Skip to content

pg bouncer upgrade #1572

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
samrose wants to merge 22 commits into
base: develop
Choose a base branch
from
+89 −4
Open

pg bouncer upgrade #1572

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
e710cac
feat: upgrade pgbouncer
samrose Apr 25, 2025
862fa5e
feat: remove pgbouncer from vars.yml
samrose Apr 25, 2025
cb99c3b
chore: fix missing flag
samrose Apr 28, 2025
34d6c6e
feat: restore build-essential dep, but in nginx
samrose Apr 28, 2025
00e4594
chore: cleanup commit
samrose Apr 28, 2025
c60f817
merge with develop
encima Sep 30, 2025
ade1845
switch nix profile install to add
encima Sep 30, 2025
bbd1190
add pgbouncer to flake
encima Sep 30, 2025
046754d
remove pgbouncer tests to confirm build
encima Oct 1, 2025
78fd845
Merge branch 'develop'
encima Oct 28, 2025
d53f613
tested locally. update vars for testing pgbouncer in staging
encima Oct 30, 2025
c742baf
update pgbouncer to 1.25.1
encima Dec 4, 2025
d147824
update ansible vars
encima Dec 5, 2025
9b8d142
Merge branch 'develop' into sam/pg-bouncer-upgrade
encima Dec 5, 2025
0c4618f
add pandoc to build reqs
encima Dec 7, 2025
d4c27c1
chore: add build deps to ansible task for bouncer
encima Dec 10, 2025
d8149b9
merge with develop
encima Dec 10, 2025
918e29b
Merge branch 'develop' into sam/pg-bouncer-upgrade
encima Dec 10, 2025
312dabb
Merge branch 'develop' into sam/pg-bouncer-upgrade
encima Dec 12, 2025
2b103f3
Merge branch 'develop' into sam/pg-bouncer-upgrade
encima Dec 15, 2025
45d5dab
Merge branch 'develop' into sam/pg-bouncer-upgrade
encima Jan 21, 2026
1adddff
chore: fmt pgbouncer file
encima Jan 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ansible/playbook.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
tags:
- install-pgbouncer
- install-supabase-internal
when: debpkg_mode or nixpkg_mode
when: debpkg_mode or nixpkg_mode or stage2_nix

- name: Install WAL-G
import_tasks: tasks/setup-wal-g.yml
Expand Down
3 changes: 3 additions & 0 deletions ansible/tasks/setup-pgbouncer.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@
- libssl-dev
- libsystemd-dev
- pkg-config
- pandoc
- python3
update_cache: true

- name: PgBouncer - download latest release
Expand Down Expand Up @@ -75,6 +77,7 @@
- 'custom-overrides.ini'
- 'generated-optimizations.ini'
- 'ssl-config.ini'
when: nixpkg_mode
Copy link

@coderabbitai coderabbitai bot Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, let's find the Ansible file and examine its context
find . -name "setup-pgbouncer.yml" -type f

Repository: supabase/postgres

Length of output: 178

🏁 Script executed:

#!/bin/bash
# Check if other tasks or configurations depend on these placeholder files
rg -n "custom-overrides.ini|generated-optimizations.ini|ssl-config.ini" --type yaml -C2

Repository: supabase/postgres

Length of output: 3416

🏁 Script executed:

#!/bin/bash
# Search for where nixpkg_mode, stage2_nix, and debpkg_mode are used in Ansible tasks
rg -n "nixpkg_mode|stage2_nix|debpkg_mode" --type yaml | head -50

Repository: supabase/postgres

Length of output: 3347

🏁 Script executed:

#!/bin/bash
# Read the setup-pgbouncer.yml file to see context around line 80
wc -l ansible/tasks/setup-pgbouncer.yml

Repository: supabase/postgres

Length of output: 98

🏁 Script executed:

#!/bin/bash
# Get lines 60-90 to understand the full task context
sed -n '60,90p' ansible/tasks/setup-pgbouncer.yml

Repository: supabase/postgres

Length of output: 929

🏁 Script executed:

#!/bin/bash
# Search for other task definitions that might create these placeholder files
rg -n "name:|touch|copy|file:" ansible/tasks/setup-pgbouncer.yml | head -30

Repository: supabase/postgres

Length of output: 1118

🏁 Script executed:

#!/bin/bash
# Check if debpkg_mode tasks anywhere create these placeholder files
rg -B5 -A5 "custom-overrides.ini|generated-optimizations.ini" ansible/tasks/

Repository: supabase/postgres

Length of output: 791

🏁 Script executed:

#!/bin/bash
# Read the entire setup-pgbouncer.yml file
cat -n ansible/tasks/setup-pgbouncer.yml

Repository: supabase/postgres

Length of output: 5005

🏁 Script executed:

#!/bin/bash
# Check if these tasks that reference the placeholder files have any conditions
sed -n '95,120p' ansible/tasks/setup-pgbouncer.yml

Repository: supabase/postgres

Length of output: 822

🏁 Script executed:

#!/bin/bash
# Search for where setup-pgbouncer.yml is included in playbook.yml to see the context
rg -B2 -A2 "setup-pgbouncer" ansible/playbook.yml

Repository: supabase/postgres

Length of output: 177

🏁 Script executed:

#!/bin/bash
# Search for any alternative mechanisms that might create these files in debpkg_mode
rg -n "ssl-config.ini|custom-overrides.ini|generated-optimizations.ini" ansible/

Repository: supabase/postgres

Length of output: 922

🏁 Script executed:

#!/bin/bash
# Check what the tmpfiles.d template does - it might regenerate these files
cat -n ansible/files/pgbouncer_config/tmpfiles.d-pgbouncer.conf.j2

Repository: supabase/postgres

Length of output: 185

🏁 Script executed:

#!/bin/bash
# Check if lineinfile has a create option or if it requires the file to exist
sed -n '102,107p' ansible/tasks/setup-pgbouncer.yml

Repository: supabase/postgres

Length of output: 248

🏁 Script executed:

#!/bin/bash
# Verify the database_optimizations.service to confirm it depends on generated-optimizations.ini
cat -n ansible/files/database_optimizations.service

Repository: supabase/postgres

Length of output: 626

🏁 Script executed:

#!/bin/bash
# Check if the entire setup-pgbouncer.yml is conditionally imported or unconditionally
grep -B5 -A5 "import_tasks.*setup-pgbouncer" ansible/playbook.yml

Repository: supabase/postgres

Length of output: 354

Add build mode conditions to placeholder file creation.

The when: nixpkg_mode condition is too restrictive. Downstream tasks (line 103-106: lineinfile without create option, line 108-116: file permissions) will fail for debpkg_mode and stage2_nix builds because these placeholder files won't exist. Update the condition to when: debpkg_mode or nixpkg_mode or stage2_nix to match the parent task import and ensure files exist for all build modes that run setup-pgbouncer.yml.

🤖 Prompt for AI Agents 
In `@ansible/tasks/setup-pgbouncer.yml` at line 80, Change the task conditional
that currently reads "when: nixpkg_mode" so the placeholder files are created
for all relevant build modes; update the when expression to "debpkg_mode or
nixpkg_mode or stage2_nix" (so downstream lineinfile tasks that omit create and
the subsequent file permission tasks will find the files). Edit the task
containing the current when: nixpkg_mode condition (the placeholder file
creation task) to use the expanded boolean expression to match the parent import
and ensure compatibility with the lineinfile (lines ~103-106) and permission
tasks (lines ~108-116).


- name: PgBouncer - adjust pgbouncer.ini
ansible.builtin.copy:
Expand Down
4 changes: 2 additions & 2 deletions ansible/vars.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ postgres_release:
postgres15: "15.14.1.072"

# Non Postgres Extensions
pgbouncer_release: 1.19.0
pgbouncer_release_checksum: sha256:af0b05e97d0e1fd9ad45fe00ea6d2a934c63075f67f7e2ccef2ca59e3d8ce682
pgbouncer_release: 1.25.1
pgbouncer_release_checksum: sha256:6e566ae92fe3ef7f6a1b9e26d6049f7d7ca39c40e29e7b38f6d5500ae15d8465

# The checksum can be found under "Assets", in the GitHub release page for each version.
# The binaries used are: ubuntu-aarch64 and linux-static.
Expand Down
1 change: 1 addition & 0 deletions nix/packages/default.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
cleanup-ami = pkgs.callPackage ./cleanup-ami.nix { };
dbmate-tool = pkgs.callPackage ./dbmate-tool.nix { inherit (self.supabase) defaults; };
docs = pkgs.callPackage ./docs.nix { };
pgbouncer = pkgs.callPackage ../pgbouncer.nix { };
github-matrix = pkgs.callPackage ./github-matrix {
nix-eval-jobs = inputs'.nix-eval-jobs.packages.default;
};
Expand Down
53 changes: 53 additions & 0 deletions nix/pgbouncer.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
lib,
stdenv,
fetchurl,
openssl,
libevent,
c-ares,
pkg-config,
systemd,
nixosTests,
pandoc,
python3,
}:

stdenv.mkDerivation rec {
pname = "pgbouncer";
version = "1.25.1";

src = fetchurl {
url = "https://www.pgbouncer.org/downloads/files/${version}/${pname}-${version}.tar.gz";
hash = "sha256-blZq6S/j739qG54m1gSffXyjnEDinns49tVQCuFdhGU=";
};

nativeBuildInputs = [
pkg-config
pandoc
python3
];
buildInputs = [
libevent
openssl
c-ares
]
++ lib.optional stdenv.hostPlatform.isLinux systemd;
enableParallelBuilding = true;
configureFlags = lib.optional stdenv.hostPlatform.isLinux "--with-systemd";

passthru.tests = {
pgbouncer = nixosTests.pgbouncer;
};

meta = with lib; {
homepage = "https://www.pgbouncer.org/";
mainProgram = "pgbouncer";
description = "Lightweight connection pooler for PostgreSQL";
changelog = "https://github.com/pgbouncer/pgbouncer/releases/tag/pgbouncer_${
replaceStrings [ "." ] [ "_" ] version
}";
license = licenses.isc;
maintainers = with maintainers; [ _1000101 ];
platforms = platforms.all;
};
}
30 changes: 29 additions & 1 deletion testinfra/test_ami_nix.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,34 @@
anon_key = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFhYWFhYWFhYWFhYWFhYWFhYWFhIiwicm9sZSI6ImFub24iLCJpYXQiOjE2OTYyMjQ5NjYsImV4cCI6MjAxMTgwMDk2Nn0.QW95aRPA-4QuLzuvaIeeoFKlJP9J2hvAIpJ3WJ6G5zo"
service_role_key = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFhYWFhYWFhYWFhYWFhYWFhYWFhIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY5NjIyNDk2NiwiZXhwIjoyMDExODAwOTY2fQ.Om7yqv15gC3mLGitBmvFRB3M4IsLsX9fXzTQnFM7lu0"
supabase_admin_key = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFhYWFhYWFhYWFhYWFhYWFhYWFhIiwicm9sZSI6InN1cGFiYXNlX2FkbWluIiwiaWF0IjoxNjk2MjI0OTY2LCJleHAiOjIwMTE4MDA5NjZ9.jrD3j2rBWiIx0vhVZzd1CXFv7qkAP392nBMadvXxk1c"


def load_expected_pgbouncer_version() -> str:
repo_root = Path(__file__).resolve().parent.parent
ansible_vars = repo_root / "ansible" / "vars.yml"
if ansible_vars.exists():
with ansible_vars.open() as f:
for raw_line in f:
line = raw_line.strip()
if line.startswith("pgbouncer_release:"):
return line.split(":", 1)[1].strip().strip('"')

nix_file = repo_root / "nix" / "pgbouncer.nix"
if nix_file.exists():
with nix_file.open() as f:
for raw_line in f:
line = raw_line.strip()
if line.startswith("version ="):
value = line.split("=", 1)[1].strip()
return value.strip(";").strip('"')

raise RuntimeError(
"Could not determine expected PgBouncer version from configuration files"
)


EXPECTED_PGBOUNCER_VERSION = load_expected_pgbouncer_version()
PGBOUNCER_BINARY = "/nix/var/nix/profiles/per-user/pgbouncer/profile/bin/pgbouncer"
init_json_content = f"""
{{
"jwt_secret": "my_jwt_secret_which_is_not_so_secret",
Expand Down Expand Up @@ -200,7 +228,7 @@ def get_ssh_connection(instance_ip, ssh_identity_file, max_retries=10):
else:
raise Exception("SSH test command failed")

except Exception as e:
except Exception:
if attempt == max_retries - 1:
raise
logger.warning(
Expand Down
Loading