chore: preserve binaries across reboots (#708)

* chore: preserve binaries across reboots

* chore: add shims

* chore: reference binaries using dangling symlinks

Author: pcnc

docker/all-in-one/Dockerfile

@@ -138,17 +138,25 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     less \
     # pg_egress_collect deps
     tcpdump libio-async-perl \
-    && rm -rf /var/lib/apt/lists/* /tmp/*
+    && rm -rf /var/lib/apt/lists/* /tmp/* \
+    && mkdir -p /dist \
+    && mkdir -p /data/opt && chmod go+rwx /data/opt
 
 # Copy single binary dependencies
-COPY --from=pgrst /bin/postgrest /opt/
-COPY --from=gotrue /usr/local/bin/gotrue /opt/gotrue/
+COPY --from=pgrst /bin/postgrest /dist/
+COPY --from=gotrue /usr/local/bin/gotrue /dist/
 COPY --from=gotrue /usr/local/etc/gotrue /opt/gotrue/
-COPY --from=adminapi /tmp/supabase-admin-api /opt/
-COPY --chown=root:root --from=adminmgr /tmp/admin-mgr /usr/bin/
+COPY --from=adminapi /tmp/supabase-admin-api /dist/
+COPY --chown=root:root --from=adminmgr /tmp/admin-mgr /dist/
 COPY --from=exporter /tmp/postgres_exporter /opt/postgres_exporter/
 COPY docker/all-in-one/opt/postgres_exporter /opt/postgres_exporter/
 
+# Configuring dangling symlinks for binaries
+RUN ln -s /data/opt/supabase-admin-api /opt/supabase-admin-api \
+    && ln -s /data/opt/postgrest /opt/postgrest \
+    && ln -s /data/opt/gotrue /opt/gotrue/gotrue \
+    && ln -s /data/opt/admin-mgr /usr/bin/admin-mgr
+
 # Scripts for adminapi
 COPY ansible/files/admin_api_scripts /root 
 COPY --chown=adminapi:adminapi docker/all-in-one/etc/adminapi /etc/adminapi
@@ -175,6 +183,7 @@ COPY docker/all-in-one/etc/fail2ban/filter.d /etc/fail2ban/filter.d/
 COPY docker/all-in-one/etc/fail2ban/jail.d /etc/fail2ban/jail.d/
 
 # Customizations for postgrest
+COPY --chown=postgrest:postgrest docker/all-in-one/etc/postgrest/bootstrap.sh /etc/postgrest/bootstrap.sh
 COPY --chown=postgrest:postgrest docker/all-in-one/etc/postgrest/base.conf /etc/postgrest/base.conf
 COPY --chown=postgrest:postgrest docker/all-in-one/etc/postgrest/generated.conf /etc/postgrest/generated.conf
 
@@ -192,7 +201,8 @@ COPY --chown=vector:vector docker/all-in-one/etc/vector/vector.yaml /etc/vector/
 COPY docker/all-in-one/etc/supervisor /etc/supervisor
 
 # Customizations for supa-shutdown
-COPY  --chown=adminapi:adminapi docker/all-in-one/etc/supa-shutdown /etc/supa-shutdown
+COPY --chown=adminapi:adminapi docker/all-in-one/etc/supa-shutdown /etc/supa-shutdown
+COPY docker/all-in-one/configure-shim.sh /usr/local/bin/configure-shim.sh
 
 # Configure service ports
 ENV PGRST_SERVER_PORT=3000
@@ -229,7 +239,13 @@ RUN useradd --create-home --shell /bin/bash postgrest && \
 RUN mkdir -p /etc/wal-g && \
     chown -R adminapi:adminapi /etc/wal-g && \
     chmod g+w /etc/wal-g
-RUN mkdir -p /var/log/wal-g && chown -R postgres:postgres /var/log/wal-g && chmod +x /usr/bin/admin-mgr && chmod ug+s /usr/bin/admin-mgr && touch /etc/wal-g/config.json && chown adminapi:adminapi /etc/wal-g/config.json && echo '{}' > /etc/wal-g/config.json
+RUN mkdir -p /var/log/wal-g \
+    && chown -R postgres:postgres /var/log/wal-g \
+    && chmod +x /dist/admin-mgr \
+    && chmod ug+s /dist/admin-mgr \
+    && touch /etc/wal-g/config.json \
+    && chown adminapi:adminapi /etc/wal-g/config.json \
+    && echo '{}' > /etc/wal-g/config.json
 RUN chown -R adminapi:adminapi /etc/adminapi
 
 # Add healthcheck and entrypoint scripts

docker/all-in-one/configure-shim.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+INITIAL_BINARY_PATH=$1
+SYMLINK_PATH=$2
+
+SYMLINK_TARGET=$(readlink -f "$SYMLINK_PATH")
+
+if [ ! -f "$SYMLINK_TARGET" ]; then
+  cp "$INITIAL_BINARY_PATH" "$SYMLINK_TARGET"
+
+  PERMS=$(stat -c "%a" "$INITIAL_BINARY_PATH")
+  chmod "$PERMS" "$SYMLINK_TARGET"
+
+  OWNER_GROUP=$(stat -c "%u:%g" "$INITIAL_BINARY_PATH")
+  chown "$OWNER_GROUP" "$SYMLINK_TARGET"
+fi

docker/all-in-one/entrypoint.sh

@@ -86,6 +86,7 @@ function setup_postgres {
     $PG_CONF
 
   if [ "${DATA_VOLUME_MOUNTPOINT}" ]; then
+    /usr/local/bin/configure-shim.sh /dist/supabase-admin-api /opt/supabase-admin-api
     /opt/supabase-admin-api optimize db --destination-config-file-path /etc/postgresql-custom/generated-optimizations.conf
 
     # Preserve postgresql configs across restarts
@@ -184,7 +185,7 @@ export INIT_PAYLOAD_PATH=${INIT_PAYLOAD_PATH:-/tmp/payload.tar.gz}
 
 if [ "${INIT_PAYLOAD_PRESIGNED_URL:-}" ]; then
   curl -fsSL "$INIT_PAYLOAD_PRESIGNED_URL" -o "/tmp/payload.tar.gz" || true
-  if [ -f "/tmp/payload.tar.gz" ]; then
+  if [ -f "/tmp/payload.tar.gz" ] && [ "/tmp/payload.tar.gz" != "$INIT_PAYLOAD_PATH" ] ; then
     mv "/tmp/payload.tar.gz" "$INIT_PAYLOAD_PATH"
   fi
 fi

docker/all-in-one/etc/postgrest/bootstrap.sh

@@ -0,0 +1,8 @@
+#! /usr/bin/env bash
+set -euo pipefail
+set -x
+
+cd "$(dirname "$0")"
+cat $@ > merged.conf
+
+/opt/postgrest merged.conf

docker/all-in-one/etc/supervisor/services/postgrest.conf

@@ -1,5 +1,5 @@
 [program:postgrest]
-command=/opt/postgrest /etc/postgrest/generated.conf
+command=/etc/postgrest/bootstrap.sh /etc/postgrest/generated.conf /etc/postgrest/base.conf
 user=postgrest
 autorestart=true
 autostart=true

docker/all-in-one/init/configure-admin-mgr.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+set -eou pipefail
+
+/usr/local/bin/configure-shim.sh /dist/admin-mgr /usr/bin/admin-mgr

docker/all-in-one/init/configure-adminapi.sh

@@ -5,17 +5,23 @@ ADMIN_API_CONF=/etc/adminapi/adminapi.yaml
 touch /var/log/services/adminapi.log
 
 ADMINAPI_CUSTOM_DIR="${DATA_VOLUME_MOUNTPOINT}/etc/adminapi"
-mkdir -p "${ADMINAPI_CUSTOM_DIR}"
-if [ ! -f "${CONFIGURED_FLAG_PATH}" ]; then
-  echo "Copying existing custom adminapi config from /etc/adminapi to ${ADMINAPI_CUSTOM_DIR}"
-  cp -R "/etc/adminapi/." "${ADMINAPI_CUSTOM_DIR}/"
-fi
 
-rm -rf "/etc/adminapi"
-ln -s "${ADMINAPI_CUSTOM_DIR}" "/etc/adminapi"
-chown -R adminapi:adminapi "/etc/adminapi"
-chown -R adminapi:adminapi "${ADMINAPI_CUSTOM_DIR}"
-chmod g+rx "${ADMINAPI_CUSTOM_DIR}"
+/usr/local/bin/configure-shim.sh /dist/supabase-admin-api /opt/supabase-admin-api
+
+if [ "${DATA_VOLUME_MOUNTPOINT}" ]; then
+  mkdir -p "${ADMINAPI_CUSTOM_DIR}"
+  if [ ! -f "${CONFIGURED_FLAG_PATH}" ]; then
+    echo "Copying existing custom adminapi config from /etc/adminapi to ${ADMINAPI_CUSTOM_DIR}"
+    cp -R "/etc/adminapi/." "${ADMINAPI_CUSTOM_DIR}/"
+  fi
+
+  rm -rf "/etc/adminapi"
+  ln -s "${ADMINAPI_CUSTOM_DIR}" "/etc/adminapi"
+  chown -R adminapi:adminapi "/etc/adminapi"
+
+  chown -R adminapi:adminapi "${ADMINAPI_CUSTOM_DIR}"
+  chmod g+rx "${ADMINAPI_CUSTOM_DIR}"
+fi
 
 if [ -f "${INIT_PAYLOAD_PATH:-}" ]; then
   echo "init adminapi payload"

docker/all-in-one/init/configure-autoshutdown.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+set -eou pipefail
+
+mkdir -p /etc/supa-shutdown
+
+AUTOSHUTDOWN_CUSTOM_DIR="${DATA_VOLUME_MOUNTPOINT}/supa-shutdown"
+if [ "${DATA_VOLUME_MOUNTPOINT}" ]; then
+  mkdir -p "${AUTOSHUTDOWN_CUSTOM_DIR}"
+
+  AUTOSHUTDOWN_CUSTOM_CONFIG_FILE_PATH="${AUTOSHUTDOWN_CUSTOM_DIR}/shutdown.conf"
+  if [ ! -f "${AUTOSHUTDOWN_CUSTOM_CONFIG_FILE_PATH}" ]; then
+    echo "Copying existing custom shutdown config from /etc/supa-shutdown to ${AUTOSHUTDOWN_CUSTOM_CONFIG_FILE_PATH}"
+    cp "/etc/supa-shutdown/shutdown.conf" "${AUTOSHUTDOWN_CUSTOM_CONFIG_FILE_PATH}"
+  fi
+
+  rm -f "/etc/supa-shutdown/shutdown.conf"
+  ln -s "${AUTOSHUTDOWN_CUSTOM_CONFIG_FILE_PATH}" "/etc/supa-shutdown/shutdown.conf"
+  chown -R adminapi:adminapi "/etc/supa-shutdown/shutdown.conf"
+  chown -R adminapi:adminapi "${AUTOSHUTDOWN_CUSTOM_CONFIG_FILE_PATH}"
+fi

docker/all-in-one/init/configure-gotrue.sh

@@ -3,21 +3,26 @@ set -eou pipefail
 
 touch /var/log/services/gotrue.log
 
+/usr/local/bin/configure-shim.sh /dist/gotrue /opt/gotrue/gotrue
+
 sed -i "s|gotrue_api_host|${GOTRUE_API_HOST:-0.0.0.0}|g" /etc/gotrue.env
 sed -i "s|gotrue_site_url|$GOTRUE_SITE_URL|g" /etc/gotrue.env
 sed -i "s|gotrue_jwt_secret|$JWT_SECRET|g" /etc/gotrue.env
 
-GOTRUE_CUSTOM_CONFIG_FILE_PATH="${DATA_VOLUME_MOUNTPOINT}/etc/gotrue.env"
-if [ ! -f "${CONFIGURED_FLAG_PATH}" ]; then
-  echo "Copying existing GoTrue config from /etc/gotrue.env to ${GOTRUE_CUSTOM_CONFIG_FILE_PATH}"
-  cp "/etc/gotrue.env" "${GOTRUE_CUSTOM_CONFIG_FILE_PATH}"
-fi
+if [ "${DATA_VOLUME_MOUNTPOINT}" ]; then
+  GOTRUE_CUSTOM_CONFIG_FILE_PATH="${DATA_VOLUME_MOUNTPOINT}/etc/gotrue.env"
+  if [ ! -f "${CONFIGURED_FLAG_PATH}" ]; then
+    echo "Copying existing GoTrue config from /etc/gotrue.env to ${GOTRUE_CUSTOM_CONFIG_FILE_PATH}"
+    cp "/etc/gotrue.env" "${GOTRUE_CUSTOM_CONFIG_FILE_PATH}"
+  fi
 
-rm "/etc/gotrue.env"
-ln -s "${GOTRUE_CUSTOM_CONFIG_FILE_PATH}" "/etc/gotrue.env"
-chown -R adminapi:adminapi "/etc/gotrue.env"
-chown -R adminapi:adminapi "${GOTRUE_CUSTOM_CONFIG_FILE_PATH}"
-chmod g+rx "${GOTRUE_CUSTOM_CONFIG_FILE_PATH}"
+  rm -f "/etc/gotrue.env"
+  ln -s "${GOTRUE_CUSTOM_CONFIG_FILE_PATH}" "/etc/gotrue.env"
+  chown -R adminapi:adminapi "/etc/gotrue.env"
+
+  chown -R adminapi:adminapi "${GOTRUE_CUSTOM_CONFIG_FILE_PATH}"
+  chmod g+rx "${GOTRUE_CUSTOM_CONFIG_FILE_PATH}"
+fi
 
 if [ -f "${INIT_PAYLOAD_PATH:-}" ]; then
   echo "init gotrue payload"

docker/all-in-one/init/configure-postgrest.sh

@@ -11,18 +11,23 @@ sed -i "s|pgrst_db_extra_search_path|${PGRST_DB_SCHEMAS:-public,extensions}|g" /
 sed -i "s|pgrst_db_anon_role|${PGRST_DB_ANON_ROLE:-anon}|g" /etc/postgrest/base.conf
 sed -i "s|pgrst_jwt_secret|$JWT_SECRET|g" /etc/postgrest/base.conf
 
-POSTGREST_CUSTOM_DIR="${DATA_VOLUME_MOUNTPOINT}/etc/postgrest"
-mkdir -p "${POSTGREST_CUSTOM_DIR}"
-if [ ! -f "${CONFIGURED_FLAG_PATH}" ]; then
-  echo "Copying existing custom PostgREST config from /etc/postgrest/ to ${POSTGREST_CUSTOM_DIR}"
-  cp -R "/etc/postgrest/." "${POSTGREST_CUSTOM_DIR}/"
-fi
+/usr/local/bin/configure-shim.sh /dist/postgrest /opt/postgrest
+
+if [ "${DATA_VOLUME_MOUNTPOINT}" ]; then
+  POSTGREST_CUSTOM_DIR="${DATA_VOLUME_MOUNTPOINT}/etc/postgrest"
+  mkdir -p "${POSTGREST_CUSTOM_DIR}"
+  if [ ! -f "${CONFIGURED_FLAG_PATH}" ]; then
+    echo "Copying existing custom PostgREST config from /etc/postgrest/ to ${POSTGREST_CUSTOM_DIR}"
+    cp -R "/etc/postgrest/." "${POSTGREST_CUSTOM_DIR}/"
+  fi
 
-rm -rf "/etc/postgrest"
-ln -s "${POSTGREST_CUSTOM_DIR}" "/etc/postgrest"
-chown -R postgrest:postgrest "/etc/postgrest"
-chown -R postgrest:postgrest "${POSTGREST_CUSTOM_DIR}"
-chmod g+rx "${POSTGREST_CUSTOM_DIR}"
+  rm -rf "/etc/postgrest"
+  ln -s "${POSTGREST_CUSTOM_DIR}" "/etc/postgrest"
+  chown -R postgrest:postgrest "/etc/postgrest"
+
+  chown -R postgrest:postgrest "${POSTGREST_CUSTOM_DIR}"
+  chmod g+rx "${POSTGREST_CUSTOM_DIR}"
+fi
 
 if [ -f "${INIT_PAYLOAD_PATH:-}" ]; then
   echo "init postgrest payload"