Add renovate.json

README.md

@@ -24,14 +24,6 @@
 5. `abra app deploy YOURAPPDOMAIN`
 6. Open the configured domain in your browser to finish set-up
 
-## Postgres upgrades
-
-The `db` service uses the
-[`pgautoupgrade`](https://github.com/pgautoupgrade/pgautoupgrade) image, so when
-the recipe bumps the Postgres major version the existing cluster is upgraded in
-place automatically on the next `deploy` — no manual migration steps. As with
-any major database upgrade, **take a backup of the `<stack_name>_db` volume
-first** (e.g. `abra app backup <domain>`).
-
 [`abra`]: https://git.coopcloud.tech/coop-cloud/abra
 [`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik
+p-cloud/traefik

abra.sh

@@ -1,3 +1,4 @@
 export CLICKHOUSE_CONF_VERSION=v2
 export CLICKHOUSE_USER_CONF_VERSION=v2
-export CLICKHOUSE_ENTRYPOINT_VERSION=v3
+export DB_ENTRYPOINT_VERSION=v1
+export CLICKHOUSE_ENTRYPOINT_VERSION=v2

compose.yml

@@ -12,7 +12,6 @@ services:
       - BASE_URL=https://$DOMAIN
       - SECRET_KEY_BASE
       - DATABASE_URL=postgres://plausible:plausible@${STACK_NAME}_db:5432/plausible
-      - CLICKHOUSE_DATABASE_URL=http://${STACK_NAME}_plausible_events_db:8123/plausible_events_db
       - SMTP_HOST_ADDR
       - MAILER_EMAIL
       - SMTP_HOST_PORT
@@ -33,24 +32,23 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - coop-cloud.${STACK_NAME}.version=4.0.0+v2.0.0
+        - coop-cloud.${STACK_NAME}.version=3.0.1+v2.0.0
   db:
-    image: pgautoupgrade/pgautoupgrade:18-alpine
+    image: postgres:13.12
+    configs:
+      - source: db_entrypoint
+        target: /docker-entrypoint.sh
+        mode: 0555
+    # Custom docker entrypoint to handle major Postgres version upgrades
     volumes:
       - db-data:/var/lib/postgresql/data
+    entrypoint: /docker-entrypoint.sh
     environment:
-      # pin legacy PGDATA so the existing cluster on the volume is upgraded in place, not re-init'd
-      - PGDATA=/var/lib/postgresql/data
       - POSTGRES_USER=plausible
       - POSTGRES_PASSWORD=plausible
       - POSTGRES_DB=plausible
     networks:
       - internal
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U plausible -d plausible"]
-      interval: 5s
-      timeout: 5s
-      retries: 60
     deploy:
       labels:
         backupbot.backup: "true"
@@ -100,6 +98,10 @@ configs:
   clickhouse-user-config:
     name: ${STACK_NAME}_clickhouse_user_config_${CLICKHOUSE_USER_CONF_VERSION}
     file: clickhouse-user-config.xml
+  db_entrypoint:
+    name: ${STACK_NAME}_db_entrypoint_${DB_ENTRYPOINT_VERSION}
+    file: entrypoint.postgres.sh.tmpl
+    template_driver: golang
   clickhouse_entrypoint:
     name: ${STACK_NAME}_clickhouse_entrypoint_${CLICKHOUSE_ENTRYPOINT_VERSION}
     file: entrypoint.clickhouse.sh

entrypoint.clickhouse.sh

@@ -1,23 +1,6 @@
 #!/bin/bash
-# clickhouse entrypoint (cc-ci Q4.7b hardening — recipe-PR for recipe-maintainers/plausible).
-#
-# clickhouse-backup is the BACKUP tool (backupbot pre/post-hooks: `clickhouse-backup create/restore`).
-# It is NOT required for clickhouse-SERVER (`/entrypoint.sh`) to run. The published recipe fetched it
-# with `set -ex` + a single silenced no-retry wget to ephemeral /tmp, so ANY transient failure of the
-# 22 MB GitHub download (rate-limit / network) exited the container BEFORE the server started → swarm
-# restarted it → re-downloaded → amplified the throttle → crash-loop → deploy timeout (cc-ci Q4.7).
-#
-# Hardening (no behaviour change when the download succeeds first try):
-#   - cache the binary on the PERSISTENT clickhouse data volume (/var/lib/clickhouse) so it is fetched
-#     at most once and reused on every container restart (no re-download amplification);
-#   - retry with backoff to ride out transient GitHub failures;
-#   - un-silenced so a failure is diagnosable in `docker service logs`.
-#
-# Policy: clickhouse-backup is REQUIRED. If it cannot be installed after all retries the entrypoint
-# aborts (non-zero exit) and the server is NOT started — we deliberately fail the deploy loudly rather
-# than come up silently without backup/restore capability.
 
-set -e
+set -ex
 
 CLICKHOUSE_BACKUP_VERSION=2.4.2
 
@@ -34,34 +17,13 @@ elif [[ $ARCH =~ "x86_64" ]]; then
   ARCH="amd64"
 fi
 
-CACHE_DIR=/var/lib/clickhouse/.ccci-bin
-CACHED="${CACHE_DIR}/clickhouse-backup"
-BIN=/usr/local/bin/clickhouse-backup
-URL="https://github.com/AlexAkulov/clickhouse-backup/releases/download/v${CLICKHOUSE_BACKUP_VERSION}/clickhouse-backup-linux-${ARCH}.tar.gz"
+wget \
+    --quiet \
+    --continue \
+    --no-clobber \
+    --output-document=/tmp/clickhouse-backup.tar.gz \
+    "https://github.com/AlexAkulov/clickhouse-backup/releases/download/v${CLICKHOUSE_BACKUP_VERSION}/clickhouse-backup-linux-${ARCH}.tar.gz" 2>/dev/null
 
-install_clickhouse_backup() {
-  mkdir -p "$CACHE_DIR"
-  if [ -x "$CACHED" ]; then
-    cp -f "$CACHED" "$BIN"
-    echo "clickhouse-backup: restored from persistent cache ($CACHED)"
-    return 0
-  fi
-  for attempt in 1 2 3 4 5; do
-    if wget --continue --output-document=/tmp/clickhouse-backup.tar.gz "$URL" \
-       && tar -xf /tmp/clickhouse-backup.tar.gz --directory=/usr/local/bin --strip-components=3; then
-      cp -f "$BIN" "$CACHED" 2>/dev/null || true
-      echo "clickhouse-backup: downloaded + cached (attempt ${attempt})"
-      return 0
-    fi
-    echo "clickhouse-backup: fetch attempt ${attempt} failed; backing off $((attempt * 10))s" >&2
-    sleep $((attempt * 10))
-  done
-  echo "clickhouse-backup: fetch FAILED after all retries — aborting; clickhouse-server will NOT start (backup tool is required)" >&2
-  return 1
-}
+tar -xf /tmp/clickhouse-backup.tar.gz --directory=/usr/local/bin --strip-components=3
 
-# Required: if the backup tool cannot be installed after retries, abort (set -e) so the deploy fails
-# loudly instead of coming up without backup/restore capability.
-install_clickhouse_backup
-
-exec /entrypoint.sh
+/entrypoint.sh

entrypoint.postgres.sh.tmpl

@@ -0,0 +1,44 @@
+#!/bin/bash
+
+set -e
+
+MIGRATION_MARKER=$PGDATA/migration_in_progress
+OLDDATA=$PGDATA/old_data
+NEWDATA=$PGDATA/new_data
+
+if [ -e $MIGRATION_MARKER ]; then
+  echo "FATAL: migration was started but did not complete in a previous run. manual recovery necessary"
+  exit 1
+fi
+
+if [ -f $PGDATA/PG_VERSION ]; then
+  DATA_VERSION=$(cat $PGDATA/PG_VERSION)
+
+  if [ -n "$DATA_VERSION" -a "$PG_MAJOR" != "$DATA_VERSION" ]; then
+    echo "postgres data version $DATA_VERSION found, but need $PG_MAJOR. Starting migration"
+    echo "Installing postgres $DATA_VERSION"
+    sed -i "s/$/ $DATA_VERSION/" /etc/apt/sources.list.d/pgdg.list
+    apt-get update && apt-get install -y --no-install-recommends \
+      postgresql-$DATA_VERSION \
+      && rm -rf /var/lib/apt/lists/*
+    echo "shuffling around"
+    gosu postgres mkdir $OLDDATA $NEWDATA
+    chmod 700 $OLDDATA $NEWDATA
+    mv $PGDATA/* $OLDDATA/ || true
+    touch $MIGRATION_MARKER
+    echo "running initdb"
+    # abuse entrypoint script for initdb by making server error out
+    gosu postgres bash -c "export PGDATA=$NEWDATA ; /usr/local/bin/docker-entrypoint.sh --invalid-arg || true"
+    echo "running pg_upgrade"
+    cd /tmp
+    gosu postgres pg_upgrade --link -b /usr/lib/postgresql/$DATA_VERSION/bin -d $OLDDATA -D $NEWDATA -U $POSTGRES_USER
+    cp $OLDDATA/pg_hba.conf $NEWDATA/
+    mv $NEWDATA/* $PGDATA
+    rm -rf $OLDDATA
+    rmdir $NEWDATA
+    rm $MIGRATION_MARKER
+    echo "migration complete"
+  fi
+fi
+
+/usr/local/bin/docker-entrypoint.sh postgres

renovate.json

@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended"
+  ]
+}