core: bump django from 4.1.7 to 4.2 (#5238)

* core: bump django from 4.1.7 to 4.2 (#5151)

* core: bump django from 4.1.7 to 4.2

Bumps [django](https://github.com/django/django) from 4.1.7 to 4.2.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/4.1.7...4.2)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* upgrade to psycopg3, use custom engine for prometheus metrics

See https://github.com/korfuri/django-prometheus/issues/350

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make scripts use pscopg3

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start changelog

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* initial postgres upgrade guide

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
Jens L 2023-08-01 19:30:28 +02:00 committed by GitHub
parent 30d32022e5
commit cc6824fd7c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 773 additions and 520 deletions

View file

@ -88,8 +88,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
psql: psql:
- 11-alpine
- 12-alpine - 12-alpine
- 15-alpine
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Setup authentik env - name: Setup authentik env

View file

@ -98,7 +98,7 @@ def traces_sampler(sampling_context: dict) -> float:
def before_send(event: dict, hint: dict) -> Optional[dict]: def before_send(event: dict, hint: dict) -> Optional[dict]:
"""Check if error is database error, and ignore if so""" """Check if error is database error, and ignore if so"""
# pylint: disable=no-name-in-module # pylint: disable=no-name-in-module
from psycopg2.errors import Error from psycopg.errors import Error
ignored_classes = ( ignored_classes = (
# Inbuilt types # Inbuilt types

View file

@ -2,7 +2,7 @@
from functools import lru_cache from functools import lru_cache
from uuid import uuid4 from uuid import uuid4
from psycopg2 import connect from psycopg import connect
from authentik.lib.config import CONFIG from authentik.lib.config import CONFIG

View file

@ -6,7 +6,7 @@ from inspect import getmembers, isclass
from pathlib import Path from pathlib import Path
from typing import Any from typing import Any
from psycopg2 import connect from psycopg import connect
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.lib.config import CONFIG from authentik.lib.config import CONFIG

View file

@ -5,7 +5,7 @@ from sys import exit as sysexit
from time import sleep from time import sleep
from urllib.parse import quote_plus from urllib.parse import quote_plus
from psycopg2 import OperationalError, connect from psycopg import OperationalError, connect
from redis import Redis from redis import Redis
from redis.exceptions import RedisError from redis.exceptions import RedisError

1127
poetry.lock generated

File diff suppressed because it is too large Load diff

View file

@ -127,7 +127,7 @@ colorama = "*"
dacite = "*" dacite = "*"
deepmerge = "*" deepmerge = "*"
defusedxml = "*" defusedxml = "*"
django = "<4.2.0" django = "*"
django-filter = "*" django-filter = "*"
django-guardian = "*" django-guardian = "*"
django-model-utils = "*" django-model-utils = "*"
@ -150,7 +150,7 @@ lxml = "*"
opencontainers = { extras = ["reggie"], version = "*" } opencontainers = { extras = ["reggie"], version = "*" }
packaging = "*" packaging = "*"
paramiko = "*" paramiko = "*"
psycopg2-binary = "*" psycopg = { extras = ["binary"], version = "*" }
pycryptodome = "*" pycryptodome = "*"
pydantic = "<2.0.0" pydantic = "<2.0.0"
pydantic-scim = "^0.0.7" pydantic-scim = "^0.0.7"

View file

@ -0,0 +1,49 @@
---
title: Release 2023.7
slug: "/releases/2023.7"
---
## Breaking changes
- Removal of PostgreSQL 11 support
As announced in the [2023.5](./v2023.5.md) release notes (and postponed by a release), this release requires PostgreSQL 12 or newer. This is due to a changed requirement in a framework we use, Django.
This does not affect docker-compose installations (as these already ship with PostgreSQL 12), however it is still recommended to upgrade to a newer version when convenient.
For Kubernetes install, a manual one-time migration has to be done: [Upgrading PostgreSQL on Kubernetes](../../troubleshooting/postgres/upgrade_kubernetes.md)
## New features
## Upgrading
This release does not introduce any new requirements.
### docker-compose
To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
```
wget -O docker-compose.yml https://goauthentik.io/version/2023.7/docker-compose.yml
docker-compose up -d
```
The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name.
### Kubernetes
Update your values to use the new images:
```yaml
image:
repository: ghcr.io/goauthentik/server
tag: 2023.7.0
```
## Minor changes/fixes
<!-- _Insert the output of `make gen-changelog` here_ -->
## API Changes
<!-- _Insert output of `make gen-diff` here_ -->

View file

@ -0,0 +1,98 @@
---
title: Upgrade PostgreSQL on Kubernetes
---
## Preparation
- `authentik-postgresql-0` is the Kubernetes Pod running PostgreSQL.
### Prerequisites
This migration requires some downtime, during which authentik must be stopped. To do this, run the following command:
```shell
kubectl scale deploy --replicas 0 authentik-server
kubectl scale deploy --replicas 0 authentik-worker
```
### Dump the current database
Run `kubectl exec -it authentik-postgresql-0 -- bash` to get a shell in the PostgreSQL pod.
Run the following commands to dump the current data into a `.sql` file:
```shell
# This is the path where the PVC is mounted, so we'll place the dump here too
cd /bitnami/postgresql/
# Set the postgres password based on the `POSTGRES_POSTGRES_PASSWORD` environment variable
export PGPASSWORD=$POSTGRES_POSTGRES_PASSWORD
# Dump the authentik database into an sql file
pg_dump -U postgres $POSTGRES_DB > dump-11.sql
```
### Stop PostgreSQL and start the upgrade
To upgrade, change the following entries in your `values.yaml` used to deploy authentik:
```yaml
postgresql:
diagnosticMode:
enabled: true
image:
tag: 15.2.0-debian-11-r26
```
Now run `helm upgrade --install authentik authentik/authentik -f values.yaml` to apply these changes. Depending on your configuration, you might have to repeat the steps from [Prerequisites](#prerequisites).
After the upgrade is finished, you should have a new PostgreSQL pod running with the updated image.
### Remove the old data
Because the PVC mounted by the PostgreSQL pod still contains the old data, we need to remove/rename that data, so that PostgreSQL can initialize it with the new version.
Run `kubectl exec -it authentik-postgresql-0 -- bash` to get a shell in the PostgreSQL pod.
Run the following commands to move the old data:
```shell
# This is the path where the PVC is mounted
cd /bitnami/postgresql/
# Move Postgres' data folder to data-11, which is the version we're upgrading to.
# The data folder can also be deleted; however it is recommended to rename it first
# in case the upgrade fails.
mv data data-11
```
### Restart PostgreSQL
In the step [Stop PostgreSQL and start the upgrade](#stop-postgresql-and-start-the-upgrade), we enabled the _diagnostic mode_, which means the PostgreSQL pod is running, but the actual Postgres process isn't running. Now that we've removed the old data directory, we can disable the diagnostic mode.
Once again, change the following entries in your `values.yaml` used to deploy authentik:
```yaml
postgresql:
image:
tag: 15.2.0-debian-11-r26
```
And once again run `helm upgrade --install authentik authentik/authentik -f values.yaml` to apply these changes. Depending on your configuration, you might have to repeat the steps from [Prerequisites](#prerequisites).
After the PostgreSQL pod is running again, we need to restore the data from the dump we created above.
Run `kubectl exec -it authentik-postgresql-0 -- bash` to get a shell in the PostgreSQL pod.
Run the following commands to restore the data:
```shell
# This is the path where the PVC is mounted
cd /bitnami/postgresql/
# Set the Postgres password based on the `POSTGRES_POSTGRES_PASSWORD` environment variable.
export PGPASSWORD=$POSTGRES_POSTGRES_PASSWORD
psql -U postgres $POSTGRES_DB < dump-11.sql
```
After the last command finishes, all of the data is restored, and you can restart authentik.
### Restarting authentik
Run `helm upgrade --install authentik authentik/authentik -f values.yaml` once again, which will restart your authentik server and worker containers.

View file

@ -303,6 +303,11 @@ module.exports = {
"Steps to help debug forward auth setups with various reverse proxies.", "Steps to help debug forward auth setups with various reverse proxies.",
}, },
}, },
{
type: "category",
label: "PostgreSQL",
items: ["troubleshooting/postgres/upgrade_kubernetes"],
},
"troubleshooting/access", "troubleshooting/access",
"troubleshooting/login", "troubleshooting/login",
"troubleshooting/image_upload", "troubleshooting/image_upload",