chore: init admin-mgr (#514)

* chore: bump versions

* chore: update adminapi.sudoers.conf

* chore: remove no longer needed scripts

* chore: update archive and restore commands

* chore: install admin-mgr

* chore: bump admin-mgr version

* chore: bump version

* chore: cleanup unnecessary perms

* chore: cleanup even more no longer needed perms

* chore: more cleanup

Author: dragarcia

ansible/files/admin_api_scripts/commence_walg_backup.sh

@@ -4,11 +4,6 @@ Cmnd_Alias GOTRUE = /bin/systemctl start gotrue.service, /bin/systemctl stop got
 Cmnd_Alias PGBOUNCER = /bin/systemctl start pgbouncer.service, /bin/systemctl stop pgbouncer.service, /bin/systemctl restart pgbouncer.service, /bin/systemctl disable pgbouncer.service, /bin/systemctl enable pgbouncer.service, /bin/systemctl reload pgbouncer.service
 
 %adminapi ALL= NOPASSWD: /root/grow_fs.sh
-%adminapi ALL= NOPASSWD: /root/commence_walg_backup.sh
-%adminapi ALL= NOPASSWD: /root/commence_walg_restore.sh
-%adminapi ALL= NOPASSWD: /root/complete_walg_restore.sh
-%adminapi ALL= NOPASSWD: /root/disable_walg.sh
-%adminapi ALL= NOPASSWD: /root/enable_walg.sh
 %adminapi ALL= NOPASSWD: /root/manage_readonly_mode.sh
 %adminapi ALL= NOPASSWD: /root/pg_upgrade_prepare.sh
 %adminapi ALL= NOPASSWD: /root/pg_upgrade_initiate.sh
@@ -22,6 +17,7 @@ Cmnd_Alias PGBOUNCER = /bin/systemctl start pgbouncer.service, /bin/systemctl st
 %adminapi ALL= NOPASSWD: /bin/systemctl daemon-reload
 %adminapi ALL= NOPASSWD: /bin/systemctl restart services.slice
 %adminapi ALL= NOPASSWD: /usr/sbin/nft -f /etc/nftables/supabase_managed.conf
+%adminapi ALL= NOPASSWD: /usr/bin/admin-mgr
 %adminapi ALL= NOPASSWD: KONG
 %adminapi ALL= NOPASSWD: POSTGREST
 %adminapi ALL= NOPASSWD: GOTRUE

ansible/files/admin_api_scripts/commence_walg_restore.sh

@@ -1,13 +1,13 @@
 # - Archiving -
 
 #archive_mode = on
-#archive_command = 'sudo -u wal-g wal-g wal-push %p --config /etc/wal-g/config.json >> /var/log/wal-g/wal-push.log 2>&1'
+#archive_command = '/usr/bin/admin-mgr wal-push %p >> /var/log/wal-g/wal-push.log 2>&1'
 #archive_timeout = 120
 
 
 # - Archive Recovery -
 
-#restore_command = '/home/postgres/wal_fetch.sh %f %p >> /var/log/wal-g/wal-fetch.log 2>&1'
+#restore_command = '/usr/bin/admin-mgr wal-fetch %f %p >> /var/log/wal-g/wal-fetch.log 2>&1'
 
 # - Recovery Target -
 

ansible/files/admin_api_scripts/complete_walg_restore.sh

@@ -11,11 +11,6 @@
     mode: "0700"
     owner: root
   loop:
-    - { file: "commence_walg_backup.sh" }
-    - { file: "commence_walg_restore.sh" }
-    - { file: "complete_walg_restore.sh" }
-    - { file: "disable_walg.sh" }
-    - { file: "enable_walg.sh" }
     - { file: "grow_fs.sh" }
     - { file: "manage_readonly_mode.sh" }
     - { file: "pg_upgrade_check.sh" }

ansible/files/admin_api_scripts/disable_walg.sh

@@ -0,0 +1,22 @@
+- name: Setting arch (x86)
+  set_fact:
+    arch: "x86"
+  when: platform == "amd64"
+
+- name: Setting arch (arm)
+  set_fact:
+    arch: "arm64"
+  when: platform == "arm64"
+
+- name: Download admin-mgr archive
+  get_url:
+    url: "https://supabase-public-artifacts-bucket.s3.amazonaws.com/admin-mgr/v{{ adminmgr_release }}/admin-mgr_{{ adminmgr_release }}_linux_{{ arch }}.tar.gz"
+    dest: "/tmp/admin-mgr.tar.gz"
+    timeout: 90
+
+- name: admin-mgr - unpack archive in /usr/bin/
+  unarchive:
+    remote_src: yes
+    src: /tmp/admin-mgr.tar.gz
+    dest: /usr/bin/
+    owner: root

ansible/files/admin_api_scripts/enable_walg.sh

@@ -83,6 +83,9 @@
 - name: Install supautils
   import_tasks: internal/supautils.yml
 
+- name: Install admin-mgr
+  import_tasks: internal/admin-mgr.yml
+
 - name: Install adminapi
   import_tasks: internal/admin-api.yml
 

ansible/files/adminapi.sudoers.conf

@@ -76,13 +76,6 @@
     group: wal-g
     groups: wal-g, postgres
 
-- name: Give postgres access to execute wal-g binary as wal-g user
-  copy:
-    content: |
-      postgres   ALL=(wal-g) NOPASSWD: /usr/local/bin/wal-g
-      postgres   ALL=(root)  NOPASSWD: /root/wal_change_ownership.sh
-    dest: /etc/sudoers.d/postgres
-
 - name: Create a config directory owned by wal-g
   file:
     path: /etc/wal-g

ansible/files/postgresql_config/custom_walg.conf.j2

@@ -41,7 +41,8 @@ postgres_exporter_release_checksum:
   arm64: sha256:d869c16791481dc8475487ad84ae4371a63f9b399898ca1c666eead5cccf7182
   amd64: sha256:ff541bd3ee19c0ae003d71424a75edfcc8695e828dd20d5b4555ce433c89d60b
 
-adminapi_release: 0.32.0
+adminapi_release: 0.34.0
+adminmgr_release: 0.3.0
 
 # Postgres Extensions
 postgis_release: "3.3.2"

ansible/tasks/internal/admin-api.yml

@@ -1 +1 @@
-postgres-version = "15.1.0.32"
+postgres-version = "15.1.0.33"