diff --git a/Dockerfile b/Dockerfile index bdb76a4f4f..0b2094c5c6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,30 +43,31 @@ COPY --chown=nonroot . . ARG ADDITIONAL_RUSTFLAGS RUN set -e \ - && PQ_LIB_DIR=$(pwd)/pg_install/v${STABLE_PG_VERSION}/lib RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=mold -Clink-arg=-Wl,--no-rosegment ${ADDITIONAL_RUSTFLAGS}" cargo build \ - --bin pg_sni_router \ - --bin pageserver \ - --bin pagectl \ - --bin safekeeper \ - --bin storage_broker \ - --bin storage_controller \ - --bin proxy \ - --bin neon_local \ - --bin storage_scrubber \ - --locked --release + && RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=mold -Clink-arg=-Wl,--no-rosegment" cargo build \ + --bin pg_sni_router \ + --bin pageserver \ + --bin pagectl \ + --bin safekeeper \ + --bin storage_broker \ + --bin storage_controller \ + --bin proxy \ + --bin neon_local \ + --locked --release \ + && cachepot -s # Build final image # -FROM debian:bullseye-slim -ARG DEFAULT_PG_VERSION +FROM debian:bookworm-slim WORKDIR /data RUN set -e \ && apt update \ && apt install -y \ - libreadline-dev \ - libseccomp-dev \ - ca-certificates \ + libreadline-dev \ + libseccomp-dev \ + libicu67 \ + openssl \ + ca-certificates \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ && useradd -d /data neon \ && chown -R neon:neon /data @@ -89,15 +90,13 @@ COPY --from=pg-build /home/nonroot/postgres_install.tar.gz /data/ # By default, pageserver uses `.neon/` working directory in WORKDIR, so create one and fill it with the dummy config. # Now, when `docker run ... pageserver` is run, it can start without errors, yet will have some default dummy values. -RUN mkdir -p /data/.neon/ && \ - echo "id=1234" > "/data/.neon/identity.toml" && \ - echo "broker_endpoint='http://storage_broker:50051'\n" \ - "pg_distrib_dir='/usr/local/'\n" \ - "listen_pg_addr='0.0.0.0:6400'\n" \ - "listen_http_addr='0.0.0.0:9898'\n" \ - "availability_zone='local'\n" \ - > /data/.neon/pageserver.toml && \ - chown -R neon:neon /data/.neon +RUN mkdir -p /data/.neon/ && chown -R neon:neon /data/.neon/ \ + && /usr/local/bin/pageserver -D /data/.neon/ --init \ + -c "id=1234" \ + -c "broker_endpoint='http://storage_broker:50051'" \ + -c "pg_distrib_dir='/usr/local/'" \ + -c "listen_pg_addr='0.0.0.0:6400'" \ + -c "listen_http_addr='0.0.0.0:9898'" # When running a binary that links with libpq, default to using our most recent postgres version. Binaries # that want a particular postgres version will select it explicitly: this is just a default. diff --git a/Dockerfile.build-tools b/Dockerfile.build-tools index c4209c7a12..9086dd5d42 100644 --- a/Dockerfile.build-tools +++ b/Dockerfile.build-tools @@ -1,4 +1,4 @@ -FROM debian:bullseye-slim +FROM debian:bookworm-slim # Use ARG as a build-time environment variable here to allow. # It's not supposed to be set outside. @@ -16,45 +16,46 @@ SHELL ["/bin/bash", "-c"] RUN set -e \ && apt update \ && apt install -y \ - autoconf \ - automake \ - bison \ - build-essential \ - ca-certificates \ - cmake \ - curl \ - flex \ - git \ - gnupg \ - gzip \ - jq \ - libcurl4-openssl-dev \ - libbz2-dev \ - libffi-dev \ - liblzma-dev \ - libncurses5-dev \ - libncursesw5-dev \ - libreadline-dev \ - libseccomp-dev \ - libsqlite3-dev \ - libssl-dev \ - libstdc++-10-dev \ - libtool \ - libxml2-dev \ - libxmlsec1-dev \ - libxxhash-dev \ - lsof \ - make \ - netcat \ - net-tools \ - openssh-client \ - parallel \ - pkg-config \ - unzip \ - wget \ - xz-utils \ - zlib1g-dev \ - zstd \ + autoconf \ + automake \ + bison \ + build-essential \ + ca-certificates \ + cmake \ + curl \ + flex \ + git \ + gnupg \ + gzip \ + jq \ + libcurl4-openssl-dev \ + libbz2-dev \ + libffi-dev \ + liblzma-dev \ + libncurses5-dev \ + libncursesw5-dev \ + libpq-dev \ + libreadline-dev \ + libseccomp-dev \ + libsqlite3-dev \ + libssl-dev \ + libstdc++-10-dev \ + libtool \ + libxml2-dev \ + libxmlsec1-dev \ + libxxhash-dev \ + lsof \ + make \ + netcat \ + net-tools \ + openssh-client \ + parallel \ + pkg-config \ + unzip \ + wget \ + xz-utils \ + zlib1g-dev \ + zstd \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # protobuf-compiler (protoc) @@ -201,9 +202,9 @@ ARG CARGO_DENY_VERSION=0.16.1 ARG CARGO_HACK_VERSION=0.6.31 ARG CARGO_NEXTEST_VERSION=0.9.72 RUN curl -sSO https://static.rust-lang.org/rustup/dist/$(uname -m)-unknown-linux-gnu/rustup-init && whoami && \ - chmod +x rustup-init && \ - ./rustup-init -y --default-toolchain ${RUSTC_VERSION} && \ - rm rustup-init && \ + chmod +x rustup-init && \ + ./rustup-init -y --default-toolchain ${RUSTC_VERSION} && \ + rm rustup-init && \ export PATH="$HOME/.cargo/bin:$PATH" && \ . "$HOME/.cargo/env" && \ cargo --version && rustup --version && \ diff --git a/Dockerfile.compute-node b/Dockerfile.compute-node index 6bf6fb650f..257b00b612 100644 --- a/Dockerfile.compute-node +++ b/Dockerfile.compute-node @@ -9,7 +9,7 @@ ARG BUILD_TAG # Layer "build-deps" # ######################################################################################### -FROM debian:bullseye-slim AS build-deps +FROM debian:bookworm-slim AS build-deps RUN apt update && \ apt install -y git autoconf automake libtool build-essential bison flex libreadline-dev \ zlib1g-dev libxml2-dev libcurl4-openssl-dev libossp-uuid-dev wget pkg-config libssl-dev \ @@ -1027,7 +1027,7 @@ RUN cd compute_tools && mold -run cargo build --locked --profile release-line-de # ######################################################################################### -FROM debian:bullseye-slim AS compute-tools-image +FROM debian:bookworm-slim AS compute-tools-image COPY --from=compute-tools /home/nonroot/target/release-line-debug-size-lto/compute_ctl /usr/local/bin/compute_ctl @@ -1144,7 +1144,7 @@ ENV PGDATABASE=postgres # Put it all together into the final image # ######################################################################################### -FROM debian:bullseye-slim +FROM debian:bookworm-slim # Add user postgres RUN mkdir /var/db && useradd -m -d /var/db/postgres postgres && \ echo "postgres:test_console_pass" | chpasswd && \ diff --git a/vm-image-spec.yaml b/vm-image-spec.yaml index c94f95f447..3f540cb727 100644 --- a/vm-image-spec.yaml +++ b/vm-image-spec.yaml @@ -4,17 +4,17 @@ commands: - name: cgconfigparser user: root sysvInitAction: sysinit - shell: 'cgconfigparser -l /etc/cgconfig.conf -s 1664' + shell: "cgconfigparser -l /etc/cgconfig.conf -s 1664" # restrict permissions on /neonvm/bin/resize-swap, because we grant access to compute_ctl for # running it as root. - name: chmod-resize-swap user: root sysvInitAction: sysinit - shell: 'chmod 711 /neonvm/bin/resize-swap' + shell: "chmod 711 /neonvm/bin/resize-swap" - name: pgbouncer user: postgres sysvInitAction: respawn - shell: '/usr/local/bin/pgbouncer /etc/pgbouncer.ini' + shell: "/usr/local/bin/pgbouncer /etc/pgbouncer.ini" - name: postgres-exporter user: nobody sysvInitAction: respawn @@ -22,11 +22,11 @@ commands: - name: sql-exporter user: nobody sysvInitAction: respawn - shell: '/bin/sql_exporter -config.file=/etc/sql_exporter.yml -web.listen-address=:9399' + shell: "/bin/sql_exporter -config.file=/etc/sql_exporter.yml -web.listen-address=:9399" - name: sql-exporter-autoscaling user: nobody sysvInitAction: respawn - shell: '/bin/sql_exporter -config.file=/etc/sql_exporter_autoscaling.yml -web.listen-address=:9499' + shell: "/bin/sql_exporter -config.file=/etc/sql_exporter_autoscaling.yml -web.listen-address=:9499" shutdownHook: | su -p postgres --session-command '/usr/local/bin/pg_ctl stop -D /var/db/postgres/compute/pgdata -m fast --wait -t 10' files: @@ -453,8 +453,8 @@ build: | # At time of writing (2023-03-14), debian bullseye has a version of cgroup-tools (technically # libcgroup) that doesn't support cgroup v2 (version 0.41-11). Unfortunately, the vm-monitor # requires cgroup v2, so we'll build cgroup-tools ourselves. - FROM debian:bullseye-slim as libcgroup-builder - ENV LIBCGROUP_VERSION=v2.0.3 + FROM debian:bookworm-slim as libcgroup-builder + ENV LIBCGROUP_VERSION v2.0.3 RUN set -exu \ && apt update \ @@ -487,7 +487,7 @@ build: | # Build pgbouncer # - FROM debian:bullseye-slim AS pgbouncer + FROM debian:bookworm-slim AS pgbouncer RUN set -e \ && apt-get update \ && apt-get install -y \