PMM-14934 Fix admin pass creation

build/ansible/pmm-docker/post-build.yml

@@ -3,42 +3,9 @@
 
 - hosts: all
   become: yes
-  gather_facts: yes
-  vars:
-    pmm_server_distribution: "docker"
+  gather_facts: no
 
   tasks:
-    # pmm-managed checks that if /srv/pmm-distribution exists, it contains "docker", "ovf", "ami" or "digitalocean" - all lowercase.
-    # TODO: refactor the build pipelines to call post-build.yml with the distribution name provided in the variable (above).
-    # https://jira.percona.com/browse/PMM-4991
-    - name: Create a distribution file for Docker
-      copy:
-        content: "{{ pmm_server_distribution}}"
-        dest: /srv/pmm-distribution
-        owner: pmm
-        group: root
-
-    - name: Remove pmm-managed database from PostgreSQL
-      postgresql_db:
-        login_user: postgres
-        name: pmm-managed
-        force: true
-        state: absent
-      environment:
-        PGPASSWORD: "{{ lookup('file', '/srv/.postgres_password') }}"
-
-    - name: Remove pmm-managed role from PostgreSQL database
-      postgresql_user:
-        name: pmm-managed
-        state: absent
-      environment:
-        PGPASSWORD: "{{ lookup('file', '/srv/.postgres_password') }}"
-
-    - name: Remove postgres password file so each container generates a unique one
-      file:
-        path: /srv/.postgres_password
-        state: absent
-
     - name: Stop supervisord service
       command: supervisorctl shutdown
       become: true
@@ -48,24 +15,21 @@
     - name: Cleanup dnf cache
       command: dnf clean all
 
-    - name: Cleanup build logs, data, config files and package cache
+    - name: Cleanup build logs and package cache
       file:
         path: "{{ item }}"
         state: absent
       loop:
-        - /srv/logs
         - /var/log/dnf.log
         - /var/log/secure
         - /var/log/wtmp
         - /var/log/clickhouse-server
         - /var/log/clickhouse-keeper
         - /var/log/nginx
         - /var/lib/pgsql
+        - /var/lib/rpm
         - /var/cache/dnf
         - /var/cache/yum
-        - /srv/pmm-encryption.key
-        - /srv/pmm-agent/tmp
-        - /srv/pmm-agent/config
         - /usr/local/percona/pmm/config/pmm-agent.yaml
 
     - name: Remove users created by installers
@@ -77,29 +41,6 @@
         - clickhouse
         - nginx
 
-    - name: Clean Clickhouse dir
-      shell: find /srv/clickhouse -mindepth 1 -maxdepth 1 -print0 | xargs -0 rm -rf --
-
-    - name: Clean pmm-server dir
-      shell: find /usr/share/pmm-server -mindepth 1 -maxdepth 1 -print0 | xargs -0 rm -rf --
-
-    # This step is required because of a change between VictoriaMetrics 1.77.1 and 1.82.1.
-    # VictoriaMetrics tries to atomically rename directories in this folder on startup.
-    # With RedHat-based docker images the rename fails with an error "Invalid cross-device link".
-    # This is due to the way OverlayFS and kernel works. More info https://github.com/moby/moby/issues/25409
-    # This step ensures the directory is empty on startup and the contents are recreated.
-    # This is not an issue if the folder is in a volume or mounted from the host OS.
-    - name: Recreate '/srv/victoriametrics' directory
-      file:
-        state: "{{ item }}"
-        path: /srv/victoriametrics
-        owner: pmm
-        group: root
-        mode: 0775
-      loop:
-        - absent
-        - directory
-
     - name: Remove auto-generated config files
       file:
         path: "/etc/supervisord.d/{{ item }}"
@@ -112,34 +53,24 @@
         - grafana.ini
         - nomad-server.ini
 
-    - name: Create '/srv/logs' directory
-      file:
-        path: /srv/logs
-        state: directory
-        owner: pmm
-        group: root
-        mode: 0775
+    - name: Clean pmm-server dir
+      shell: find /usr/share/pmm-server -mindepth 1 -maxdepth 1 -print0 | xargs -0 rm -rf --
 
-    - name: Set ownership for Grafana plugins directory
+    - name: Clean /srv directory for fresh initialization on first start
       file:
-        path: /srv/grafana/plugins
+        path: /srv
+        state: "{{ item }}"
         owner: pmm
         group: root
-        recurse: yes
-        state: directory
         mode: 0775
+      loop:
+        - absent
+        - directory
 
-    - name: Set ownership for backup directory
+    - name: Create empty log directory for nginx
       file:
-        path: /srv/backup
-        owner: pmm
-        group: root
+        path: /var/log/nginx
         state: directory
-        mode: 0775
-
-    - name: Set ownership for Grafana dashboards version file
-      file:
-        path: /srv/grafana/PERCONA_DASHBOARDS_VERSION
         owner: pmm
         group: root
-        state: file
+        mode: 0755

build/ansible/roles/clickhouse/tasks/main.yml

@@ -17,7 +17,6 @@
       - clickhouse-common-static-{{ clickhouse_version }}
     state: installed
     enablerepo: clickhouse
-  ignore_errors: "{{ ansible_check_mode }}" # We don't have clickhouse repo when we run ansible with --check
 
 - name: Generate SSL certificates
   command: openssl req -newkey rsa:2048 -days 1095 -nodes -x509 -extensions v3_req -config /etc/nginx/ssl/certificate.conf -keyout /etc/clickhouse-server/server.key -out /etc/clickhouse-server/server.crt

build/ansible/roles/initialization/tasks/main.yml

@@ -78,9 +78,13 @@
           expires: infinity
           login_user: postgres
           state: present
-        when: not ansible_check_mode
         environment:
           PGPASSWORD: "{{ lookup('file', '/srv/.postgres_password') }}"
+
+      - name: Restore pre-migrated Grafana schema to skip slow first-time migrations
+        shell: zcat /usr/share/pmm/grafana-schema.sql.gz | PGPASSWORD=grafana /usr/pgsql-14/bin/psql --single-transaction -v ON_ERROR_STOP=1 -U grafana -h 127.0.0.1 -d grafana
+        ignore_errors: true
+        changed_when: true
     when:
       - lookup('env','GF_DATABASE_URL') == ''
       - lookup('env','GF_DATABASE_HOST') == ''

build/ansible/roles/nginx/files/nginx.conf

@@ -12,12 +12,11 @@ events {
 }
 
 http {
-    # Configure temporary directories to use /usr/share/pmm-server/nginx
-    client_body_temp_path /usr/share/pmm-server/nginx/client_temp;
-    proxy_temp_path /usr/share/pmm-server/nginx/proxy_temp;
-    fastcgi_temp_path /usr/share/pmm-server/nginx/fastcgi_temp;
-    uwsgi_temp_path /usr/share/pmm-server/nginx/uwsgi_temp;
-    scgi_temp_path /usr/share/pmm-server/nginx/scgi_temp;
+    client_body_temp_path /srv/nginx/tmp/client;
+    proxy_temp_path /srv/nginx/tmp/proxy;
+    fastcgi_temp_path /srv/nginx/tmp/fastcgi;
+    uwsgi_temp_path /srv/nginx/tmp/uwsgi;
+    scgi_temp_path /srv/nginx/tmp/scgi;
 
     map $http_upgrade $connection_upgrade {
         default upgrade;

build/ansible/roles/nginx/tasks/main.yml

@@ -8,12 +8,11 @@
     mode: 0775
   loop:
     - /usr/share/pmm-server/static/
-    - /usr/share/pmm-server/nginx/
-    - /usr/share/pmm-server/nginx/client_temp/
-    - /usr/share/pmm-server/nginx/proxy_temp/
-    - /usr/share/pmm-server/nginx/fastcgi_temp/
-    - /usr/share/pmm-server/nginx/uwsgi_temp/
-    - /usr/share/pmm-server/nginx/scgi_temp/
+    - /srv/nginx/tmp/client/
+    - /srv/nginx/tmp/proxy/
+    - /srv/nginx/tmp/fastcgi/
+    - /srv/nginx/tmp/uwsgi/
+    - /srv/nginx/tmp/scgi/
     - /etc/nginx/conf.d/
     - /etc/nginx/ssl/
 

build/ansible/roles/postgres/tasks/main.yml

@@ -9,8 +9,6 @@
     gpgkey: file:///etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY
 
 - name: Install Postgres
-  when:
-    - not ansible_check_mode
   dnf:
     name:
       - percona-postgresql14-server
@@ -112,14 +110,30 @@
     priv: 'ALL'
     expires: infinity
     state: present
-  when: not ansible_check_mode
   environment:
     PGPASSWORD: "{{ lookup('file', '/srv/.postgres_password') }}"
 
 - name: Upgrade grafana database to the latest schema
   command: grafana cli --homepath=/usr/share/grafana --config=/etc/grafana/grafana.ini admin data-migration encrypt-datasource-passwords
   changed_when: true
 
+- name: Create directory for Grafana pre-seed
+  file:
+    path: /usr/share/pmm
+    state: directory
+    owner: pmm
+    group: root
+    mode: 0755
+
+- name: Dump pre-migrated Grafana schema for fast initialization
+  shell: /usr/pgsql-14/bin/pg_dump --no-owner --no-acl -U grafana -h /run/postgresql grafana | gzip > /usr/share/pmm/grafana-schema.sql.gz
+  args:
+    executable: /bin/bash
+
+  become_user: pmm
+  become_method: su
+  changed_when: true
+
 - name: Stop Postgres 14 database
   command: /usr/pgsql-14/bin/pg_ctl stop -D /srv/postgres14
   become: true

build/docker/server/entrypoint.sh

@@ -73,27 +73,13 @@ if [ "$CURRENT_UID" != "1000" ] || [ "$CURRENT_GID" != "0" ]; then
     echo "NSS wrapper enabled with $NSS_WRAPPER_LIB"
 fi
 
-# Check /usr/share/pmm-server directory on every start
-echo "Checking /usr/share/pmm-server directory structure..."
-# Still ensure critical directories exist, but don't create empty ones
-if [ ! -d "/usr/share/pmm-server/nginx" ]; then
-    echo "Creating nginx temp directories..."
-    mkdir -p /usr/share/pmm-server/nginx/{client_temp,proxy_temp,fastcgi_temp,uwsgi_temp,scgi_temp}
-fi
-
-if [ ! -d "/srv/pmm-agent/tmp" ]; then
-    echo "Creating pmm-agent temp directory..."
-    install -d -m 770 /srv/pmm-agent/tmp
-fi
-
 # Initialize /srv if empty
 declare DIST_FILE=/srv/pmm-distribution
 if [ ! -f "$DIST_FILE" ]; then
     echo -n "$PMM_DISTRIBUTION_METHOD" > "$DIST_FILE"
     echo "Initializing /srv..."
-    mkdir -p /srv/{backup,clickhouse,grafana,logs,nginx,prometheus,victoriametrics}
+    mkdir -p /srv/{backup,clickhouse,grafana/plugins,logs,nginx,prometheus/rules,victoriametrics}
     echo "Copying grafana plugins and the VERSION file..."
-    mkdir -p /srv/grafana/plugins
     cp -r /usr/share/percona-dashboards/panels/* /srv/grafana/plugins
 
     if is_enabled "$PMM_HA_ENABLE"; then
@@ -125,6 +111,16 @@ if [ ! -f "$DIST_FILE" ]; then
     fi
 fi
 
+if [ ! -d "/srv/nginx/tmp" ]; then
+    echo "Creating nginx temp directories..."
+    mkdir -p /srv/nginx/tmp/{client,proxy,fastcgi,uwsgi,scgi}
+fi
+
+if [ ! -d "/srv/pmm-agent/tmp" ]; then
+    echo "Creating pmm-agent temp directory..."
+    install -d -m 770 /srv/pmm-agent/tmp
+fi
+
 if is_enabled "$PMM_HA_ENABLE"; then
     echo "Skipping embedded PostgreSQL migration in HA mode."
 elif is_enabled "$PMM_DISABLE_BUILTIN_POSTGRES"; then
@@ -179,5 +175,5 @@ fi
 
 unset AGENT_CONFIG_DIR AGENT_ID
 
-# Start supervisor in foreground
+# Start supervisor in foreground, i.e. as PID 1
 exec supervisord -n -c /etc/supervisord.conf

managed/cmd/pmm-managed/main.go

@@ -1117,11 +1117,9 @@ func main() { //nolint:maintidx,cyclop
 		vmdb.Run(ctx)
 	})
 
-	wg.Add(1)
-	go func() {
-		defer wg.Done()
+	wg.Go(func() {
 		externalExporterStatusSvc.Run(ctx)
-	}()
+	})
 
 	haService.AddLeaderService(ha.NewContextService("checks", func(ctx context.Context) error {
 		checksService.Run(ctx)