Upgrade to postgres 10.6

- use awx-python in shebang in dev env
  - scl enable where needed for rhel7 & container installs
  - use scram-sha-256 pg user hashing by default
  - ensure psycopg2 is using the correct PG_CONFIG at build time for the right libpq version

installer/inventory

@@ -84,6 +84,7 @@ pg_username=awx
 # pg_password should be random 10 character alphanumeric string, when postgresql is running on kubernetes
 # NB: it's a limitation of the "official" postgres helm chart
 pg_password=awxpass
+pg_admin_password=postgrespass
 pg_database=awx
 pg_port=5432
 #pg_sslmode=require

installer/roles/image_build/files/launch_awx.sh

@@ -10,7 +10,8 @@ source /etc/tower/conf.d/environment.sh
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$MEMCACHED_HOST port=$MEMCACHED_PORT" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$RABBITMQ_HOST port=$RABBITMQ_PORT" all
-ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m postgresql_db --become-user $DATABASE_USER -a "name=$DATABASE_NAME owner=$DATABASE_USER login_user=$DATABASE_USER login_host=$DATABASE_HOST login_password=$DATABASE_PASSWORD port=$DATABASE_PORT" all
+ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m postgresql_user --become-user postgres -a "name=$DATABASE_NAME password=$DATABASE_PASSWORD encrypted=yes login_user=postgres login_password=$DATABASE_ADMIN_PASSWORD login_host=postgres" all
+ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m postgresql_db --become-user postgres -a "name=$DATABASE_NAME owner=$DATABASE_USER login_user=postgres login_host=$DATABASE_HOST login_password=$DATABASE_ADMIN_PASSWORD port=$DATABASE_PORT" all
 
 awx-manage collectstatic --noinput --clear
 

installer/roles/image_build/files/launch_awx_task.sh

@@ -10,7 +10,7 @@ source /etc/tower/conf.d/environment.sh
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$MEMCACHED_HOST port=$MEMCACHED_PORT" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$RABBITMQ_HOST port=$RABBITMQ_PORT" all
-ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m postgresql_db --become-user $DATABASE_USER -a "name=$DATABASE_NAME owner=$DATABASE_USER login_user=$DATABASE_USER login_host=$DATABASE_HOST login_password=$DATABASE_PASSWORD port=$DATABASE_PORT" all
+ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m postgresql_db --become-user postgres -a "name=$DATABASE_NAME owner=$DATABASE_USER login_user=$DATABASE_USER login_host=$DATABASE_HOST login_password=$DATABASE_ADMIN_PASSWORD port=$DATABASE_PORT" all
 
 if [ -z "$AWX_SKIP_MIGRATIONS" ]; then
     awx-manage migrate --noinput

installer/roles/image_build/files/supervisor.conf

@@ -13,7 +13,7 @@ stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 
 [program:uwsgi]
-command = /var/lib/awx/venv/awx/bin/uwsgi --socket 127.0.0.1:8050 --module=awx.wsgi:application --vacuum --processes=5 --harakiri=120 --no-orphans --master --max-requests=1000 --master-fifo=/var/lib/awx/awxfifo --lazy-apps -b 32768
+command = /usr/bin/scl enable rh-postgresql10 '/var/lib/awx/venv/awx/bin/uwsgi --socket 127.0.0.1:8050 --module=awx.wsgi:application --vacuum --processes=5 --harakiri=120 --no-orphans --master --max-requests=1000 --master-fifo=/var/lib/awx/awxfifo --lazy-apps -b 32768'
 directory = /var/lib/awx
 autostart = true
 autorestart = true
@@ -25,7 +25,7 @@ stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 
 [program:daphne]
-command = /var/lib/awx/venv/awx/bin/daphne -b 127.0.0.1 -p 8051 --websocket_timeout -1 awx.asgi:channel_layer
+command = /usr/bin/scl enable rh-postgresql10 '/var/lib/awx/venv/awx/bin/daphne -b 127.0.0.1 -p 8051 --websocket_timeout -1 awx.asgi:channel_layer'
 directory = /var/lib/awx
 autostart = true
 autorestart = true

installer/roles/image_build/templates/Dockerfile.j2

@@ -5,7 +5,12 @@ USER root
 ADD ansible.repo /etc/yum.repos.d/ansible.repo
 ADD RPM-GPG-KEY-ansible-release /etc/pki/rpm-gpg/RPM-GPG-KEY-ansible-release
 
-RUN yum -y update && yum -y install epel-release && yum -y install https://centos7.iuscommunity.org/ius-release.rpm
+
+# add rhscl repo for rh-postgresql-devel
+RUN yum -y install centos-release-scl 
+RUN yum-config-manager --enable rhel-server-rhscl-7-rpms
+
+RUN yum -y update && yum -y install epel-release && yum -y install https://centos7.iuscommunity.org/ius-release.rpm 
 
 # sync with tools/docker-compose/Dockerfile
 RUN yum -y install acl \
@@ -35,7 +40,10 @@ RUN yum -y install acl \
   nodejs \
   openldap-devel \
   openssh-server \
-  postgresql-devel \
+  rh-postgresql10-postgresql-devel \
+  rh-postgresql10-postgresql-server-syspaths \
+  scl-utils-build \
+  scl-utils \
   python-devel \
   python-pip \
   python-psutil \
@@ -63,6 +71,8 @@ RUN chmod +x /tini
 RUN python3 -m ensurepip && pip3 install virtualenv
 RUN pip install supervisor
 
+RUN find / -name pg_config
+
 ADD Makefile /tmp/Makefile
 RUN mkdir /tmp/requirements
 ADD requirements/requirements_ansible.txt \
@@ -72,7 +82,7 @@ ADD requirements/requirements_ansible.txt \
     requirements/requirements_tower_uninstall.txt \
     requirements/requirements_git.txt \
     /tmp/requirements/
-RUN cd /tmp && VENV_BASE="/var/lib/awx/venv" make requirements
+RUN scl enable rh-postgresql10 """cd /tmp && VENV_BASE="/var/lib/awx/venv" make requirements"""
 
 RUN yum -y remove cyrus-sasl-devel \
   gcc \
@@ -82,13 +92,16 @@ RUN yum -y remove cyrus-sasl-devel \
   libxml2-devel \
   libxslt-devel \
   openldap-devel \
-  postgresql-devel \
+  rh-postgresql10-postgresql-devel \
   python-devel \
   python36-devel \
   nodejs \
   xmlsec1-devel \
   xmlsec1-openssl-devel
 
+# makes postgres available for data migrations when upgrading
+RUN export PATH=/usr/pgsql-10/bin:$PATH
+
 RUN yum -y clean all
 RUN rm -rf /root/.cache
 

installer/roles/kubernetes/tasks/main.yml

@@ -67,9 +67,9 @@
           -e POSTGRESQL_MAX_CONNECTIONS={{ pg_max_connections|default(1024) }} \
           -e POSTGRESQL_USER={{ pg_username }} \
           -e POSTGRESQL_PASSWORD={{ pg_password | quote }} \
-          -e POSTGRESQL_ADMIN_PASSWORD={{ pg_password | quote }} \
+          -e POSTGRESQL_ADMIN_PASSWORD={{ pg_admin_password | quote }} \
           -e POSTGRESQL_DATABASE={{ pg_database }} \
-          -e POSTGRESQL_VERSION=9.6 \
+          -e POSTGRESQL_VERSION=10 \
           -n {{ kubernetes_namespace }}
       register: openshift_pg_activate
       no_log: yes

installer/roles/kubernetes/templates/environment.sh.j2

@@ -2,7 +2,8 @@ DATABASE_USER={{ pg_username }}
 DATABASE_NAME={{ pg_database }}
 DATABASE_HOST={{ pg_hostname|default('postgresql') }}
 DATABASE_PORT={{ pg_port|default('5432') }}
-DATABASE_PASSWORD={{ pg_password | quote }}
+DATABASE_PASSWORD={{ pg_password|default('awxpass') }}
+DATABASE_ADMIN_PASSWORD={{ pg_admin_password|default('postgrespass') }}
 MEMCACHED_HOST={{ memcached_hostname|default('localhost') }}
 MEMCACHED_PORT={{ memcached_port|default('11211') }}
 RABBITMQ_HOST={{ rabbitmq_hostname|default('localhost') }}

installer/roles/kubernetes/templates/postgresql-persistent.yml.j2

@@ -10,11 +10,11 @@ message: |-
     Database Name: ${POSTGRESQL_DATABASE}
    Connection URL: postgresql://${DATABASE_SERVICE_NAME}:5432/
 
-  For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.
+  For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/.
 metadata:
   annotations:
     description: |-
-      PostgreSQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.
+      PostgreSQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/.
 
       NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.
     iconClass: icon-postgresql

installer/roles/local_docker/defaults/main.yml

@@ -10,7 +10,7 @@ rabbitmq_port: "5672"
 rabbitmq_user: "guest"
 rabbitmq_password: "guest"
 
-postgresql_version: "10.7"
+postgresql_version: "10"
 postgresql_image: "postgres:{{postgresql_version}}"
 
 

installer/roles/local_docker/templates/docker-compose.yml.j2

@@ -128,15 +128,16 @@ services:
 
   {% if pg_hostname is not defined %}
   postgres:
-    image: postgres:10.7
+    image: centos/postgresql-10-centos7
     container_name: awx_postgres
     restart: unless-stopped
     volumes:
       - {{ postgres_data_dir }}:/var/lib/postgresql/data:Z
     environment:
       POSTGRES_USER: {{ pg_username }}
-      POSTGRES_PASSWORD: {{ pg_password | quote }}
+      POSTGRES_PASSWORD: {{ pg_password }}
       POSTGRES_DB: {{ pg_database }}
+      POSTGRESQL_ADMIN_PASSWORD: 'postgrespass'    # TODO: Remove This
       PGDATA: /var/lib/postgresql/data/pgdata
       http_proxy: {{ http_proxy | default('') }}
       https_proxy: {{ https_proxy | default('') }}

installer/roles/local_docker/templates/environment.sh.j2

@@ -2,7 +2,8 @@ DATABASE_USER={{ pg_username }}
 DATABASE_NAME={{ pg_database }}
 DATABASE_HOST={{ pg_hostname|default('postgres') }}
 DATABASE_PORT={{ pg_port|default('5432') }}
-DATABASE_PASSWORD={{ pg_password | quote }}
+DATABASE_PASSWORD={{ pg_password|default('awxpass') }}
+DATABASE_ADMIN_PASSWORD={{ pg_admin_password|default('postgrespass') }}
 MEMCACHED_HOST={{ memcached_hostname|default('memcached') }}
 MEMCACHED_PORT={{ memcached_port|default('11211') }}
 RABBITMQ_HOST={{ rabbitmq_hostname|default('rabbitmq') }}