Bug 56540 – Upgrade PostgreSQL to version 13 in UCS 5.1 and version 15 in UCS 5.2

Bug 56540 - Upgrade PostgreSQL to version 13 in UCS 5.1 and version 15 in UCS 5.2


Summary:	Upgrade PostgreSQL to version 13 in UCS 5.1 and version 15 in UCS 5.2

Status:	VERIFIED FIXED

Product:	UCS
Classification:	Unclassified
Component:	PostgreSQL
Version:	UCS 5.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.1
Assigned To:	Iván.Delgado
QA Contact:	Christian Castens

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2023-09-05 20:00 CEST by Florian Best
Modified:	2024-03-13 11:27 CET (History)
CC List:	3 users (show)

See Also:	46120
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2023-09-05 20:00:33 CEST

The PostgreSQL integration has to be updated according to the versions provided by Debian.
UCS 5.1 has postgresql 13
UCS 5.2 has postgresql 15

- [ ] add support for those versions in univention-postgresql
- [ ] add support for Docker Apps
- [ ] add support for pkgdb
- [ ] block upgrade?
- [ ] write / update migration guide and link it in preup.sh / postup.sh and the release notes
(https://help.univention.com/t/updating-from-postgresql-9-6-or-9-4-to-postgresql-11/17531)

Comment 2 Florian Best

2023-09-26 22:38:38 CEST

Since Bug #55995 libnss-ldap was replaced with libpam-ldapd the "config" option has been removed from pam_ldap, leading to:

Sep 25 18:42:16 master070 postgres[25860]: 0$ pkgdb 10.207.54.59(42168) authentication: pam_ldap(postgresql:auth): unknown option: config=/etc/postgresql/pam_ldap.conf                                                                       
Sep 25 18:42:16 master070 postgres[25860]: 0$ pkgdb 10.207.54.59(42168) authentication: pam_ldap(postgresql:account): unknown option: config=/etc/postgresql/pam_ldap.conf                                                                    
Sep 25 18:42:28 master070 postgres[25960]: 0$ pkgdb 10.207.54.59(40634) authentication: pam_ldap(postgresql:auth): unknown option: config=/etc/postgresql/pam_ldap.conf                                                                       
Sep 25 18:42:28 master070 postgres[25960]: 0$ pkgdb 10.207.54.59(40634) authentication: pam_ldap(postgresql:account): unknown option: config=/etc/postgresql/pam_ldap.conf

services/univention-postgresql/40univention-postgresql.inst:univention-config-registry commit /etc/postgresql/pam_ldap.conf
services/univention-postgresql/conffiles/etc/pam.d/postgresql:auth     required      pam_ldap.so config=/etc/postgresql/pam_ldap.conf
services/univention-postgresql/conffiles/etc/pam.d/postgresql:account  required      pam_ldap.so config=/etc/postgresql/pam_ldap.conf
services/univention-postgresql/univention-postgresql-password:  univention-config-registry commit /etc/postgresql/pam_ldap.conf

The content doesn't contain any postgresql specific things.
The postgresql config contains "pam_password crypt" but I don't see a "password" (change) pam stack.
It looks we can simply use the standard config, which is in /etc/nslcd.conf.

Comment 3 Florian Best

2023-10-13 11:13:31 CEST

- [ ] make the postgresql upgrade in the Jenkins upgrade-test configurations

Comment 4 Florian Best

2023-10-18 14:26:11 CEST

See also Bug #46120 comment 8.

Comment 5 Florian Best

2023-11-16 20:20:07 CET

→ https://help.univention.com/t/updating-from-postgresql-11-to-postgresql-15/22162

Comment 6 Iván.Delgado

2023-11-17 15:04:04 CET

PostgreSQL is now upgrade to 13 in UCS 5.1 and 15 in UCS 5.2

In UCS 5.2, two new UCR variables have been created to configure password-encription of PostgreSQL.

The default value for these variables are scram-sha-256, but if the system come from UCS 5.0 then the value take md5, due to compatible reasons.

The upgrade test scenarios were updated to migrate PostgreSQL.

Comment 7 Christian Castens

2023-11-17 22:41:54 CET

QA
  - upgrade 5.0-5 -> 5.2.0 with univention-postgresql: OK
  - upgrade postgresql from 11 to 15 on UCS 5.2-0: OK
  - fresh postgres 15 installation on UCS 5.2-0: OK
  - scram-sha-256 is the default for password encryption on fresh pg15 installations: OK
  - change password encryption from md5 to scram-sha-256 via UCR variables: OK
      - UCR variables `postgres15/pg_hba/password-encryption` and `postgres15/password-encryption correctly` work as intended: OK
  - upgrade-guide (https://help.univention.com/t/updating-from-postgresql-11-to-postgresql-15/22162): OK
  - postgresql upgrade in the Jenkins upgrade-test configurations: OK
  - advisories: OK

Comment 8 Christian Castens

2023-11-20 10:52:43 CET

QA
  - add Postgres 13/15 support for pkgdb: OK
  - add Postgres 13/15 support for Docker Apps: OK

Comment 9 Florian Best

2024-03-08 10:58:26 CET

univention-postgresql (14.0.2)
6f589f159b08 | feat(postgresql): Make configurable postgresql password encryption

univention-postgresql (14.0.1)
1dc276b98aaf | fix(postgresql): stats_temp_directory is gone in postgres 15
78286d34a06a | fix(postgresql): Update PostgreSQL 13 -> 15

univention-postgresql (13.0.3)
3cbea433d4e1 | chore(postgresql): remove obsolete pam-config
53bede1c7859 | fix(postgresql): Update Postgres 11 -> 13

univention-pkgdb (15.0.1)
6f589f159b08 | feat(postgresql): Make configurable postgresql password encryption
e614b067f039 | fix(pkgdb): adjust postgresql pkgdb user creation
5512857ccc48 | feat(pkgdb): Add Postgres 15 support for pkgdb

univention-pkgdb (14.0.5)
169dc5111a6c | feat(pkgdb): Add Postgres 13 support for pkgdb

univention-management-console-module-diagnostic (8.0.4)
152e369f1451 | feat(diagnostic): adjust PostgreSQL version check

univention-errata-level (5.2.0-0)
78286d34a06a | fix(postgresql): Update PostgreSQL 13 -> 15

univention-errata-level (5.1.0-0)
53bede1c7859 | fix(postgresql): Update Postgres 11 -> 13

univention-appcenter (11.0.1)
6f589f159b08 | feat(postgresql): Make configurable postgresql password encryption
811306fd217a | feat(appcenter): Add Postgres 15 support for Docker Apps

univention-appcenter (10.0.6)
fd4f325188e3 | feat(appcenter): Add Postgres 13 support for Docker Apps

univention-admin-diary (4.0.1)
78286d34a06a | fix(postgresql): Update PostgreSQL 13 -> 15

univention-admin-diary (3.0.5)
53bede1c7859 | fix(postgresql): Update Postgres 11 -> 13

Comment 10 Florian Best

2024-03-13 11:27:34 CET

univention-appcenter (11.0.6)
0ba47d7a2dd5 | fix(appcenter): add missing UCR variable to UCR template definition