From 1ecd52bec044613bd043742bf61bdaffeda2eabd Mon Sep 17 00:00:00 2001
From: Dirk Uys <dirkcuys@gmail.com>
Date: Thu, 18 Apr 2024 10:54:24 +0200
Subject: [PATCH 1/2] Use variable to specify postgres version

---
 roles/postgres/tasks/main.yml                     |  6 +++---
 .../tasks/main.yml                                | 15 +++++++++------
 2 files changed, 12 insertions(+), 9 deletions(-)
 rename roles/{postgres-update => postgres_update}/tasks/main.yml (64%)

diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml
index 29abbb6..9e17f22 100644
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@@ -12,7 +12,7 @@
 - name: start postgres docker image
   docker_container:
     name: p2pu-postgres
-    image: postgres:11
+    image: "postgres:{{VERSION}}"
     state: started
     pull: yes
     restart: yes
@@ -20,13 +20,13 @@
     ports:
     - 127.0.0.1:5432:5432
     volumes:
-    - "/var/p2pu/volumes/postgres-11/data:/var/lib/postgresql/data"
+    - "/var/p2pu/volumes/postgres-{{VERSION}}/data:/var/lib/postgresql/data"
     env:
       POSTGRES_USER: "{{ PG_ADMIN_USER }}"
       POSTGRES_PASSWORD: "{{ PG_ADMIN_PASSWORD }}"
 
 - name: wait for postgres startup
-  shell: docker run --rm --link p2pu-postgres:postgres postgres:11 pg_isready -h postgres
+  shell: "docker run --rm --link p2pu-postgres:postgres postgres:{{VERSION}} pg_isready -h postgres"
   register: result
   until: result.stdout.find("accepting connections") != -1
   retries: 10
diff --git a/roles/postgres-update/tasks/main.yml b/roles/postgres_update/tasks/main.yml
similarity index 64%
rename from roles/postgres-update/tasks/main.yml
rename to roles/postgres_update/tasks/main.yml
index 8063d38..67b2455 100644
--- a/roles/postgres-update/tasks/main.yml
+++ b/roles/postgres_update/tasks/main.yml
@@ -5,20 +5,23 @@
 - name: start new postgres docker image
   docker_container:
     name: new-postgres
-    image: postgres:11
+    image: "postgres:{{ NEW_VERSION }}"
     state: started
     pull: yes
     restart: yes
     restart_policy: always
     volumes:
-    - "/var/p2pu/volumes/postgres-11/data:/var/lib/postgresql/data"
+    - "/var/p2pu/volumes/postgres-{{ NEW_VERSION }}/data:/var/lib/postgresql/data"
     env:
       POSTGRES_USER: "{{ PG_ADMIN_USER }}"
       POSTGRES_PASSWORD: "{{ PG_ADMIN_PASSWORD }}"
 
-# What about waiting for the db to be ready?
-# docker exec learning-circles-db-11 pg_isready
-# /var/run/postgresql:5432 - accepting connections
+- name: wait for postgres startup
+  shell: "docker run --rm --link new-postgres:postgres postgres:{{ NEW_VERSION }} pg_isready -h postgres"
+  register: result
+  until: result.stdout.find("accepting connections") != -1
+  retries: 10
+  delay: 10
 
 - name: load database dump
   shell: docker exec -i new-postgres psql -U "{{ PG_ADMIN_USER }}" < /root/db-migrate.dump
@@ -26,7 +29,7 @@
 - name: Remove postgres container used to migrate
   docker_container:
     name: new-postgres
-    image: postgres:11
+    image: "postgres:{{ NEW_VERSION }}"
     state: absent
     keep_volumes: yes
 

From c84b8eef740c20f04e6d15532dcdfdfed4e4f81c Mon Sep 17 00:00:00 2001
From: Dirk Uys <dirkcuys@gmail.com>
Date: Thu, 18 Apr 2024 12:57:19 +0200
Subject: [PATCH 2/2] Make sure passwords are scram encrypted. Note, passwords
 created using the postgres_user ansible module should be updated to force an
 update using scram.

---
 roles/learningcircles-app/tasks/main.yml | 2 ++
 roles/postgres_update/tasks/main.yml     | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/roles/learningcircles-app/tasks/main.yml b/roles/learningcircles-app/tasks/main.yml
index 8edb593..0771043 100644
--- a/roles/learningcircles-app/tasks/main.yml
+++ b/roles/learningcircles-app/tasks/main.yml
@@ -38,6 +38,8 @@
     login_host: "127.0.0.1"
     login_user: "{{PG_ADMIN_USER}}"
     login_password: "{{PG_ADMIN_PASSWORD}}"
+  environment:
+    PGOPTIONS: "-c password_encryption=scram-sha-256"
 
 - name: create postgres db
   postgresql_db:
diff --git a/roles/postgres_update/tasks/main.yml b/roles/postgres_update/tasks/main.yml
index 67b2455..04bead8 100644
--- a/roles/postgres_update/tasks/main.yml
+++ b/roles/postgres_update/tasks/main.yml
@@ -26,6 +26,9 @@
 - name: load database dump
   shell: docker exec -i new-postgres psql -U "{{ PG_ADMIN_USER }}" < /root/db-migrate.dump
 
+- name: set postgres password again to ensure it uses the default encryption
+  shell: docker exec -i new-postgres psql -U "{{ PG_ADMIN_USER }}" -c "ALTER ROLE postgres WITH LOGIN PASSWORD '{{PG_ADMIN_PASSWORD}}'"
+
 - name: Remove postgres container used to migrate
   docker_container:
     name: new-postgres