Initial commit

.github/workflows/build.yaml

@@ -0,0 +1,77 @@
+name: Build Artifacts
+on:
+  release:
+    types: [created]
+  push:
+    branches:
+      - '**'
+  workflow_dispatch:
+    inputs:
+      publish_docker:
+        description: "Publish image to ghcr.io/netcracker/pgskipper-patroni"
+        type: boolean
+        default: false
+        required: false
+
+env:
+  TAG_NAME: ${{ github.event.release.tag_name || github.ref }}
+  PUSH: ${{ github.event_name != 'workflow_dispatch' || inputs.publish_docker }}
+
+jobs:
+  multiplatform_build:
+    strategy:
+      fail-fast: false
+      matrix:
+        component:
+          - name: pgskipper-patroni-16
+            file: pg16/Dockerfile
+            context: ""
+          - name: pgskipper-patroni-15
+            file: pg15/Dockerfile
+            context: ""
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Validate
+        run: |
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" && "${{ github.ref }}" == refs/tags* ]]; then
+            echo -e "\033[91mManual workflow run on tags is not allowed!\033[0m"
+            exit 1
+          fi
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${GITHUB_ACTOR}
+          password: ${{secrets.GITHUB_TOKEN}}
+      - name: Prepare Tag
+        run: echo "TAG_NAME=$(echo ${TAG_NAME} | sed 's@refs/tags/@@;s@refs/heads/@@;s@/@_@g')" >> $GITHUB_ENV
+      - name: Get package IDs for delete 
+        id: get-ids-for-delete
+        uses: Netcracker/[email protected]
+        with:
+          component-name: ${{ matrix.component.name }}
+          component-tag: ${{ env.TAG_NAME }}
+          access-token: ${{secrets.GITHUB_TOKEN}} 
+        if: ${{ env.PUSH }}
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          no-cache: true
+          context: ${{ matrix.component.context }}
+          file: ${{ matrix.component.file }}
+          platforms: linux/amd64 #,linux/arm64 extensions required
+          push: ${{ env.PUSH }}
+          tags: ghcr.io/netcracker/${{ matrix.component.name }}:${{ env.TAG_NAME }}
+          provenance: false
+      - uses: actions/delete-package-versions@v5
+        with: 
+          package-name: ${{ matrix.component.name }}
+          package-type: 'container'
+          package-version-ids: ${{ steps.get-ids-for-delete.outputs.ids-for-delete }}
+        if: ${{ steps.get-ids-for-delete.outputs.ids-for-delete != '' }}

.github/workflows/clean.yaml

@@ -0,0 +1,41 @@
+name: Branch Deleted
+on: delete
+
+env:
+  COMPONENT_NAME: pgskipper-patroni
+  TAG_NAME: ${{ github.event.ref }}
+
+jobs:
+  delete:
+    if: github.event.ref_type == 'branch'
+    strategy:
+      fail-fast: false
+      matrix:
+        component:
+          - name: pgskipper-patroni-16
+            context: ""
+          - name: pgskipper-patroni-15
+            context: ""
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Prepare Tag
+        run: echo "TAG_NAME=$(echo ${TAG_NAME} | sed 's@refs/heads/@@;s@/@_@g')" >> $GITHUB_ENV
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${GITHUB_ACTOR}
+          password: ${{secrets.GITHUB_TOKEN}}
+      - name: Get package IDs for delete 
+        id: get-ids-for-delete
+        uses: Netcracker/[email protected]
+        with:
+          component-name: ${{ matrix.component.name }}
+          component-tag: ${{ env.TAG_NAME }}
+          access-token: ${{secrets.GITHUB_TOKEN}}
+      - uses: actions/delete-package-versions@v5
+        with: 
+          package-name: ${{ matrix.component.name }}
+          package-type: 'container'
+          package-version-ids: ${{ steps.get-ids-for-delete.outputs.ids-for-delete }}
+        if: ${{ steps.get-ids-for-delete.outputs.ids-for-delete != '' }}

.github/workflows/license.yaml

@@ -0,0 +1,24 @@
+name: Add License Header
+on:
+  push:
+    branches:
+      - 'main'
+env:
+   COPYRIGHT_COMPANY: 'NetCracker Technology Corporation'
+   COPYRIGHT_YEAR: '2024-2025'
+jobs:
+  license:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GH_ACCESS_TOKEN }}
+      - run: docker run -v "${PWD}:/src" -i ghcr.io/google/addlicense -v -c "${{ env.COPYRIGHT_COMPANY }}" -y "${{ env.COPYRIGHT_YEAR }}" $(find . -type f -name "*.go" -o -type f -name "*.sh" -o -type f -name "*.py" | xargs echo)
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v7
+        with:
+          commit-message: Auto-update license header
+          branch: license-update
+          title: Add License Header
+          body: Automated license header update
+          delete-branch: true

.gitignore

@@ -0,0 +1,22 @@
+# To ignore oc config file.
+ansible/.tmp
+
+# For failed run artifacts.
+ansible/*.retry
+
+# Test results.
+ansible/tests
+
+# Pv cleaner results.
+ansible/pv_cleaner_results
+
+# Build output.
+target
+
+pg15/scripts
+pg15/docs
+pg15/maintenance
+
+pg16/scripts
+pg16/docs
+pg16/maintenance

CODE-OF-CONDUCT.md

@@ -0,0 +1,73 @@
+# Code of Conduct
+
+This repository is governed by following code of conduct guidelines.
+
+We put collaboration, trust, respect and transparency as core values for our community.
+Our community welcomes participants from all over the world with different experience,
+opinion and ideas to share.
+
+We have adopted this code of conduct and require all contributors to agree with that to build a healthy,
+safe and productive community for all.
+
+The guideline is aimed to support a community where all people should feel safe to participate,
+introduce new ideas and inspire others, regardless of:
+
+* Age
+* Gender
+* Gender identity or expression
+* Family status
+* Marital status
+* Ability
+* Ethnicity
+* Race
+* Sex characteristics
+* Sexual identity and orientation
+* Education
+* Native language
+* Background
+* Caste
+* Religion
+* Geographic location
+* Socioeconomic status
+* Personal appearance
+* Any other dimension of diversity
+
+## Our Standards
+
+We are welcoming the following behavior:
+
+* Be respectful for different ideas, opinions and points of view
+* Be constructive and professional
+* Use inclusive language
+* Be collaborative and show the empathy
+* Focus on the best results for the community
+
+The following behavior is unacceptable:
+
+* Violence, threats of violence, or inciting others to commit self-harm
+* Personal attacks, trolling, intentionally spreading misinformation, insulting/derogatory comments
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Derogatory language
+* Encouraging unacceptable behavior
+* Other conduct which could reasonably be considered inappropriate in a professional community
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of the Code of Conduct
+and are expected to take appropriate actions in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments,
+commits, code, wiki edits, issues, and other contributions that are not aligned
+to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors
+that they deem inappropriate, threatening, offensive, or harmful.
+
+## Reporting
+
+If you believe you’re experiencing unacceptable behavior that will not be tolerated as outlined above,
+please report to `[email protected]`. All complaints will be reviewed and investigated and will result in a response
+that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality
+with regard to the reporter of an incident.
+
+Please also report if you observe a potentially dangerous situation, someone in distress, or violations of these guidelines,
+even if the situation is not happening to you.

CONTRIBUTING.md

@@ -0,0 +1,12 @@
+# Contribution Guide
+
+We'd love to accept patches and contributions to this project.
+Please, follow these guidelines to make the contribution process easy and effective for everyone involved.
+
+## Contributor License Agreement
+
+You must sign the [Contributor License Agreement](https://pages.netcracker.com/cla-main.html) in order to contribute.
+
+## Code of Conduct
+
+Please make sure to read and follow the [Code of Conduct](CODE-OF-CONDUCT.md).

README.md

@@ -1 +1 @@
-# postgres-patroni
+# pgskipper-patroni

SECURITY.md

@@ -0,0 +1,15 @@
+# Security Reporting Process
+
+Please, report any security issue to `[email protected]` where the issue will be triaged appropriately.
+
+If you know of a publicly disclosed security vulnerability please IMMEDIATELY email `[email protected]`
+to inform the team about the vulnerability, so we may start the patch, release, and communication process.
+
+# Security Release Process
+
+If the vulnerability is found in the latest stable release, then it would be fixed in patch version for that release.
+E.g., issue is found in 2.5.0 release, then 2.5.1 version with a fix will be released.
+By default, older versions will not have security releases.
+
+If the issue doesn't affect any existing public releases, the fix for medium and high issues is performed
+in a main branch before releasing a new version. For low priority issues the fix can be planned for future releases.

pg15/Dockerfile

@@ -0,0 +1,106 @@
+FROM ubuntu:22.04
+
+USER root
+
+ENV POD_IDENTITY="node1" \
+    PATRONI_TTL=60 \
+    PATRONI_LOOP_WAIT=10 \
+    PATRONI_RETRY_TIMEOUT=40 \
+    PATRONI_MAXIMUM_LAG_ON_FAILOVER=1048576 \
+    PATRONI_SYNCHRONOUS_MODE="false" \
+    PG_CLUST_NAME="common" \
+    PG_MAX_CONNECTIONS=200 \
+    PG_CONF_MAX_PREPARED_TRANSACTIONS=200 \
+    PATRONICTL_CONFIG_FILE="/patroni/pg_node.yml" \
+    PG_BIN_DIR="/usr/lib/postgresql/15/bin/" \
+    POSTGRESQL_VERSION=15 \
+    LC_ALL=en_US.UTF-8 \
+    LANG=en_US.UTF-8 \
+    EDITOR=/usr/bin/vi \
+    PATH="/usr/lib/postgresql/15/bin/:${PATH}"
+
+# Official CentOS repos contain libprotobuf-c 1.0.2, but decoderbufs require 1.1+, thus,
+# we craft a custom build of protobuf-c and publish it at this repo.
+# Remove this line after moving to the next CentOS releases.
+COPY scripts/archive_wal.sh /opt/scripts/archive_wal.sh
+ADD ./scripts/pip.conf /root/.pip/pip.conf
+COPY ./scripts/postgresql.conf /tmp/postgresql.conf
+COPY ./scripts/fix_permission.sh /usr/libexec/fix-permissions
+ADD ./scripts/* /
+
+RUN echo "deb [trusted=yes] http://apt.postgresql.org/pub/repos/apt jammy-pgdg main" >> /etc/apt/sources.list.d/pgdg.list
+RUN ls -la /etc/apt/
+RUN apt-get -y update
+RUN apt-get -o DPkg::Options::="--force-confnew" -y dist-upgrade
+RUN apt-get update && \
+    apt-get install -y --allow-downgrades gcc-12 cpp-12 gcc-12-base libgcc-12-dev libstdc++6 libgcc-s1 libnsl2
+RUN apt-get --no-install-recommends install -y python3.11 python3-pip python3-dev libpq-dev cython3 wget curl
+RUN echo '127.0.0.1 pypi.python.org' >> /etc/host
+
+# rename 'tape' group to 'postgres' and creating postgres user - hask for ubuntu
+RUN groupmod -n postgres tape
+RUN adduser -uid 26 -gid 26 postgres
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get --no-install-recommends install -y postgresql-15 postgresql-contrib-15 postgresql-server-dev-15 postgresql-plpython3-15 postgresql-15-hypopg postgresql-15-powa postgresql-15-orafce\
+    hostname gettext jq vim \
+    postgresql-15-cron postgresql-15-repack postgresql-15-pgaudit postgresql-15-pg-stat-kcache postgresql-15-pg-qualstats postgresql-15-set-user postgresql-15-postgis pgbackrest \
+    postgresql-15-pg-wait-sampling postgresql-15-pg-track-settings postgresql-15-pgnodemx postgresql-15-pg-hint-plan postgresql-15-decoderbufs
+
+# Install LDAP utilities including openldap-clients and necessary libraries
+RUN apt-get update && apt-get install -y \
+    ldap-utils \
+    libldap-2.5-0 \
+    libsasl2-modules-gssapi-mit \
+    libldap-common \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN localedef -i en_US -f UTF-8 en_US.UTF-8 && \
+    localedef -i es_PE -f UTF-8 es_PE.UTF-8 && \
+    localedef -i es_ES -f UTF-8 es_ES.UTF-8
+
+RUN wget https://github.com/zubkov-andrei/pg_profile/releases/download/0.3.6/pg_profile--0.3.6.tar.gz && \
+tar -xzf pg_profile--0.3.6.tar.gz --directory $(pg_config --sharedir)/extension && \
+rm -rf pg_profile--0.3.6.tar.gz
+
+# Install pgsentinel and pg_dbms_stats
+RUN apt update && apt-get install -y git make gcc && \
+    git clone https://github.com/pgsentinel/pgsentinel.git && \
+    cd pgsentinel && \
+    git checkout 0218c2147daab0d2dbbf08433cb480163d321839 && \
+    cd src && make install && \
+    cd ../.. && git clone --depth 1 --branch REL14_0 https://github.com/ossc-db/pg_dbms_stats.git && \
+    cd pg_dbms_stats && sed -i 's/$(MAJORVERSION)/14/g' Makefile && \
+    make install && \
+    apt-get purge -y --auto-remove git make gcc && \
+    cd .. && rm -rf pgsentinel
+
+RUN apt-get install -y alien
+
+RUN cat /root/.pip/pip.conf
+RUN python3 -m pip install -U setuptools
+RUN python3 -m pip install psutil patroni[kubernetes,etcd]==3.3.2 psycopg2-binary==2.9.5 requests python-dateutil urllib3 six prettytable --no-cache
+RUN mv /var/lib/postgresql /var/lib/pgsql
+
+RUN mkdir /patroni && chmod -R 777 /patroni/ && \
+    chmod +x /usr/libexec/fix-permissions && \
+    /usr/libexec/fix-permissions /var/run/postgresql && \
+    /usr/libexec/fix-permissions /var/lib/pgsql && \
+    mkdir -p /var/lib/pgsql/data/ && \
+    chown -R postgres:postgres /var/lib/pgsql && \
+    chmod +x /*.py && \
+    chmod +x /*.sh && \
+    chmod 777 /opt/scripts/archive_wal.sh && \
+    ln -s /usr/bin/python3 /usr/bin/python
+
+# Volumes are defined to support read-only root file system
+VOLUME /etc
+VOLUME /patroni
+VOLUME /run/postgresql
+
+WORKDIR /patroni
+ENTRYPOINT ["/start.sh"]
+
+USER 26
+EXPOSE 5432
+EXPOSE 8008