netbox: upgrade postgres database (#1604)

Part of osism/issues#1135

Signed-off-by: Christian Berendt <[email protected]>

roles/netbox/defaults/main.yml

@@ -16,6 +16,7 @@ operator_group: "{{ operator_user }}"
 docker_network_mtu: 1500
 
 docker_registry_netbox: quay.io
+docker_registry_pgautoupgrade: index.docker.io
 docker_registry_postgres: index.docker.io
 docker_registry_redis: index.docker.io
 
@@ -107,6 +108,10 @@ netbox_plugins_config:
 postgres_tag: '16.4-alpine'
 postgres_image: "{{ docker_registry_postgres }}/library/postgres:{{ postgres_tag }}"
 
+# renovate: datasource=docker depName=pgautoupgrade/pgautoupgrade
+pgautoupgrade_tag: '16-alpine'
+pgautoupgrade_image: "{{ docker_registry_pgautoupgrade }}/pgautoupgrade/pgautoupgrade:{{ pgautoupgrade_tag }}"
+
 netbox_postgres_password: password
 netbox_postgres_username: netbox
 netbox_postgres_databasename: netbox

roles/netbox/handlers/main.yml

@@ -1,30 +1,13 @@
 ---
-- name: Restart netbox service
-  become: true
-  ansible.builtin.service:
-    name: "{{ netbox_service_name }}"
-    state: restarted
-  register: result_restart
-  until: result_restart["status"]["ActiveState"] == "active"
-  retries: 10
-  delay: 20
-  when: _netbox_service_restart | default(true) | bool
-  notify:
-    - Wait for netbox service to start
-    - Register that netbox service was restarted
-
 - name: Wait for netbox service to start
   ansible.builtin.pause:
     minutes: 1
   changed_when: true
   notify:
     - Wait for an healthy netbox service
 
-# NOTE: This handler prevents a netbox restart when the service
-# was already started via ansible.builtin.service.
-- name: Register that netbox service was restarted
-  ansible.builtin.set_fact:
-    _netbox_service_restart: false
+- name: Restart netbox service
+  ansible.builtin.include_tasks: restart-service.yml
 
 # NOTE: The command returns a list of IDs of containers from the service
 #       that are currently starting or unhealthy. As long as the list is not empty

roles/netbox/tasks/restart-service.yml

@@ -0,0 +1,113 @@
+---
+- name: Get infos on postgres container
+  community.docker.docker_container_info:
+    name: netbox-postgres-1
+  register: result_container
+
+- name: Set postgres container version fact
+  ansible.builtin.set_fact:
+    _postgres_version_container: "{{ result_container['container']['Config']['Env'] |
+                                     select('regex', regex) |
+                                     first |
+                                     regex_replace(regex, replace) }}"
+  vars:
+    regex: '^PG_MAJOR=(.*)$'
+    replace: '\1'
+  when: result_container.exists
+
+- name: Print major version of postgres container
+  ansible.builtin.debug:
+    msg: "The major version of the running postgres container is {{ _postgres_version_container }}"
+  when: result_container.exists
+
+- name: Pull postgres image
+  community.docker.docker_image:
+    name: "{{ postgres_image }}"
+    source: pull
+
+- name: Get infos on postgres image
+  community.docker.docker_image_info:
+    name: "{{ postgres_image }}"
+  register: result_image
+
+- name: Set postgres image version fact
+  ansible.builtin.set_fact:
+    _postgres_version_image: "{{ result_image['images'][0]['Config']['Env'] |
+                                 select('regex', regex) |
+                                 first |
+                                 regex_replace(regex, replace) }}"
+  vars:
+    regex: '^PG_MAJOR=(.*)$'
+    replace: '\1'
+
+- name: Print major version of postgres image
+  ansible.builtin.debug:
+    msg: "The major version of the postgres image is {{ _postgres_version_image }}"
+
+- name: Restart and upgrade netbox service
+  when:
+    - result_container.exists
+    - "_postgres_version_image is ansible.builtin.version(_postgres_version_container, '>')"
+  block:  # noqa osism-fqcn
+    - name: Stop netbox service
+      become: true
+      ansible.builtin.service:
+        name: "{{ netbox_service_name }}"
+        state: stopped
+      register: result_stop
+
+    - name: Wait for netbox service to stop
+      ansible.builtin.pause:
+        minutes: 1
+      when: result_stop.changed  # noqa no-handler
+
+    - name: Get infos on postgres volume
+      community.docker.docker_volume_info:
+        name: netbox_postgres
+      register: result_volume
+
+    - name: Upgrade postgres database
+      community.docker.docker_container:
+        name: netbox-pgautoupgrade
+        image: "{{ pgautoupgrade_image }}"
+        env:
+          POSTGRES_PASSWORD: "{{ netbox_postgres_password }}"
+          PGAUTO_ONESHOT: "yes"
+        volumes:
+          - netbox_postgres:/var/lib/postgresql/data
+        detach: false
+      when: result_volume.exists
+
+    - name: Remove netbox-pgautoupgrade container
+      community.docker.docker_container:
+        name: netbox-pgautoupgrade
+        state: absent
+
+    - name: Start netbox service
+      become: true
+      ansible.builtin.service:
+        name: "{{ netbox_service_name }}"
+        state: started
+      register: netbox_service
+      until: netbox_service["status"]["ActiveState"] == "active"
+      retries: 10
+      delay: 20
+      notify:
+        - Wait for netbox service to start
+
+- name: Restart netbox service
+  become: true
+  ansible.builtin.service:
+    name: "{{ netbox_service_name }}"
+    state: restarted
+  register: netbox_service
+  notify:
+    - Wait for netbox service to start
+  when:
+    - (not result_container.exists or
+       (result_container.exists and "_postgres_version_image is ansible.builtin.version(_postgres_version_container, '>=')"))
+
+- name: Register that netbox service was started
+  ansible.builtin.set_fact:
+    _netbox_service_restart: false
+  when: netbox_service.changed  # noqa no-handler

roles/netbox/tasks/service.yml

@@ -42,7 +42,10 @@
         enabled: true
         daemon_reload: "{{ netbox_systemd_unit_file.changed }}"
       register: netbox_service
-      notify: Wait for netbox service to start
+      until: netbox_service["status"]["ActiveState"] == "active"
+      retries: 10
+      delay: 20
+      notify: Wait for an healthy netbox service
 
   rescue:
     # Compose is not always reliable when starting services. Therefore,