core: bump django from 4.1.7 to 4.2 (#5238)
* core: bump django from 4.1.7 to 4.2 (#5151) * core: bump django from 4.1.7 to 4.2 Bumps [django](https://github.com/django/django) from 4.1.7 to 4.2. - [Release notes](https://github.com/django/django/releases) - [Commits](https://github.com/django/django/compare/4.1.7...4.2) --- updated-dependencies: - dependency-name: django dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * upgrade to psycopg3, use custom engine for prometheus metrics See https://github.com/korfuri/django-prometheus/issues/350 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make scripts use pscopg3 Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start changelog Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial postgres upgrade guide Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Apply suggestions from code review Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update header Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
parent
30d32022e5
commit
cc6824fd7c
2
.github/workflows/ci-main.yml
vendored
2
.github/workflows/ci-main.yml
vendored
|
@ -88,8 +88,8 @@ jobs:
|
|||
fail-fast: false
|
||||
matrix:
|
||||
psql:
|
||||
- 11-alpine
|
||||
- 12-alpine
|
||||
- 15-alpine
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Setup authentik env
|
||||
|
|
|
@ -98,7 +98,7 @@ def traces_sampler(sampling_context: dict) -> float:
|
|||
def before_send(event: dict, hint: dict) -> Optional[dict]:
|
||||
"""Check if error is database error, and ignore if so"""
|
||||
# pylint: disable=no-name-in-module
|
||||
from psycopg2.errors import Error
|
||||
from psycopg.errors import Error
|
||||
|
||||
ignored_classes = (
|
||||
# Inbuilt types
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
from functools import lru_cache
|
||||
from uuid import uuid4
|
||||
|
||||
from psycopg2 import connect
|
||||
from psycopg import connect
|
||||
|
||||
from authentik.lib.config import CONFIG
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ from inspect import getmembers, isclass
|
|||
from pathlib import Path
|
||||
from typing import Any
|
||||
|
||||
from psycopg2 import connect
|
||||
from psycopg import connect
|
||||
from structlog.stdlib import get_logger
|
||||
|
||||
from authentik.lib.config import CONFIG
|
||||
|
|
|
@ -5,7 +5,7 @@ from sys import exit as sysexit
|
|||
from time import sleep
|
||||
from urllib.parse import quote_plus
|
||||
|
||||
from psycopg2 import OperationalError, connect
|
||||
from psycopg import OperationalError, connect
|
||||
from redis import Redis
|
||||
from redis.exceptions import RedisError
|
||||
|
||||
|
|
1127
poetry.lock
generated
1127
poetry.lock
generated
File diff suppressed because it is too large
Load diff
|
@ -127,7 +127,7 @@ colorama = "*"
|
|||
dacite = "*"
|
||||
deepmerge = "*"
|
||||
defusedxml = "*"
|
||||
django = "<4.2.0"
|
||||
django = "*"
|
||||
django-filter = "*"
|
||||
django-guardian = "*"
|
||||
django-model-utils = "*"
|
||||
|
@ -150,7 +150,7 @@ lxml = "*"
|
|||
opencontainers = { extras = ["reggie"], version = "*" }
|
||||
packaging = "*"
|
||||
paramiko = "*"
|
||||
psycopg2-binary = "*"
|
||||
psycopg = { extras = ["binary"], version = "*" }
|
||||
pycryptodome = "*"
|
||||
pydantic = "<2.0.0"
|
||||
pydantic-scim = "^0.0.7"
|
||||
|
|
49
website/docs/releases/2023/v2023.7.md
Normal file
49
website/docs/releases/2023/v2023.7.md
Normal file
|
@ -0,0 +1,49 @@
|
|||
---
|
||||
title: Release 2023.7
|
||||
slug: "/releases/2023.7"
|
||||
---
|
||||
|
||||
## Breaking changes
|
||||
|
||||
- Removal of PostgreSQL 11 support
|
||||
|
||||
As announced in the [2023.5](./v2023.5.md) release notes (and postponed by a release), this release requires PostgreSQL 12 or newer. This is due to a changed requirement in a framework we use, Django.
|
||||
|
||||
This does not affect docker-compose installations (as these already ship with PostgreSQL 12), however it is still recommended to upgrade to a newer version when convenient.
|
||||
|
||||
For Kubernetes install, a manual one-time migration has to be done: [Upgrading PostgreSQL on Kubernetes](../../troubleshooting/postgres/upgrade_kubernetes.md)
|
||||
|
||||
## New features
|
||||
|
||||
## Upgrading
|
||||
|
||||
This release does not introduce any new requirements.
|
||||
|
||||
### docker-compose
|
||||
|
||||
To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
|
||||
|
||||
```
|
||||
wget -O docker-compose.yml https://goauthentik.io/version/2023.7/docker-compose.yml
|
||||
docker-compose up -d
|
||||
```
|
||||
|
||||
The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name.
|
||||
|
||||
### Kubernetes
|
||||
|
||||
Update your values to use the new images:
|
||||
|
||||
```yaml
|
||||
image:
|
||||
repository: ghcr.io/goauthentik/server
|
||||
tag: 2023.7.0
|
||||
```
|
||||
|
||||
## Minor changes/fixes
|
||||
|
||||
<!-- _Insert the output of `make gen-changelog` here_ -->
|
||||
|
||||
## API Changes
|
||||
|
||||
<!-- _Insert output of `make gen-diff` here_ -->
|
98
website/docs/troubleshooting/postgres/upgrade_kubernetes.md
Normal file
98
website/docs/troubleshooting/postgres/upgrade_kubernetes.md
Normal file
|
@ -0,0 +1,98 @@
|
|||
---
|
||||
title: Upgrade PostgreSQL on Kubernetes
|
||||
---
|
||||
|
||||
## Preparation
|
||||
|
||||
- `authentik-postgresql-0` is the Kubernetes Pod running PostgreSQL.
|
||||
|
||||
### Prerequisites
|
||||
|
||||
This migration requires some downtime, during which authentik must be stopped. To do this, run the following command:
|
||||
|
||||
```shell
|
||||
kubectl scale deploy --replicas 0 authentik-server
|
||||
kubectl scale deploy --replicas 0 authentik-worker
|
||||
```
|
||||
|
||||
### Dump the current database
|
||||
|
||||
Run `kubectl exec -it authentik-postgresql-0 -- bash` to get a shell in the PostgreSQL pod.
|
||||
|
||||
Run the following commands to dump the current data into a `.sql` file:
|
||||
|
||||
```shell
|
||||
# This is the path where the PVC is mounted, so we'll place the dump here too
|
||||
cd /bitnami/postgresql/
|
||||
# Set the postgres password based on the `POSTGRES_POSTGRES_PASSWORD` environment variable
|
||||
export PGPASSWORD=$POSTGRES_POSTGRES_PASSWORD
|
||||
# Dump the authentik database into an sql file
|
||||
pg_dump -U postgres $POSTGRES_DB > dump-11.sql
|
||||
```
|
||||
|
||||
### Stop PostgreSQL and start the upgrade
|
||||
|
||||
To upgrade, change the following entries in your `values.yaml` used to deploy authentik:
|
||||
|
||||
```yaml
|
||||
postgresql:
|
||||
diagnosticMode:
|
||||
enabled: true
|
||||
image:
|
||||
tag: 15.2.0-debian-11-r26
|
||||
```
|
||||
|
||||
Now run `helm upgrade --install authentik authentik/authentik -f values.yaml` to apply these changes. Depending on your configuration, you might have to repeat the steps from [Prerequisites](#prerequisites).
|
||||
|
||||
After the upgrade is finished, you should have a new PostgreSQL pod running with the updated image.
|
||||
|
||||
### Remove the old data
|
||||
|
||||
Because the PVC mounted by the PostgreSQL pod still contains the old data, we need to remove/rename that data, so that PostgreSQL can initialize it with the new version.
|
||||
|
||||
Run `kubectl exec -it authentik-postgresql-0 -- bash` to get a shell in the PostgreSQL pod.
|
||||
|
||||
Run the following commands to move the old data:
|
||||
|
||||
```shell
|
||||
# This is the path where the PVC is mounted
|
||||
cd /bitnami/postgresql/
|
||||
# Move Postgres' data folder to data-11, which is the version we're upgrading to.
|
||||
# The data folder can also be deleted; however it is recommended to rename it first
|
||||
# in case the upgrade fails.
|
||||
mv data data-11
|
||||
```
|
||||
|
||||
### Restart PostgreSQL
|
||||
|
||||
In the step [Stop PostgreSQL and start the upgrade](#stop-postgresql-and-start-the-upgrade), we enabled the _diagnostic mode_, which means the PostgreSQL pod is running, but the actual Postgres process isn't running. Now that we've removed the old data directory, we can disable the diagnostic mode.
|
||||
|
||||
Once again, change the following entries in your `values.yaml` used to deploy authentik:
|
||||
|
||||
```yaml
|
||||
postgresql:
|
||||
image:
|
||||
tag: 15.2.0-debian-11-r26
|
||||
```
|
||||
|
||||
And once again run `helm upgrade --install authentik authentik/authentik -f values.yaml` to apply these changes. Depending on your configuration, you might have to repeat the steps from [Prerequisites](#prerequisites).
|
||||
|
||||
After the PostgreSQL pod is running again, we need to restore the data from the dump we created above.
|
||||
|
||||
Run `kubectl exec -it authentik-postgresql-0 -- bash` to get a shell in the PostgreSQL pod.
|
||||
|
||||
Run the following commands to restore the data:
|
||||
|
||||
```shell
|
||||
# This is the path where the PVC is mounted
|
||||
cd /bitnami/postgresql/
|
||||
# Set the Postgres password based on the `POSTGRES_POSTGRES_PASSWORD` environment variable.
|
||||
export PGPASSWORD=$POSTGRES_POSTGRES_PASSWORD
|
||||
psql -U postgres $POSTGRES_DB < dump-11.sql
|
||||
```
|
||||
|
||||
After the last command finishes, all of the data is restored, and you can restart authentik.
|
||||
|
||||
### Restarting authentik
|
||||
|
||||
Run `helm upgrade --install authentik authentik/authentik -f values.yaml` once again, which will restart your authentik server and worker containers.
|
|
@ -303,6 +303,11 @@ module.exports = {
|
|||
"Steps to help debug forward auth setups with various reverse proxies.",
|
||||
},
|
||||
},
|
||||
{
|
||||
type: "category",
|
||||
label: "PostgreSQL",
|
||||
items: ["troubleshooting/postgres/upgrade_kubernetes"],
|
||||
},
|
||||
"troubleshooting/access",
|
||||
"troubleshooting/login",
|
||||
"troubleshooting/image_upload",
|
||||
|
|
Reference in a new issue