Univention Bugzilla – Bug 56540
Upgrade PostgreSQL to version 13 in UCS 5.1 and version 15 in UCS 5.2
Last modified: 2024-03-13 11:27:34 CET
The PostgreSQL integration has to be updated according to the versions provided by Debian. UCS 5.1 has postgresql 13 UCS 5.2 has postgresql 15 - [ ] add support for those versions in univention-postgresql - [ ] add support for Docker Apps - [ ] add support for pkgdb - [ ] block upgrade? - [ ] write / update migration guide and link it in preup.sh / postup.sh and the release notes (https://help.univention.com/t/updating-from-postgresql-9-6-or-9-4-to-postgresql-11/17531)
Since Bug #55995 libnss-ldap was replaced with libpam-ldapd the "config" option has been removed from pam_ldap, leading to: Sep 25 18:42:16 master070 postgres[25860]: 0$ pkgdb 10.207.54.59(42168) authentication: pam_ldap(postgresql:auth): unknown option: config=/etc/postgresql/pam_ldap.conf Sep 25 18:42:16 master070 postgres[25860]: 0$ pkgdb 10.207.54.59(42168) authentication: pam_ldap(postgresql:account): unknown option: config=/etc/postgresql/pam_ldap.conf Sep 25 18:42:28 master070 postgres[25960]: 0$ pkgdb 10.207.54.59(40634) authentication: pam_ldap(postgresql:auth): unknown option: config=/etc/postgresql/pam_ldap.conf Sep 25 18:42:28 master070 postgres[25960]: 0$ pkgdb 10.207.54.59(40634) authentication: pam_ldap(postgresql:account): unknown option: config=/etc/postgresql/pam_ldap.conf services/univention-postgresql/40univention-postgresql.inst:univention-config-registry commit /etc/postgresql/pam_ldap.conf services/univention-postgresql/conffiles/etc/pam.d/postgresql:auth required pam_ldap.so config=/etc/postgresql/pam_ldap.conf services/univention-postgresql/conffiles/etc/pam.d/postgresql:account required pam_ldap.so config=/etc/postgresql/pam_ldap.conf services/univention-postgresql/univention-postgresql-password: univention-config-registry commit /etc/postgresql/pam_ldap.conf The content doesn't contain any postgresql specific things. The postgresql config contains "pam_password crypt" but I don't see a "password" (change) pam stack. It looks we can simply use the standard config, which is in /etc/nslcd.conf.
- [ ] make the postgresql upgrade in the Jenkins upgrade-test configurations
See also Bug #46120 comment 8.
→ https://help.univention.com/t/updating-from-postgresql-11-to-postgresql-15/22162
PostgreSQL is now upgrade to 13 in UCS 5.1 and 15 in UCS 5.2 In UCS 5.2, two new UCR variables have been created to configure password-encription of PostgreSQL. The default value for these variables are scram-sha-256, but if the system come from UCS 5.0 then the value take md5, due to compatible reasons. The upgrade test scenarios were updated to migrate PostgreSQL.
QA - upgrade 5.0-5 -> 5.2.0 with univention-postgresql: OK - upgrade postgresql from 11 to 15 on UCS 5.2-0: OK - fresh postgres 15 installation on UCS 5.2-0: OK - scram-sha-256 is the default for password encryption on fresh pg15 installations: OK - change password encryption from md5 to scram-sha-256 via UCR variables: OK - UCR variables `postgres15/pg_hba/password-encryption` and `postgres15/password-encryption correctly` work as intended: OK - upgrade-guide (https://help.univention.com/t/updating-from-postgresql-11-to-postgresql-15/22162): OK - postgresql upgrade in the Jenkins upgrade-test configurations: OK - advisories: OK
QA - add Postgres 13/15 support for pkgdb: OK - add Postgres 13/15 support for Docker Apps: OK
univention-postgresql (14.0.2) 6f589f159b08 | feat(postgresql): Make configurable postgresql password encryption univention-postgresql (14.0.1) 1dc276b98aaf | fix(postgresql): stats_temp_directory is gone in postgres 15 78286d34a06a | fix(postgresql): Update PostgreSQL 13 -> 15 univention-postgresql (13.0.3) 3cbea433d4e1 | chore(postgresql): remove obsolete pam-config 53bede1c7859 | fix(postgresql): Update Postgres 11 -> 13 univention-pkgdb (15.0.1) 6f589f159b08 | feat(postgresql): Make configurable postgresql password encryption e614b067f039 | fix(pkgdb): adjust postgresql pkgdb user creation 5512857ccc48 | feat(pkgdb): Add Postgres 15 support for pkgdb univention-pkgdb (14.0.5) 169dc5111a6c | feat(pkgdb): Add Postgres 13 support for pkgdb univention-management-console-module-diagnostic (8.0.4) 152e369f1451 | feat(diagnostic): adjust PostgreSQL version check univention-errata-level (5.2.0-0) 78286d34a06a | fix(postgresql): Update PostgreSQL 13 -> 15 univention-errata-level (5.1.0-0) 53bede1c7859 | fix(postgresql): Update Postgres 11 -> 13 univention-appcenter (11.0.1) 6f589f159b08 | feat(postgresql): Make configurable postgresql password encryption 811306fd217a | feat(appcenter): Add Postgres 15 support for Docker Apps univention-appcenter (10.0.6) fd4f325188e3 | feat(appcenter): Add Postgres 13 support for Docker Apps univention-admin-diary (4.0.1) 78286d34a06a | fix(postgresql): Update PostgreSQL 13 -> 15 univention-admin-diary (3.0.5) 53bede1c7859 | fix(postgresql): Update Postgres 11 -> 13
univention-appcenter (11.0.6) 0ba47d7a2dd5 | fix(appcenter): add missing UCR variable to UCR template definition