PostgreSQL 16 migration, bootstrap fixes, and Ubuntu Noble export-tuf support#5
Merged
PostgreSQL 16 migration, bootstrap fixes, and Ubuntu Noble export-tuf support#5
Conversation
added 6 commits
April 16, 2026 22:24
- Replace wal_keep_segments with wal_keep_size=2048 (removed in PG13) - Replace wal_level=hot_standby with wal_level=replica - Set password_encryption=md5 (PG16 defaults to scram-sha-256) - Replace recovery.conf with standby.signal and config-based recovery settings - Use pg_ctl promote instead of promote_trigger_file (removed in PG16) - Grant ALL ON SCHEMA public TO PUBLIC in template1 (PG15+ restriction) - Use CREATE DATABASE ... OWNER in postgres API
- Replace RETURNS OPAQUE with RETURNS trigger in 4 migration functions (OPAQUE type removed in PG16) - Skip macOS resource fork files (._*) in JSON schema loader to prevent parse errors in containers
- Store desired MAC in vxlanDevice struct - Re-apply deterministic MAC after Configure()->LinkSetUp() which resets the hardware address, causing VXLAN routing failures
- Without Update(), the TUF client has stale metadata and fails to verify downloaded layer targets
- schema_migrations CREATE TABLE failure was swallowed, causing nil pointer panics later when the table didn't exist
- Add ExtraDirs map to imageSpec for copying directories into layers (used for controller JSON schema files) - Add --package-layer-dir and PackageScript for pre-built package layers - Add --skip-base-layers to skip rebuilding base OS layers - Remap /bin/ to /usr/bin/ for Ubuntu Noble (merged /bin symlink) - Use GitHub Releases URLs for layer downloads instead of GitHub Pages - Filter macOS resource fork files (._*) from directory copies - Add isUbuntuNobleBase() detection for Noble cloud images
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR contains all fixes required to successfully bootstrap a 7-node Flynn cluster on Ubuntu 24.04 (Noble) with PostgreSQL 16. The cluster completes full bootstrap including all system services.
Changes
PostgreSQL 16 Compatibility (
postgresql)wal_keep_segmentswithwal_keep_size=2048(removed in PG13)wal_level=hot_standbywithwal_level=replicapassword_encryption=md5(PG16 defaults to scram-sha-256)recovery.confwithstandby.signaland config-based recovery settingspg_ctl promoteinstead ofpromote_trigger_file(removed in PG16)GRANT ALL ON SCHEMA public TO PUBLICin template1 (PG15+ restriction)CREATE DATABASE ... OWNERin postgres APIController Fixes (
controller)RETURNS OPAQUEwithRETURNS triggerin 4 migration functions (OPAQUE type removed in PG16)._*) in JSON schema loader to prevent container crashesFlannel VXLAN Fix (
flannel)vxlanDevicestruct and re-apply afterConfigure()→LinkSetUp()which resets the hardware address, causing VXLAN routing failuresTUF Client Fix (
host)Update()after TUF client initialization so metadata is current for layer verificationMigration Fix (
pkg/postgres)CREATE TABLEerrors inschema_migrationsinstead of silently ignoring, which caused nil pointer panicsExport-TUF Overhaul (
script/export-tuf)ExtraDirsmap for copying directories into SquashFS layers (controller JSON schemas)--package-layer-dirandPackageScriptfor pre-built package layers--skip-base-layersto skip rebuilding base OS layers/bin/to/usr/bin/for Ubuntu Noble (merged/binsymlink)._*files from directory copiesTesting
Full 7-node cluster bootstrap completes successfully with all services healthy:
discoverd, flannel, postgres (3 instances), controller, scheduler, router, blobstore, gitreceive, tarreceive, redis, mariadb, mongodb, logaggregator, taffy, status.