The test for the latest PostgreSQL version will always fail while
`postgresql` doesn't point to that, yet.
That's because `pg_dump` can only connect to older versions, so the
`postgresql` package that `pg-dump-anon` uses always needs to use the
very latest version.
The new `\restrict` migitation creates random keys in the dump file by
default, which breaks a before/after test for the backup module. By
making the restrict key reproducible, the test passes again.
...including a slightly more careful config around restarts, i.e.
* We have intervals of 5 seconds between restarts instead of 100ms.
* If we exceed 5 start attempts in 5*120s (with 120s being the timeout),
start job gets rate-limited and thus aborted. Do note that there are
at most 5 start attempts allowed in ~625s by default. If the startup
fails very quickly, either wait until the rate-limit is over or reset
the counter using `systemctl reset-failed postgresql.service`.
* The interval of 625s (plus 5s of buffer) are automatically derived
from RestartSec & TimeoutSec. Changing either will also affect
StartLimitIntervalSec unless overridden with `mkForce`.
This avoids restarting the postgresql server, when only ensureDatabases
or ensureUsers have been changed. It will also allow to properly wait
for recovery to finish later.
To wait for "postgresql is ready" in other services, we now provide a
postgresql.target.
Resolves#400018
Co-authored-by: Marcel <me@m4rc3l.de>
This changes the build to always enable JIT - but to only enable it at
run-time, when required. This keeps the runtime closure small without
JIT, but allows enabling it without a rebuild. We can do this, because
JIT is actually built as a shared module, which is loaded at run-time.
We put it into a -jit output and only link it into the environment when
requested.
Under the hood, this uses withPackages and adds the "JIT package" -
thus, to be able to use withPackages on top of that, we also need to be
able to apply withPackages repeatedly.
This cuts down the number of NixOS tests in half, because we don't need
to run it for every version with and without JIT anymore. There really
is no point in running everything with llvmjit.so in place, when the
queries are not making use of it anyway.
Also, we only need to build each extension once and not twice, further
reducing the number of rebuilds required for PRs touching postgresql.
Every postgresql testcase essentially does the following things:
* Filter `postgresqlVersions` for server packages
* Filter postgresql server packages for suitable ones (i.e. extensions
must support the given version)
* Generate an attribute-set of testcases
The first item became necessary in
7ab1e88833 given that
`postgresql/default.nix` now exposes JIT and non-JIT servers AND a
`libpq` that is not suitable for the tests here.
This changes restructures this a little bit, i.e.:
* Having an attribute-set that contains a bunch of postgresql servers
and a single client package seems odd (and the sole consumer of
`postgresqlVersions` in nixpkgs, the test suite, has to take that into
account). Hence, postgresql's default.nix now provides `libpq` (the client)
and a `postgresqlVersions` attribute with all supported JIT and non-JIT
variants of postgresql.
* Each test-case gets a third argument, a function called `genTests`:
this function sets `recurseForDerivations = true;` and generates an
attribute-set of tests for each postgresql version given a function
that returns a testcase or multiple test-cases (`makeTestFor`). The
argument to `makeTestFor` is a postgresql server package.
This function also accepts a filter predicate that is passed against
`filterAttrs` to remove postgresql server packages that are not
suitable for the test (e.g. because the version isn't supported by the
extension to test).
I checked by making sure that the `.drv` doesn't change on staging with
this change on top for postgresq, postgresql-jit,
postgresql-wal-receiver, postgresql-tls-client-cert, anonymizer, pgjwt,
pgvecto-rs, timescaledb, tsja and wal2json.
PostgreSQL with JIT support enabled doesn't work with plv8. Hence, we'd
get an evaluation failure for each
`nixosTests.postgresql.postgresql.postgresql_jit_X`.
This should be restructured in the future (less VM tests for custom
extensions, but a single VM test for this case to cover). For now, we
should get this fix out and this is a good-enough approach.
The plv8 plugin requires access to pkey syscalls. The execution will
crash hard when it is not allowed by the syscall filter.
Co-Authored-By: Jan Tojnar <jtojnar@gmail.com>
This was intended for quite some time already, but ever since enableJIT
was changed to be the source of truth of JIT-iness for the PostgreSQL
module, this hasn't worked for the tests anymore.
