✨ Upgrade keycloak postgresql to version 15

Signed-off-by: Jason Montleon <jmontleo@redhat.com>
konveyor · Apr 2, 2024 · 897521b · 897521b
1 parent fec89dc
commit 897521b
Show file tree

Hide file tree

Showing 7 changed files with 93 additions and 8 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -5,6 +5,12 @@ USER 0
 COPY tools/upgrades/migrate-pathfinder-assessments.py /usr/local/bin/migrate-pathfinder-assessments.py
 COPY tools/upgrades/jwt.sh /usr/local/bin/jwt.sh
 RUN dnf -y install openssl && dnf clean all
+RUN echo -e "[centos8-appstream]" \
+ "\nname = centos8-appstream" \
+ "\nbaseurl = http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/" \
+ "\nenabled = 1" \
+ "\ngpgcheck = 0" > /etc/yum.repos.d/centos.repo
+RUN dnf -y module enable postgresql:15 && dnf -y install postgresql && dnf clean all
 USER 1001
 
 COPY requirements.yml ${HOME}/requirements.yml

diff --git a/bundle/manifests/konveyor-operator.clusterserviceversion.yaml b/bundle/manifests/konveyor-operator.clusterserviceversion.yaml
@@ -169,7 +169,7 @@ spec:
                 - name: RELATED_IMAGE_TACKLE_HUB
                   value: quay.io/konveyor/tackle2-hub:latest
                 - name: RELATED_IMAGE_TACKLE_POSTGRES
-                  value: quay.io/centos7/postgresql-12-centos7:centos7
+                  value: quay.io/sclorg/postgresql-15-c9s:latest
                 - name: RELATED_IMAGE_KEYCLOAK_SSO
                   value: quay.io/keycloak/keycloak:18.0.2-legacy
                 - name: RELATED_IMAGE_KEYCLOAK_INIT

diff --git a/roles/tackle/defaults/main.yml b/roles/tackle/defaults/main.yml
@@ -81,9 +81,10 @@ keycloak_database_container_requests_memory: "350Mi"
 keycloak_database_data_volume_name: "{{ keycloak_database_service_name }}-database"
 keycloak_database_data_volume_size: "1Gi"
 keycloak_database_data_volume_path: "/var/lib/pgsql"
-keycloak_database_data_volume_claim_name: "{{ keycloak_database_service_name }}-volume-claim"
+keycloak_database_data_volume_claim_name: "{{ keycloak_database_service_name }}-{{ keycloak_database_db_version }}-volume-claim"
 keycloak_database_db_name: "keycloak_db"
 keycloak_database_db_name_b64: "{{ keycloak_database_db_name | b64encode }}"
+keycloak_database_db_version: "15"
 
 keycloak_sso_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_KEYCLOAK_SSO') }}"
 keycloak_init_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_KEYCLOAK_INIT') }}"

diff --git a/roles/tackle/tasks/main.yml b/roles/tackle/tasks/main.yml
@@ -130,11 +130,6 @@
         name: "{{ keycloak_database_service_name }}"
         namespace: "{{ app_namespace }}"
 
-    - name: "Setup Keycloak PostgreSQL Service"
-      k8s:
-        state: present
-        definition: "{{ lookup('template', 'service-keycloak-postgresql.yml.j2') }}"
-
     - name: "Setup Keycloak PostgreSQL Deployment"
       k8s:
         state: present
@@ -153,6 +148,64 @@
           status: "True"
         wait_timeout: 240
 
+    - name: "Check for old postgresql version deployment"
+      k8s_info:
+        api_version: v1
+        kind: Deployment
+        name: "{{ keycloak_database_service_name }}"
+        namespace: "{{ app_namespace }}"
+      register: pgsql_old_deployment
+
+    - when: ( pgsql_old_deployment.resources | length ) > 0
+      block:
+      - name: Set up the temporary migration service
+        k8s:
+          state: present
+          definition: "{{ lookup('template', 'service-keycloak-postgresql-migration.yml.j2') }}"
+
+      - name: Get the keycloak DB secret
+        k8s_info:
+          api_version: v1
+          kind: Secret
+          name: "tackle-keycloak-postgresql"
+          namespace: "konveyor-tackle"
+        register: pgsql_secret
+
+      - name: Set the keycloak DB credentials
+        set_fact:
+          dbm_user: "{{ pgsql_secret.resources[0].data['database-user'] | b64decode }}"
+          dbm_pass: "{{ pgsql_secret.resources[0].data['database-password'] | b64decode }}"
+
+      - name: Perform the DB upgrade
+        shell: |
+               set -o pipefail
+               pg_dump postgresql://{{ dbm_user }}:{{ dbm_pass }}@{{ keycloak_database_service_k8s_resource_name }}/{{ keycloak_database_db_name }}  | psql postgresql://{{ dbm_user }}:{{ dbm_pass }}@{{ keycloak_database_service_k8s_resource_name }}-migration/{{ keycloak_database_db_name }}
+        changed_when: false
+
+      - name: Remove the temporary migration service
+        k8s:
+          state: absent
+          definition: "{{ lookup('template', 'service-keycloak-postgresql-migration.yml.j2') }}"
+
+      - name: Remove the old deployment
+        k8s:
+          state: absent
+          api_version: v1
+          kind: Deployment
+          name: "{{ keycloak_database_service_name }}"
+          namespace: "{{ app_namespace }}"
+
+      - name: Remove the service so it can be recreated
+        k8s:
+          state: absent
+          definition: "{{ lookup('template', 'service-keycloak-postgresql.yml.j2') }}"
+
+
+    - name: "Setup Keycloak PostgreSQL Service"
+      k8s:
+        state: present
+        definition: "{{ lookup('template', 'service-keycloak-postgresql.yml.j2') }}"
+
     - name: "Check if Keycloak SSO Secret exists already so we don't update it"
       k8s_info:
         api_version: v1

diff --git a/roles/tackle/templates/deployment-keycloak-postgresql.yml.j2 b/roles/tackle/templates/deployment-keycloak-postgresql.yml.j2
@@ -2,19 +2,21 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ keycloak_database_deployment_name }}
+  name: {{ keycloak_database_deployment_name }}-{{ keycloak_database_db_version }}
   namespace: {{ app_namespace }}
   labels:
     app.kubernetes.io/name: {{ keycloak_database_service_name }}
     app.kubernetes.io/component: {{ keycloak_database_component_name }}
     app.kubernetes.io/part-of: {{ app_name }}
+    version: "{{ keycloak_database_db_version }}"
 spec:
   replicas: {{ keycloak_database_deployment_replicas }}
   selector:
     matchLabels:
       app.kubernetes.io/name: {{ keycloak_database_service_name }}
       app.kubernetes.io/component: {{ keycloak_database_component_name }}
       app.kubernetes.io/part-of: {{ app_name }}
+      version: "{{ keycloak_database_db_version }}"
 {% if keycloak_database_deployment_strategy == 'Recreate' %}
   strategy:
     type: {{ keycloak_database_deployment_strategy }}
@@ -27,6 +29,7 @@ spec:
         app.kubernetes.io/part-of: {{ app_name }}
         app: {{ app_name }}
         role: {{ keycloak_database_service_name }}
+        version: "{{ keycloak_database_db_version }}"
     spec:
       containers:
         - name: {{ keycloak_database_container_name }}

diff --git a/roles/tackle/templates/service-keycloak-postgresql-migration.yml.j2 b/roles/tackle/templates/service-keycloak-postgresql-migration.yml.j2
@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ keycloak_database_service_name }}
+    app.kubernetes.io/component: {{ keycloak_database_component_name }}
+    app.kubernetes.io/part-of: {{ app_name }}
+  name: {{ keycloak_database_service_k8s_resource_name }}-migration
+  namespace: {{ app_namespace }}
+spec:
+  ports:
+    - name: postgres
+      port: 5432
+      targetPort: 5432
+      protocol: TCP
+  selector:
+    app.kubernetes.io/name: {{ keycloak_database_service_name }}
+    app.kubernetes.io/component: {{ keycloak_database_component_name }}
+    app.kubernetes.io/part-of: {{ app_name }}
+    version: "{{ keycloak_database_db_version }}"
diff --git a/roles/tackle/templates/service-keycloak-postgresql.yml.j2 b/roles/tackle/templates/service-keycloak-postgresql.yml.j2
@@ -18,3 +18,4 @@ spec:
     app.kubernetes.io/name: {{ keycloak_database_service_name }}
     app.kubernetes.io/component: {{ keycloak_database_component_name }}
     app.kubernetes.io/part-of: {{ app_name }}
+    version: "{{ keycloak_database_db_version }}"