ocp13 replacement

pillar/registry.sls

@@ -1,22 +1,22 @@
 network:
-  host_id: ocp13
-  ipv4: 65.21.93.181
-  ipv6: 2a01:4f9:3b:45ca::2
+  host_id: ocp27
+  ipv4: 37.27.62.45
+  ipv6: 2a01:4f9:3081:3001::/64
   netplan:
     template: custom
     configuration: |
       network:
         version: 2
         renderer: networkd
         ethernets:
-          enp9s0:
+          enp5s0:
             addresses:
-              - 65.21.93.181/32
-              - 2a01:4f9:3b:45ca::2/64
+              - 37.27.62.45/32
+              - 2a01:4f9:3081:3001::2/64
             routes:
               - on-link: true
                 to: 0.0.0.0/0
-                via: 65.21.93.129
+                via: 37.27.62.1
               - to: default
                 via: fe80::1
             nameservers:
@@ -84,9 +84,10 @@ apache:
       servername: rabbitmq.data.open-contracting.org
 
 postgres:
-  version: 12
+  version: 16
   # Public access allows Docker connections. Hetzner's firewall prevents non-local connections.
   public_access: True
+  data_directory: '/data/storage/postgresql/16/main'
   configuration:
     name: registry
     source: shared
@@ -96,7 +97,7 @@ postgres:
       storage: hdd
       type: oltp
       content: |
-        data_directory = '/data/storage/postgresql/12/main'
+        data_directory = '/data/storage/postgresql/16/main'
 
         # Avoid "checkpoints are occurring too frequently" due to intense writes (default 1GB).
         max_wal_size = 10GB
@@ -112,9 +113,6 @@ docker:
   uid: 1002
   syslog_logging: True
 
-python:
-  version: '3.10'
-
 kingfisher_collect:
   user: collect
   group: deployer
@@ -132,7 +130,7 @@ kingfisher_collect:
 docker_apps:
   registry:
     target: data-registry
-    exporter_host_dir: /data/storage/exporter_dumps
+    exporter_host_dir: /data/storage/exporter
     env:
       DJANGO_PROXY: True
       ALLOWED_HOSTS: data.open-contracting.org

pillar/registry_maintenance.sls

@@ -2,13 +2,12 @@ maintenance:
   enabled: True
   patching: manual
   rkhunter_customisation: |
-    SCRIPTWHITELIST=/usr/bin/egrep
-    SCRIPTWHITELIST=/usr/bin/fgrep
-    SCRIPTWHITELIST=/usr/bin/which
+    ALLOWHIDDENFILE=/etc/.resolv.conf.systemd-resolved.bak
+    ALLOWHIDDENFILE=/etc/.updated
     ALLOWDEVFILE=/dev/shm/PostgreSQL.*
     PORT_WHITELIST=TCP:60922
     DISABLE_TESTS=running_procs
   hardware_sensors: True
   custom_sensors:
+    - coretemp
     - nct6775
-    - k10temp

salt-config/roster

@@ -19,8 +19,7 @@ prometheus:
 redmine:
   host: ocp16.open-contracting.org
 registry:
-  host: ocp13.open-contracting.org
-  port: 2223
+  host: ocp27.open-contracting.org
 portland-dev:
   host: ocp26.open-contracting.org
   user: ocpadmin
@@ -43,4 +42,5 @@ portland-dev:
 # ocp10 was kingfisher-archive (archive.kingfisher.open-contracting.org)
 # ocp11 was covid19 (www.open-contracting.health)
 # ocp12 was spoonbill-dev
+# ocp13 was registry on Ubuntu 20
 # ocp14 was redash (redash.open-contracting.org)

salt/aws/init.sls

@@ -5,6 +5,8 @@ awscli:
     - name: python3-pip
   pip.installed:
     - name: awscli
+    - extra_args:
+      - --break-system-packages
     - require:
       - pkg: awscli
 

salt/core/rsyslog/files/docker.conf

@@ -1,5 +1,5 @@
 # Define the socket input
-input(type="imuxsock" Socket="/var/spool/docker-custom.sock")
+input(type="imuxsock" Socket="/var/spool/rsyslog/docker-custom.sock")
 
 # Define a template for dynamic file names based on the Docker image name
 # https://www.rsyslog.com/doc/configuration/templates.html#string

salt/docker/files/daemon-logging.json

@@ -1,7 +1,7 @@
 {
   "log-driver": "syslog",
   "log-opts": {
-    "syslog-address": "unixgram:///var/spool/docker-custom.sock",
+    "syslog-address": "unixgram:///var/spool/rsyslog/docker-custom.sock",
     "tag": "docker-custom-{{.Name}}"
   }
 }

salt/pelican/backend/init.sls

@@ -43,7 +43,7 @@ btree_gin:
 # curl -sSf https://raw.githubusercontent.com/open-contracting/pelican-backend/main/pelican/migrations/002_constraints.sql | shasum -a 256
 {%
   for basename, source_hash in [
-    ('001_base', 'c4b65862980146d0ba88e437b1dd129c5c641597656dcca6b89cfe4ecb7979df'),
+    ('001_base', 'b6f2c25da154e1b4b8b55e1231039c84b4c0c3edab5d1c4c9e7dbd402b25ca36'),
     ('002_constraints', 'f298f0b8cb20d47f390b480d44d12c097e83b177dde56234dcbebc6ad3dcf229'),
   ]
 %}

salt/postgres/init.sls

@@ -170,6 +170,25 @@ postgresql-reload:
 {{ apache('postgres', {'configuration': 'default', 'servername': pillar.postgres.ssl.servername}) }}
 {% endif %}
 
+{% if salt['pillar.get']('postgres:data_directory') %}
+{{ pillar.postgres.data_directory }}:
+  file.directory:
+    - name: {{ pillar.postgres.data_directory }}
+    - user: postgres
+    - group: postgres
+    - makedirs: True
+    - require:
+      - pkg: postgresql
+  cmd.run:
+    - name: /usr/lib/postgresql/{{ pillar.postgres.version }}/bin/initdb -D {{ pillar.postgres.data_directory }}
+    - runas: postgres
+    - creates: {{ pillar.postgres.data_directory }}/PG_VERSION
+    - require:
+      - pkg: postgresql
+    - watch_in:
+      - service: postgresql
+{% endif %}
+
 {% if pillar.postgres.configuration %}
 /etc/postgresql/{{ pillar.postgres.version }}/main/conf.d/030_{{ pillar.postgres.configuration.name }}.conf:
   file.managed:

salt/prometheus/files/conf-prometheus.yml

@@ -20,7 +20,7 @@ scrape_configs:
     'kingfisher-main': 'ocp23.open-contracting.org',
     'ocds-live.docs': 'ocp19.open-contracting.org',
     'prometheus-server-node': 'ocp20.open-contracting.org',
-    'data-registry': 'ocp13.open-contracting.org',
+    'data-registry': 'ocp27.open-contracting.org',
     'redmine': 'ocp16.open-contracting.org',
 }|items %}
   - job_name: '{{ job_name }}'

salt/python/extensions.sls

@@ -7,3 +7,5 @@ python c extensions:
       - python{{ salt['pillar.get']('python:version', 3) }}-dev
       - build-essential
       - libffi-dev
+      - libxml2-dev
+      - libxslt1-dev