Upgrade to postgres 10.6

- use awx-python in shebang in dev env
  - scl enable where needed for rhel7 & container installs
  - use scram-sha-256 pg user hashing by default
  - ensure psycopg2 is using the correct PG_CONFIG at build time for the right libpq version

installer/roles/image_build/files/launch_awx.sh

@@ -10,7 +10,8 @@ source /etc/tower/conf.d/environment.sh
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$MEMCACHED_HOST port=$MEMCACHED_PORT" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$RABBITMQ_HOST port=$RABBITMQ_PORT" all
-ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m postgresql_db --become-user $DATABASE_USER -a "name=$DATABASE_NAME owner=$DATABASE_USER login_user=$DATABASE_USER login_host=$DATABASE_HOST login_password=$DATABASE_PASSWORD port=$DATABASE_PORT" all
+ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m postgresql_user --become-user postgres -a "name=$DATABASE_NAME password=$DATABASE_PASSWORD encrypted=yes login_user=postgres login_password=$DATABASE_ADMIN_PASSWORD login_host=postgres" all
+ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m postgresql_db --become-user postgres -a "name=$DATABASE_NAME owner=$DATABASE_USER login_user=postgres login_host=$DATABASE_HOST login_password=$DATABASE_ADMIN_PASSWORD port=$DATABASE_PORT" all
 
 awx-manage collectstatic --noinput --clear
 

installer/roles/image_build/files/launch_awx_task.sh

@@ -10,7 +10,7 @@ source /etc/tower/conf.d/environment.sh
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$MEMCACHED_HOST port=$MEMCACHED_PORT" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$RABBITMQ_HOST port=$RABBITMQ_PORT" all
-ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m postgresql_db --become-user $DATABASE_USER -a "name=$DATABASE_NAME owner=$DATABASE_USER login_user=$DATABASE_USER login_host=$DATABASE_HOST login_password=$DATABASE_PASSWORD port=$DATABASE_PORT" all
+ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m postgresql_db --become-user postgres -a "name=$DATABASE_NAME owner=$DATABASE_USER login_user=$DATABASE_USER login_host=$DATABASE_HOST login_password=$DATABASE_ADMIN_PASSWORD port=$DATABASE_PORT" all
 
 if [ -z "$AWX_SKIP_MIGRATIONS" ]; then
     awx-manage migrate --noinput

installer/roles/image_build/files/supervisor.conf

@@ -13,7 +13,7 @@ stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 
 [program:uwsgi]
-command = /var/lib/awx/venv/awx/bin/uwsgi --socket 127.0.0.1:8050 --module=awx.wsgi:application --vacuum --processes=5 --harakiri=120 --no-orphans --master --max-requests=1000 --master-fifo=/var/lib/awx/awxfifo --lazy-apps -b 32768
+command = /usr/bin/scl enable rh-postgresql10 '/var/lib/awx/venv/awx/bin/uwsgi --socket 127.0.0.1:8050 --module=awx.wsgi:application --vacuum --processes=5 --harakiri=120 --no-orphans --master --max-requests=1000 --master-fifo=/var/lib/awx/awxfifo --lazy-apps -b 32768'
 directory = /var/lib/awx
 autostart = true
 autorestart = true
@@ -25,7 +25,7 @@ stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 
 [program:daphne]
-command = /var/lib/awx/venv/awx/bin/daphne -b 127.0.0.1 -p 8051 --websocket_timeout -1 awx.asgi:channel_layer
+command = /usr/bin/scl enable rh-postgresql10 '/var/lib/awx/venv/awx/bin/daphne -b 127.0.0.1 -p 8051 --websocket_timeout -1 awx.asgi:channel_layer'
 directory = /var/lib/awx
 autostart = true
 autorestart = true

installer/roles/image_build/templates/Dockerfile.j2

@@ -5,7 +5,12 @@ USER root
 ADD ansible.repo /etc/yum.repos.d/ansible.repo
 ADD RPM-GPG-KEY-ansible-release /etc/pki/rpm-gpg/RPM-GPG-KEY-ansible-release
 
-RUN yum -y update && yum -y install epel-release && yum -y install https://centos7.iuscommunity.org/ius-release.rpm
+
+# add rhscl repo for rh-postgresql-devel
+RUN yum -y install centos-release-scl 
+RUN yum-config-manager --enable rhel-server-rhscl-7-rpms
+
+RUN yum -y update && yum -y install epel-release && yum -y install https://centos7.iuscommunity.org/ius-release.rpm 
 
 # sync with tools/docker-compose/Dockerfile
 RUN yum -y install acl \
@@ -35,7 +40,10 @@ RUN yum -y install acl \
   nodejs \
   openldap-devel \
   openssh-server \
-  postgresql-devel \
+  rh-postgresql10-postgresql-devel \
+  rh-postgresql10-postgresql-server-syspaths \
+  scl-utils-build \
+  scl-utils \
   python-devel \
   python-pip \
   python-psutil \
@@ -63,6 +71,8 @@ RUN chmod +x /tini
 RUN python3 -m ensurepip && pip3 install virtualenv
 RUN pip install supervisor
 
+RUN find / -name pg_config
+
 ADD Makefile /tmp/Makefile
 RUN mkdir /tmp/requirements
 ADD requirements/requirements_ansible.txt \
@@ -72,7 +82,7 @@ ADD requirements/requirements_ansible.txt \
     requirements/requirements_tower_uninstall.txt \
     requirements/requirements_git.txt \
     /tmp/requirements/
-RUN cd /tmp && VENV_BASE="/var/lib/awx/venv" make requirements
+RUN scl enable rh-postgresql10 """cd /tmp && VENV_BASE="/var/lib/awx/venv" make requirements"""
 
 RUN yum -y remove cyrus-sasl-devel \
   gcc \
@@ -82,13 +92,16 @@ RUN yum -y remove cyrus-sasl-devel \
   libxml2-devel \
   libxslt-devel \
   openldap-devel \
-  postgresql-devel \
+  rh-postgresql10-postgresql-devel \
   python-devel \
   python36-devel \
   nodejs \
   xmlsec1-devel \
   xmlsec1-openssl-devel
 
+# makes postgres available for data migrations when upgrading
+RUN export PATH=/usr/pgsql-10/bin:$PATH
+
 RUN yum -y clean all
 RUN rm -rf /root/.cache