feat(db): switch to discourse/postgres image with install-user + checksum adapter
All checks were successful
cc-ci/testme cc-ci: success
All checks were successful
cc-ci/testme cc-ci: success
Replace the bitnami-era pgvector:pg17 db + hand-rolled pg_upgrade entrypoint with discourse/postgres:pg18 (pgvector + discourse's auto-upgrade layer, as suggested on coop-cloud/discourse#16). The image does the heavy lifting (installs old binaries, runs pg_upgrade into the versioned PGDATA); a thin cc-db-entrypoint.sh wrapper fills the two gaps it leaves: - secrets: inject DB_PASSWORD/POSTGRES_PASSWORD from the docker secret (the image reads them from env, no *_FILE support); - install user: detect the old cluster's bootstrap superuser (oid 10) and export POSTGRES_USER so pg_upgrade + the new cluster's initdb match it. Real deployments differ (bitnami-origin clusters install as 'postgres' + a 'discourse' app role; others as 'discourse'). The image hardcodes --username=$POSTGRES_USER and never detects this, so the adapter is required; - checksums: pg18's initdb enables data checksums by default but pg13-17 clusters here have them off, and pg_upgrade requires a match -> initdb the new cluster with --no-data-checksums unless the old one reports them on. Other changes: - mount postgresql_data at /var/lib/postgresql (versioned PGDATA .../18/docker) - pg_backup.sh: detect the superuser at runtime; fix paths for the new layout - bump DB_ENTRYPOINT_VERSION v6, PG_BACKUP_VERSION v3 (immutable swarm configs) - drop entrypoint.postgres.sh.tmpl Verified on cctest: upgrade from an existing pg17 cluster (install user 'postgres') -> pg18, all data preserved, serves over HTTPS via Traefik.
This commit is contained in:
notplants
notplants
11
README.md
11
README.md
@ -43,6 +43,17 @@ override) so it works behind the reverse proxy.
|
||||
abra app run YOURAPPDOMAIN app discourse admin create
|
||||
```
|
||||
|
||||
## Postgres major version upgrades
|
||||
|
||||
Handled automatically by the [`discourse/postgres`] image (pgvector + an
|
||||
auto-upgrade layer). On deploy it finds an older cluster, installs the old
|
||||
binaries and runs `pg_upgrade` into the new versioned data directory. The recipe
|
||||
adds a small entrypoint wrapper that injects the password secret and detects the
|
||||
old cluster's real install superuser (oid 10), so the upgrade works whether that
|
||||
user is `postgres` or `discourse`. No manual dump/restore needed.
|
||||
|
||||
[`discourse/postgres`]: https://github.com/discourse/discourse-postgres
|
||||
|
||||
## Migrating from the previous (bitnami) recipe
|
||||
|
||||
The official image stores uploads under `/shared` rather than bitnami's
|
||||
|
||||
Reference in New Issue
Block a user