From 57f5ee253167811d5fa649ec2dd31d4212e09891 Mon Sep 17 00:00:00 2001 From: notplants <@notplants> Date: Tue, 16 Jun 2026 17:59:26 +0000 Subject: [PATCH] fix(db): run pg_upgrade as the old cluster's real install user pg_upgrade must run as the old cluster's bootstrap superuser (oid 10), and the new cluster must be initialised with that same user, otherwise it fails the "database user is the install user" consistency check. The install user is not necessarily $POSTGRES_USER: clusters created with the default "postgres" superuser plus a separate app role (e.g. discourse) are common. Detect it from the old cluster by briefly starting it and reading pg_roles (oid = 10) as the known app role, then use it for both the new cluster's initdb and the pg_upgrade -U argument. --- entrypoint.postgres.sh.tmpl | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/entrypoint.postgres.sh.tmpl b/entrypoint.postgres.sh.tmpl index 8174cda..cbd032b 100644 --- a/entrypoint.postgres.sh.tmpl +++ b/entrypoint.postgres.sh.tmpl @@ -30,16 +30,29 @@ if [ -f $PGDATA/PG_VERSION ]; then apt-get update && apt-get install -y --no-install-recommends \ postgresql-$DATA_VERSION \ && rm -rf /var/lib/apt/lists/* + # pg_upgrade must run as the old cluster's bootstrap superuser (the "install + # user", oid 10), and the new cluster must be initialised with that same + # user. It is not necessarily $POSTGRES_USER (e.g. clusters created with the + # default "postgres" superuser and a separate app role), so read it from the + # old cluster: briefly start it and ask, connecting as the app role we know. + PGBIN=/usr/lib/postgresql/$DATA_VERSION/bin + gosu postgres $PGBIN/pg_ctl -D $PGDATA -w \ + -o "-c listen_addresses= -c unix_socket_directories=/tmp" start + INSTALL_USER=$(gosu postgres psql -h /tmp -U "$POSTGRES_USER" -d postgres -tAc \ + "select rolname from pg_roles where oid = 10") + gosu postgres $PGBIN/pg_ctl -D $PGDATA -w stop + echo "old cluster install user: $INSTALL_USER" echo "shuffling around" gosu postgres mkdir $OLDDATA $NEWDATA chmod 700 $OLDDATA $NEWDATA mv $PGDATA/* $OLDDATA/ || true echo "running initdb" - # abuse entrypoint script for initdb by making server error out - gosu postgres bash -c "export PGDATA=$NEWDATA ; /usr/local/bin/docker-entrypoint.sh --invalid-arg || true" + # abuse entrypoint script for initdb by making server error out; initialise + # the new cluster with the same superuser as the old one so pg_upgrade matches + gosu postgres bash -c "export PGDATA=$NEWDATA POSTGRES_USER=$INSTALL_USER ; /usr/local/bin/docker-entrypoint.sh --invalid-arg || true" echo "running pg_upgrade" cd /tmp - gosu postgres pg_upgrade --link -b /usr/lib/postgresql/$DATA_VERSION/bin -d $OLDDATA -D $NEWDATA -U $POSTGRES_USER + gosu postgres pg_upgrade --link -b /usr/lib/postgresql/$DATA_VERSION/bin -d $OLDDATA -D $NEWDATA -U $INSTALL_USER cp $OLDDATA/pg_hba.conf $NEWDATA/ mv $NEWDATA/* $PGDATA rm -rf $OLDDATA