From d260d428c8a7044c0192eb64cde32968d4846141 Mon Sep 17 00:00:00 2001
From: Conor Brady <con.brad@gmail.com>
Date: Wed, 22 Nov 2023 11:52:49 -0800
Subject: [PATCH] Install and configure pgbackrest on patroni cluster (#3251)

---
 openshift/patroni-postgis/README.md           | 11 +++---
 openshift/patroni-postgis/docker/Dockerfile   | 39 +++++++++++++++++--
 openshift/patroni-postgis/docker/init_postgis | 11 +++++-
 .../patroni-postgis/openshift/build.yaml      | 23 ++++++++++-
 openshift/templates/patroni.yaml              |  6 ++-
 openshift/templates/patroni_prerequisite.yaml |  4 +-
 6 files changed, 78 insertions(+), 16 deletions(-)

diff --git a/openshift/patroni-postgis/README.md b/openshift/patroni-postgis/README.md
index 8393eff89..55c39d7be 100644
--- a/openshift/patroni-postgis/README.md
+++ b/openshift/patroni-postgis/README.md
@@ -10,12 +10,13 @@ The WPS pipeline currently assumes the existence of an appropriately tagged patr
 ### Build and tag an imagestream as follows:
 
 ```bash
-# Build a patroni imagestream:
-oc -n e1e498-tools process -f openshift/build.yaml | oc -n e1e498-tools apply -f -
+# Build a patroni-pgbackrest imagestream:
+oc -n e1e498-tools process -f openshift/build.yaml -p OBJECT_STORE_SERVER="server" -p OBJECT_STORE_BUCKET="bucket" -p OBJECT_STORE_USER_ID="uid" -p OBJECT_STORE_SECRET="sec" -p GIT_REF="<branch>" | oc -n e1e498-tools apply -f -
 # Tag the old imagestream so we can keep it around if we need to revert:
-oc -n e1e498-tools tag patroni-postgres:v12 patroni-postgres:v12-<date deprecated, e.g. 20200826>
+oc -n e1e498-tools tag patroni-postgres-pgbackrest:v12-<current-tag, e.g. 2023-11-22> patroni-postgres-pgbackrest:v12-<date deprecated, e.g. 20200826>
 # Tag the new imagestream (it won't be used until the pods get re-created):
-oc -n e1e498-tools tag patroni-postgres:v12-latest patroni-postgres:v12
+oc -n e1e498-tools tag patroni-postgres-pgbackrest:v12-latest patroni-postgres-pgbackrest:v12-<current date, e.g. 2024-1-1>
+# Then update the tag in the patroni yaml files to point to the current date tag
 ```
 
 #### Common build failures
@@ -69,4 +70,4 @@ SELECT postgis_extensions_upgrade();
 
 This script cannot be run as part of the alembic scripts in the api project, the api uses a `wps` user that does not have the appropriate priveleges. Upgrading the image may this require manually running `SELECT postgis_extensions_upgrade();` on the target database once the new image has been applied.
 
-The PostGIS version can be checked with `SELECT postgis_full_version();`
\ No newline at end of file
+The PostGIS version can be checked with `SELECT postgis_full_version();`
diff --git a/openshift/patroni-postgis/docker/Dockerfile b/openshift/patroni-postgis/docker/Dockerfile
index 23bc25d83..e3b3278aa 100644
--- a/openshift/patroni-postgis/docker/Dockerfile
+++ b/openshift/patroni-postgis/docker/Dockerfile
@@ -3,23 +3,54 @@
 FROM image-registry.openshift-image-registry.svc:5000/bcgov/patroni-postgres:12.4-latest
 
 ENV POSTGIS_MAJOR 3
-ENV POSTGIS_VERSION 3.3.1+dfsg-1.pgdg100+1
+ENV POSTGIS_VERSION 3.3.4+dfsg-1.pgdg100+1
 
 # Switch to root user for package installs
 USER 0
 
 # PostGIS requirements taken from https://github.com/postgis/docker-postgis
 RUN apt-get update \
-    && apt-cache showpkg postgresql-$PG_MAJOR-postgis-$POSTGIS_MAJOR \
+    && apt-cache showpkg postgresql-"$PG_MAJOR"-postgis-"$POSTGIS_MAJOR" \
     && apt-get install -y --no-install-recommends \
-    postgresql-$PG_MAJOR-postgis-$POSTGIS_MAJOR=$POSTGIS_VERSION \
-    postgresql-$PG_MAJOR-postgis-$POSTGIS_MAJOR-scripts=$POSTGIS_VERSION \
+    # ca-certificates: for accessing remote raster files;
+    #   fix: https://github.com/postgis/docker-postgis/issues/307
+    ca-certificates \
+    \
+    postgresql-"$PG_MAJOR"-postgis-"$POSTGIS_MAJOR"="$POSTGIS_VERSION" \
+    postgresql-"$PG_MAJOR"-postgis-"$POSTGIS_MAJOR"-scripts \
+    pgbackrest \
     && rm -rf /var/lib/apt/lists/*
 
+RUN mkdir -p -m 777 /var/log/pgbackrest \
+    && chown postgres:postgres /var/log/pgbackrest \
+    && mkdir -p /etc/pgbackrest \
+    && mkdir -p /etc/pgbackrest/conf.d \
+    && touch /etc/pgbackrest/pgbackrest.conf \
+    && chmod 777 /etc/pgbackrest/pgbackrest.conf \
+    && chown postgres:postgres /etc/pgbackrest/pgbackrest.conf
+
 # Add the POSTGIS command to the end of the post_init script.
 COPY init_postgis /usr/share/scripts/patroni/
 RUN cat /usr/share/scripts/patroni/init_postgis >> /usr/share/scripts/patroni/post_init.sh
 RUN rm /usr/share/scripts/patroni/init_postgis
 
+RUN echo "[global] \n \
+    repo1-type=s3 \n \
+    repo1-storage-verify-tls=n \n \
+    repo1-s3-endpoint=$OBJECT_STORE_SERVER \n\
+    repo1-s3-uri-style=path \n\
+    repo1-s3-bucket=$OBJECT_STORE_BUCKET \n\
+    repo1-s3-key=$OBJECT_STORE_USER_ID \n \
+    repo1-s3-key-secret=$OBJECT_STORE_SECRET \n \
+    repo1-s3-region=eu-west-3 \n \
+    \n \
+    repo1-path=/repo1 \n \
+    repo1-retention-full=3 \n \
+    start-fast=y \n \
+    log-level-console=info \n \
+    log-level-file=debug \n \
+    delta=y \n \
+    process-max=2 \n" >> /etc/pgbackrest/pgbackrest.conf
+
 # Switch back to default user
 USER 1001
\ No newline at end of file
diff --git a/openshift/patroni-postgis/docker/init_postgis b/openshift/patroni-postgis/docker/init_postgis
index 829d96150..9e86f2fa1 100644
--- a/openshift/patroni-postgis/docker/init_postgis
+++ b/openshift/patroni-postgis/docker/init_postgis
@@ -1,5 +1,12 @@
 
-if [[ (! -z "$APP_USER") &&  (! -z "$APP_PASSWORD") && (! -z "$APP_DATABASE")]]; then
+if [[ (! -z "$APP_USER") &&  (! -z "$APP_PASSWORD") && (! -z "$APP_DATABASE") && (! -z "$NAME")]]; then
+    echo "Initializing archive mode for pgbackrest"
+    psql -c "alter system set archive_mode=on;"
+    psql -c "alter system set archive_command=pgbackrest --stanza=$NAME-cluster-1 archive-push '%p';"
     echo "Loading PostGIS extensions into $APP_DATABASE"
     psql "$1" -w -c "\c ${APP_DATABASE}" -c "CREATE EXTENSION IF NOT EXISTS postgis;"
-fi
+    echo "Restarting postgres to init config"
+    pg_ctl restart -D /home/postgres/pgdata/pgroot/data
+    echo "Creating pgbackrest stanza"
+    pgbackrest --stanza="$NAME-cluster-1" --pg1-path=/home/postgres/pgdata/pgroot/data --pg1-port=5432 stanza-create
+fi
\ No newline at end of file
diff --git a/openshift/patroni-postgis/openshift/build.yaml b/openshift/patroni-postgis/openshift/build.yaml
index ba8f6f4b1..dda2ae843 100644
--- a/openshift/patroni-postgis/openshift/build.yaml
+++ b/openshift/patroni-postgis/openshift/build.yaml
@@ -12,7 +12,7 @@ labels:
   app.kubernetes.io/version: "12"
 parameters:
   - name: NAME
-    value: patroni-postgres
+    value: patroni-postgres-pgbackrest
   - name: SUFFIX
   - name: VERSION
     description: Output version
@@ -23,6 +23,18 @@ parameters:
     value: main
   - name: POSTGRES_VERSION
     value: "12"
+  - name: OBJECT_STORE_SERVER
+    description: Backup object store server
+    required: true
+  - name: OBJECT_STORE_BUCKET
+    description: Backup object store bucket
+    required: true
+  - name: OBJECT_STORE_USER_ID
+    description: Backup object store user id
+    required: true
+  - name: OBJECT_STORE_SECRET
+    description: Backup object store secret
+    required: true
 objects:
   - apiVersion: v1
     kind: ImageStream
@@ -55,6 +67,15 @@ objects:
         type: Git
       strategy:
         dockerStrategy:
+          env:
+            - name: "OBJECT_STORE_SERVER"
+              value: "${OBJECT_STORE_SERVER}"
+            - name: "OBJECT_STORE_BUCKET"
+              value: "${OBJECT_STORE_BUCKET}"
+            - name: "OBJECT_STORE_USER_ID"
+              value: "${OBJECT_STORE_USER_ID}"
+            - name: "OBJECT_STORE_SECRET"
+              value: "${OBJECT_STORE_SECRET}"
         type: Docker
       triggers:
         - type: ConfigChange
diff --git a/openshift/templates/patroni.yaml b/openshift/templates/patroni.yaml
index 53166ae15..65860e3f1 100644
--- a/openshift/templates/patroni.yaml
+++ b/openshift/templates/patroni.yaml
@@ -162,6 +162,8 @@ objects:
                       key: app-db-password
                 - name: APP_DATABASE
                   value: ${PARENT_NAME}
+                - name: NAME
+                  value: ${NAME}
                 - name: PATRONI_SCOPE
                   value: ${NAME}
                 - name: PATRONI_NAME
@@ -287,12 +289,12 @@ parameters:
   - name: IMAGE_NAME
     description: |
       The Patroni image stream name
-    value: patroni-postgres
+    value: patroni-postgres-pgbackrest
   - name: IMAGE_TAG
     description: |
       The image tag used to specify which image you would like deployed.
       Don't use `latest`.
-    value: "v12-2022-09-12"
+    value: "v12-2023-11-22"
   - name: PVC_SIZE
     description: The size of the persistent volume to create.
     displayName: Persistent Volume Size
diff --git a/openshift/templates/patroni_prerequisite.yaml b/openshift/templates/patroni_prerequisite.yaml
index e576a5a40..71bde5190 100644
--- a/openshift/templates/patroni_prerequisite.yaml
+++ b/openshift/templates/patroni_prerequisite.yaml
@@ -179,12 +179,12 @@ parameters:
   - name: IMAGE_NAME
     description: |
       The Patroni image stream name
-    value: patroni-postgres
+    value: patroni-postgres-pgbackrest
   - name: IMAGE_TAG
     description: |
       The image tag used to specify which image you would like deployed.
       Don't use `latest`.
-    value: "v12"
+    value: "v12-2023-11-22"
   - name: PVC_SIZE
     description: The size of the persistent volume to create.
     displayName: Persistent Volume Size