgreSQL Service" - k8s: - state: present - definition: "{{ lookup('template', 'service-keycloak-postgresql.yml.j2') }}" - - name: "Setup Keycloak PostgreSQL Deployment" k8s: state: present @@ -153,6 +148,65 @@ status: "True" wait_timeout: 240 + - name: "Check for old postgresql version deployment" + k8s_info: + api_version: v1 + kind: Deployment + name: "{{ keycloak_database_service_name }}" + namespace: "{{ app_namespace }}" + register: pgsql_old_deployment + + - when: ( pgsql_old_deployment.resources | length ) > 0 + block: + - name: Set up the temporary migration service + k8s: + state: present + definition: "{{ lookup('template', 'service-keycloak-postgresql-migration.yml.j2') }}" + + - name: Get the keycloak DB secret + k8s_info: + api_version: v1 + kind: Secret + name: "tackle-keycloak-postgresql" + namespace: "konveyor-tackle" + register: pgsql_secret + + - name: Set the keycloak DB credentials + set_fact: + dbm_user: "{{ pgsql_secret.resources[0].data['database-user'] | b64decode }}" + dbm_pass: "{{ pgsql_secret.resources[0].data['database-password'] | b64decode }}" + + - name: Perform the DB upgrade + shell: | + set -o pipefail + sleep 10 # give the service a few seconds to be available + pg_dump postgresql://{{ dbm_user }}:{{ dbm_pass }}@{{ keycloak_database_service_k8s_resource_name }}/{{ keycloak_database_db_name }} | psql postgresql://{{ dbm_user }}:{{ dbm_pass }}@{{ keycloak_database_service_k8s_resource_name }}-migration/{{ keycloak_database_db_name }} + changed_when: false + + - name: Remove the temporary migration service + k8s: + state: absent + definition: "{{ lookup('template', 'service-keycloak-postgresql-migration.yml.j2') }}" + + - name: Remove the old deployment + k8s: + state: absent + api_version: v1 + kind: Deployment + name: "{{ keycloak_database_service_name }}" + namespace: "{{ app_namespace }}" + + - name: Remove the service so it can be recreated + k8s: + state: absent + definition: "{{ lookup('template', 'service-keycloak-postgresql.yml.j2') }}" + + + - name: "Setup Keycloak PostgreSQL Service" + k8s: + state: present + definition: "{{ lookup('template', 'service-keycloak-postgresql.yml.j2') }}" + - name: "Check if Keycloak SSO Secret exists already so we don't update it" k8s_info: api_version: v1 diff --git a/roles/tackle/templates/deployment-keycloak-postgresql.yml.j2 b/roles/tackle/templates/deployment-keycloak-postgresql.yml.j2 index af3c9e40..42526f76 100644 --- a/roles/tackle/templates/deployment-keycloak-postgresql.yml.j2 +++ b/roles/tackle/templates/deployment-keycloak-postgresql.yml.j2 @@ -2,12 +2,13 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ keycloak_database_deployment_name }} + name: {{ keycloak_database_deployment_name }}-{{ keycloak_database_db_version }} namespace: {{ app_namespace }} labels: app.kubernetes.io/name: {{ keycloak_database_service_name }} app.kubernetes.io/component: {{ keycloak_database_component_name }} app.kubernetes.io/part-of: {{ app_name }} + version: "{{ keycloak_database_db_version }}" spec: replicas: {{ keycloak_database_deployment_replicas }} selector: @@ -15,6 +16,7 @@ spec: app.kubernetes.io/name: {{ keycloak_database_service_name }} app.kubernetes.io/component: {{ keycloak_database_component_name }} app.kubernetes.io/part-of: {{ app_name }} + version: "{{ keycloak_database_db_version }}" {% if keycloak_database_deployment_strategy == 'Recreate' %} strategy: type: {{ keycloak_database_deployment_strategy }} @@ -27,6 +29,7 @@ spec: app.kubernetes.io/part-of: {{ app_name }} app: {{ app_name }} role: {{ keycloak_database_service_name }} + version: "{{ keycloak_database_db_version }}" spec: containers: - name: {{ keycloak_database_container_name }} diff --git a/roles/tackle/templates/service-keycloak-postgresql-migration.yml.j2 b/roles/tackle/templates/service-keycloak-postgresql-migration.yml.j2 new file mode 100644 index 00000000..25a184ca --- /dev/null +++ b/roles/tackle/templates/service-keycloak-postgresql-migration.yml.j2 @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: {{ keycloak_database_service_name }} + app.kubernetes.io/component: {{ keycloak_database_component_name }} + app.kubernetes.io/part-of: {{ app_name }} + name: {{ keycloak_database_service_k8s_resource_name }}-migration + namespace: {{ app_namespace }} +spec: + ports: + - name: postgres + port: 5432 + targetPort: 5432 + protocol: TCP + selector: + app.kubernetes.io/name: {{ keycloak_database_service_name }} + app.kubernetes.io/component: {{ keycloak_database_component_name }} + app.kubernetes.io/part-of: {{ app_name }} + version: "{{ keycloak_database_db_version }}" diff --git a/roles/tackle/templates/service-keycloak-postgresql.yml.j2 b/roles/tackle/templates/service-keycloak-postgresql.yml.j2 index 081aa13c..081e1e2e 100644 --- a/roles/tackle/templates/service-keycloak-postgresql.yml.j2 +++ b/roles/tackle/templates/service-keycloak-postgresql.yml.j2 @@ -18,3 +18,4 @@ spec: app.kubernetes.io/name: {{ keycloak_database_service_name }} app.kubernetes.io/component: {{ keycloak_database_component_name }} app.kubernetes.io/part-of: {{ app_name }} + version: "{{ keycloak_database_db_version }}"