core: bump django from 4.1.7 to 4.2 (#5238)
* core: bump django from 4.1.7 to 4.2 (#5151) * core: bump django from 4.1.7 to 4.2 Bumps [django](https://github.com/django/django) from 4.1.7 to 4.2. - [Release notes](https://github.com/django/django/releases) - [Commits](https://github.com/django/django/compare/4.1.7...4.2) --- updated-dependencies: - dependency-name: django dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * upgrade to psycopg3, use custom engine for prometheus metrics See https://github.com/korfuri/django-prometheus/issues/350 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make scripts use pscopg3 Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start changelog Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial postgres upgrade guide Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Apply suggestions from code review Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update header Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
parent
30d32022e5
commit
cc6824fd7c
2
.github/workflows/ci-main.yml
vendored
2
.github/workflows/ci-main.yml
vendored
|
@ -88,8 +88,8 @@ jobs:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
psql:
|
psql:
|
||||||
- 11-alpine
|
|
||||||
- 12-alpine
|
- 12-alpine
|
||||||
|
- 15-alpine
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- name: Setup authentik env
|
- name: Setup authentik env
|
||||||
|
|
|
@ -98,7 +98,7 @@ def traces_sampler(sampling_context: dict) -> float:
|
||||||
def before_send(event: dict, hint: dict) -> Optional[dict]:
|
def before_send(event: dict, hint: dict) -> Optional[dict]:
|
||||||
"""Check if error is database error, and ignore if so"""
|
"""Check if error is database error, and ignore if so"""
|
||||||
# pylint: disable=no-name-in-module
|
# pylint: disable=no-name-in-module
|
||||||
from psycopg2.errors import Error
|
from psycopg.errors import Error
|
||||||
|
|
||||||
ignored_classes = (
|
ignored_classes = (
|
||||||
# Inbuilt types
|
# Inbuilt types
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
from functools import lru_cache
|
from functools import lru_cache
|
||||||
from uuid import uuid4
|
from uuid import uuid4
|
||||||
|
|
||||||
from psycopg2 import connect
|
from psycopg import connect
|
||||||
|
|
||||||
from authentik.lib.config import CONFIG
|
from authentik.lib.config import CONFIG
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ from inspect import getmembers, isclass
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
from typing import Any
|
from typing import Any
|
||||||
|
|
||||||
from psycopg2 import connect
|
from psycopg import connect
|
||||||
from structlog.stdlib import get_logger
|
from structlog.stdlib import get_logger
|
||||||
|
|
||||||
from authentik.lib.config import CONFIG
|
from authentik.lib.config import CONFIG
|
||||||
|
|
|
@ -5,7 +5,7 @@ from sys import exit as sysexit
|
||||||
from time import sleep
|
from time import sleep
|
||||||
from urllib.parse import quote_plus
|
from urllib.parse import quote_plus
|
||||||
|
|
||||||
from psycopg2 import OperationalError, connect
|
from psycopg import OperationalError, connect
|
||||||
from redis import Redis
|
from redis import Redis
|
||||||
from redis.exceptions import RedisError
|
from redis.exceptions import RedisError
|
||||||
|
|
||||||
|
|
1127
poetry.lock
generated
1127
poetry.lock
generated
File diff suppressed because it is too large
Load diff
|
@ -127,7 +127,7 @@ colorama = "*"
|
||||||
dacite = "*"
|
dacite = "*"
|
||||||
deepmerge = "*"
|
deepmerge = "*"
|
||||||
defusedxml = "*"
|
defusedxml = "*"
|
||||||
django = "<4.2.0"
|
django = "*"
|
||||||
django-filter = "*"
|
django-filter = "*"
|
||||||
django-guardian = "*"
|
django-guardian = "*"
|
||||||
django-model-utils = "*"
|
django-model-utils = "*"
|
||||||
|
@ -150,7 +150,7 @@ lxml = "*"
|
||||||
opencontainers = { extras = ["reggie"], version = "*" }
|
opencontainers = { extras = ["reggie"], version = "*" }
|
||||||
packaging = "*"
|
packaging = "*"
|
||||||
paramiko = "*"
|
paramiko = "*"
|
||||||
psycopg2-binary = "*"
|
psycopg = { extras = ["binary"], version = "*" }
|
||||||
pycryptodome = "*"
|
pycryptodome = "*"
|
||||||
pydantic = "<2.0.0"
|
pydantic = "<2.0.0"
|
||||||
pydantic-scim = "^0.0.7"
|
pydantic-scim = "^0.0.7"
|
||||||
|
|
49
website/docs/releases/2023/v2023.7.md
Normal file
49
website/docs/releases/2023/v2023.7.md
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
---
|
||||||
|
title: Release 2023.7
|
||||||
|
slug: "/releases/2023.7"
|
||||||
|
---
|
||||||
|
|
||||||
|
## Breaking changes
|
||||||
|
|
||||||
|
- Removal of PostgreSQL 11 support
|
||||||
|
|
||||||
|
As announced in the [2023.5](./v2023.5.md) release notes (and postponed by a release), this release requires PostgreSQL 12 or newer. This is due to a changed requirement in a framework we use, Django.
|
||||||
|
|
||||||
|
This does not affect docker-compose installations (as these already ship with PostgreSQL 12), however it is still recommended to upgrade to a newer version when convenient.
|
||||||
|
|
||||||
|
For Kubernetes install, a manual one-time migration has to be done: [Upgrading PostgreSQL on Kubernetes](../../troubleshooting/postgres/upgrade_kubernetes.md)
|
||||||
|
|
||||||
|
## New features
|
||||||
|
|
||||||
|
## Upgrading
|
||||||
|
|
||||||
|
This release does not introduce any new requirements.
|
||||||
|
|
||||||
|
### docker-compose
|
||||||
|
|
||||||
|
To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
|
||||||
|
|
||||||
|
```
|
||||||
|
wget -O docker-compose.yml https://goauthentik.io/version/2023.7/docker-compose.yml
|
||||||
|
docker-compose up -d
|
||||||
|
```
|
||||||
|
|
||||||
|
The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name.
|
||||||
|
|
||||||
|
### Kubernetes
|
||||||
|
|
||||||
|
Update your values to use the new images:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/goauthentik/server
|
||||||
|
tag: 2023.7.0
|
||||||
|
```
|
||||||
|
|
||||||
|
## Minor changes/fixes
|
||||||
|
|
||||||
|
<!-- _Insert the output of `make gen-changelog` here_ -->
|
||||||
|
|
||||||
|
## API Changes
|
||||||
|
|
||||||
|
<!-- _Insert output of `make gen-diff` here_ -->
|
98
website/docs/troubleshooting/postgres/upgrade_kubernetes.md
Normal file
98
website/docs/troubleshooting/postgres/upgrade_kubernetes.md
Normal file
|
@ -0,0 +1,98 @@
|
||||||
|
---
|
||||||
|
title: Upgrade PostgreSQL on Kubernetes
|
||||||
|
---
|
||||||
|
|
||||||
|
## Preparation
|
||||||
|
|
||||||
|
- `authentik-postgresql-0` is the Kubernetes Pod running PostgreSQL.
|
||||||
|
|
||||||
|
### Prerequisites
|
||||||
|
|
||||||
|
This migration requires some downtime, during which authentik must be stopped. To do this, run the following command:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
kubectl scale deploy --replicas 0 authentik-server
|
||||||
|
kubectl scale deploy --replicas 0 authentik-worker
|
||||||
|
```
|
||||||
|
|
||||||
|
### Dump the current database
|
||||||
|
|
||||||
|
Run `kubectl exec -it authentik-postgresql-0 -- bash` to get a shell in the PostgreSQL pod.
|
||||||
|
|
||||||
|
Run the following commands to dump the current data into a `.sql` file:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
# This is the path where the PVC is mounted, so we'll place the dump here too
|
||||||
|
cd /bitnami/postgresql/
|
||||||
|
# Set the postgres password based on the `POSTGRES_POSTGRES_PASSWORD` environment variable
|
||||||
|
export PGPASSWORD=$POSTGRES_POSTGRES_PASSWORD
|
||||||
|
# Dump the authentik database into an sql file
|
||||||
|
pg_dump -U postgres $POSTGRES_DB > dump-11.sql
|
||||||
|
```
|
||||||
|
|
||||||
|
### Stop PostgreSQL and start the upgrade
|
||||||
|
|
||||||
|
To upgrade, change the following entries in your `values.yaml` used to deploy authentik:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
postgresql:
|
||||||
|
diagnosticMode:
|
||||||
|
enabled: true
|
||||||
|
image:
|
||||||
|
tag: 15.2.0-debian-11-r26
|
||||||
|
```
|
||||||
|
|
||||||
|
Now run `helm upgrade --install authentik authentik/authentik -f values.yaml` to apply these changes. Depending on your configuration, you might have to repeat the steps from [Prerequisites](#prerequisites).
|
||||||
|
|
||||||
|
After the upgrade is finished, you should have a new PostgreSQL pod running with the updated image.
|
||||||
|
|
||||||
|
### Remove the old data
|
||||||
|
|
||||||
|
Because the PVC mounted by the PostgreSQL pod still contains the old data, we need to remove/rename that data, so that PostgreSQL can initialize it with the new version.
|
||||||
|
|
||||||
|
Run `kubectl exec -it authentik-postgresql-0 -- bash` to get a shell in the PostgreSQL pod.
|
||||||
|
|
||||||
|
Run the following commands to move the old data:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
# This is the path where the PVC is mounted
|
||||||
|
cd /bitnami/postgresql/
|
||||||
|
# Move Postgres' data folder to data-11, which is the version we're upgrading to.
|
||||||
|
# The data folder can also be deleted; however it is recommended to rename it first
|
||||||
|
# in case the upgrade fails.
|
||||||
|
mv data data-11
|
||||||
|
```
|
||||||
|
|
||||||
|
### Restart PostgreSQL
|
||||||
|
|
||||||
|
In the step [Stop PostgreSQL and start the upgrade](#stop-postgresql-and-start-the-upgrade), we enabled the _diagnostic mode_, which means the PostgreSQL pod is running, but the actual Postgres process isn't running. Now that we've removed the old data directory, we can disable the diagnostic mode.
|
||||||
|
|
||||||
|
Once again, change the following entries in your `values.yaml` used to deploy authentik:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
postgresql:
|
||||||
|
image:
|
||||||
|
tag: 15.2.0-debian-11-r26
|
||||||
|
```
|
||||||
|
|
||||||
|
And once again run `helm upgrade --install authentik authentik/authentik -f values.yaml` to apply these changes. Depending on your configuration, you might have to repeat the steps from [Prerequisites](#prerequisites).
|
||||||
|
|
||||||
|
After the PostgreSQL pod is running again, we need to restore the data from the dump we created above.
|
||||||
|
|
||||||
|
Run `kubectl exec -it authentik-postgresql-0 -- bash` to get a shell in the PostgreSQL pod.
|
||||||
|
|
||||||
|
Run the following commands to restore the data:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
# This is the path where the PVC is mounted
|
||||||
|
cd /bitnami/postgresql/
|
||||||
|
# Set the Postgres password based on the `POSTGRES_POSTGRES_PASSWORD` environment variable.
|
||||||
|
export PGPASSWORD=$POSTGRES_POSTGRES_PASSWORD
|
||||||
|
psql -U postgres $POSTGRES_DB < dump-11.sql
|
||||||
|
```
|
||||||
|
|
||||||
|
After the last command finishes, all of the data is restored, and you can restart authentik.
|
||||||
|
|
||||||
|
### Restarting authentik
|
||||||
|
|
||||||
|
Run `helm upgrade --install authentik authentik/authentik -f values.yaml` once again, which will restart your authentik server and worker containers.
|
|
@ -303,6 +303,11 @@ module.exports = {
|
||||||
"Steps to help debug forward auth setups with various reverse proxies.",
|
"Steps to help debug forward auth setups with various reverse proxies.",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
type: "category",
|
||||||
|
label: "PostgreSQL",
|
||||||
|
items: ["troubleshooting/postgres/upgrade_kubernetes"],
|
||||||
|
},
|
||||||
"troubleshooting/access",
|
"troubleshooting/access",
|
||||||
"troubleshooting/login",
|
"troubleshooting/login",
|
||||||
"troubleshooting/image_upload",
|
"troubleshooting/image_upload",
|
||||||
|
|
Reference in a new issue