chore: remove pgbouncer from docker aio image (#907)

* chore: docker aio - clean fail2ban and gotrue disabled flags/code * chore: remove pgbouncer from docker AIO image.
supabase · Mar 14, 2024 · d0bca07 · d0bca07
1 parent aa7cc37
commit d0bca07
Show file tree

Hide file tree

Showing 21 changed files with 28 additions and 547 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -927,7 +927,6 @@ RUN sed -i \
 
 # Include schema migrations
 COPY migrations/db /docker-entrypoint-initdb.d/
-COPY ansible/files/pgbouncer_config/pgbouncer_auth_schema.sql /docker-entrypoint-initdb.d/init-scripts/00-schema.sql
 COPY ansible/files/stat_extension.sql /docker-entrypoint-initdb.d/migrations/00-extension.sql
 
 # Add upstream entrypoint script

diff --git a/common.vars.pkr.hcl b/common.vars.pkr.hcl
@@ -1 +1 @@
-postgres-version = "15.1.1.25"
+postgres-version = "15.1.1.26"
diff --git a/docker/all-in-one/Dockerfile b/docker/all-in-one/Dockerfile
@@ -1,6 +1,5 @@
 ARG postgres_version=15.1.0.148
 
-ARG pgbouncer_release=1.18.0
 ARG postgrest_release=10.1.2
 ARG gotrue_release=2.130.0
 ARG adminapi_release=0.62.0
@@ -26,33 +25,6 @@ RUN apt-get update && apt-get install -y \
     cmake \
     && rm -rf /var/lib/apt/lists/*
 
-####################
-# Install pgbouncer
-####################
-FROM builder as pgbouncer-source
-# Download and extract
-ARG pgbouncer_release
-ADD "https://www.pgbouncer.org/downloads/files/${pgbouncer_release}/pgbouncer-${pgbouncer_release}.tar.gz" /tmp/pgbouncer.tar.gz
-RUN tar -xvf /tmp/pgbouncer.tar.gz -C /tmp && \
-    rm -rf /tmp/pgbouncer.tar.gz
-# Install build dependencies
-RUN apt-get update && apt-get install -y \
-    libevent-dev \
-    && rm -rf /var/lib/apt/lists/*
-# Build from source
-WORKDIR /tmp/pgbouncer-${pgbouncer_release}
-RUN ./configure --prefix=/usr/local
-RUN make -j$(nproc)
-# Create debian package
-RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --requires=libevent-2.1-7 --nodoc
-
-FROM base as pgbouncer
-# Download pre-built packages
-RUN apt-get update && apt-get install -y --no-install-recommends --download-only \
-    pgbouncer \
-    && rm -rf /var/lib/apt/lists/*
-RUN mv /var/cache/apt/archives/*.deb /tmp/
-
 ####################
 # Install PostgREST
 ####################
@@ -126,7 +98,6 @@ RUN mv /var/cache/apt/archives/*.deb /tmp/
 FROM base as production
 
 # Copy dependencies from previous build stages
-COPY --from=pgbouncer /tmp/*.deb /tmp/
 COPY --from=vector /tmp/*.deb /tmp/
 COPY --from=kong /tmp/*.deb /tmp/
 COPY --from=supervisor /tmp/*.deb /tmp/
@@ -177,11 +148,6 @@ COPY docker/all-in-one/etc/sudoers.d /etc/sudoers.d/
 # Script for pg_egress_collect
 COPY --chown=adminapi:adminapi docker/all-in-one/opt/pg_egress_collect /opt/pg_egress_collect
 
-# Customizations for pgbouncer
-COPY docker/all-in-one/etc/pgbouncer /etc/pgbouncer
-COPY docker/all-in-one/etc/pgbouncer-custom /etc/pgbouncer-custom
-COPY docker/all-in-one/etc/tmpfiles.d /etc/tmpfiles.d
-
 # Customizations for postgres
 COPY --chown=postgres:postgres docker/all-in-one/etc/postgresql/pg_hba.conf /etc/postgresql/
 COPY --chown=postgres:postgres docker/all-in-one/etc/postgresql/logging.conf /etc/postgresql/
@@ -250,9 +216,6 @@ ENV ADMIN_API_CERT_DIR=/etc/ssl/adminapi
 ENV ADMIN_API_PORT=8085
 EXPOSE ${ADMIN_API_PORT}
 
-ENV PGBOUNCER_PORT=6543
-EXPOSE ${PGBOUNCER_PORT}
-
 ENV PGEXPORTER_PORT=9187
 EXPOSE ${PGEXPORTER_PORT}
 
@@ -262,8 +225,7 @@ ENV VECTOR_API_PORT=9001
 RUN useradd --create-home --shell /bin/bash postgrest && \
     useradd --create-home --shell /bin/bash gotrue && \
     useradd --create-home --shell /bin/bash envoy && \
-    useradd --create-home --shell /bin/bash pgbouncer -G postgres,ssl-cert && \
-    useradd --create-home --shell /bin/bash adminapi -G root,envoy,kong,pgbouncer,postgres,postgrest,wal-g && \
+    useradd --create-home --shell /bin/bash adminapi -G root,envoy,kong,postgres,postgrest,wal-g && \
     usermod --append --shell /bin/bash -G postgres vector
 RUN mkdir -p /etc/wal-g && \
     chown -R adminapi:adminapi /etc/wal-g && \

diff --git a/docker/all-in-one/entrypoint.sh b/docker/all-in-one/entrypoint.sh
@@ -84,6 +84,17 @@ function disable_fail2ban {
   sed -i "s/autorestart=.*/autorestart=false/" /etc/supervisor/services/fail2ban.conf
 }
 
+function disable_gotrue {
+  sed -i "s/autostart=.*/autostart=false/" /etc/supervisor/services/gotrue.conf
+  sed -i "s/autorestart=.*/autorestart=false/" /etc/supervisor/services/gotrue.conf
+}
+
+function replace_kong_envoy {
+  sed -i "s/autostart=.*/autostart=true/" /etc/supervisor/services/envoy.conf
+  sed -i "s/autostart=.*/autostart=false/" /etc/supervisor/services/kong.conf
+  sed -i "s/kong/envoy/" /etc/supervisor/services/group.conf
+}
+
 function setup_postgres {
   tar -xzvf "$INIT_PAYLOAD_PATH" -C / ./etc/postgresql.schema.sql
   mv /etc/postgresql.schema.sql /docker-entrypoint-initdb.d/migrations/99-schema.sql
@@ -274,19 +285,18 @@ if [ "${AUTOSHUTDOWN_ENABLED:-}" == "true" ]; then
   enable_autoshutdown
 fi
 
+
 if [ "${ENVOY_ENABLED:-}" == "true" ]; then
-  sed -i "s/autostart=.*/autostart=true/" /etc/supervisor/services/envoy.conf
-  sed -i "s/autostart=.*/autostart=false/" /etc/supervisor/services/kong.conf
-  sed -i "s/kong/envoy/" /etc/supervisor/services/group.conf
+  replace_kong_envoy
 fi
 
 if [ "${FAIL2BAN_DISABLED:-}" == "true" ]; then
   disable_fail2ban
 fi
 
+
 if [ "${GOTRUE_DISABLED:-}" == "true" ]; then
-  sed -i "s/autostart=.*/autostart=false/" /etc/supervisor/services/gotrue.conf
-  sed -i "s/autorestart=.*/autorestart=false/" /etc/supervisor/services/gotrue.conf
+  disable_gotrue
 fi
 
 if [ "${PLATFORM_DEPLOYMENT:-}" == "true" ]; then

diff --git a/docker/all-in-one/etc/adminapi/adminapi.yaml b/docker/all-in-one/etc/adminapi/adminapi.yaml
@@ -16,8 +16,6 @@ node_exporter_additional_args:
 # cert_path: /etc/ssl/adminapi/server.crt
 # key_path: /etc/ssl/adminapi/server.key
 upstream_metrics_refresh_duration: 60s
-pgbouncer_endpoints:
-  - "postgres://pgbouncer:{{ .PgbouncerPassword }}@localhost:6543/pgbouncer"
 fail2ban_socket: /var/run/fail2ban/fail2ban.sock
 upstream_metrics_sources:
   - name: system
@@ -62,7 +60,6 @@ firewall:
     - 0.0.0.0/0
   filtered_ports:
     - 5432
-    - 6543
   unfiltered_ports:
     - 80
     - 443

diff --git a/docker/all-in-one/etc/fail2ban/filter.d/postgresql.conf b/docker/all-in-one/etc/fail2ban/filter.d/postgresql.conf
@@ -5,4 +5,3 @@ ignoreregex = ^.*,.*,.*,.*,"127\.0\.0\.1.*password authentication failed for use
               ^.*,.*,.*,.*,"<HOST>:.*password authentication failed for user ""supabase_auth_admin".*$
               ^.*,.*,.*,.*,"<HOST>:.*password authentication failed for user ""supabase_storage_admin".*$
               ^.*,.*,.*,.*,"<HOST>:.*password authentication failed for user ""authenticator".*$
-              ^.*,.*,.*,.*,"<HOST>:.*password authentication failed for user ""pgbouncer".*$
diff --git a/docker/all-in-one/etc/fail2ban/jail.d/pgbouncer.conf b/docker/all-in-one/etc/fail2ban/jail.d/pgbouncer.conf