Move core dump setup into manage_operating_system

* Move handling of installing helper packages to install debug symbols into manage_operating_system role; running the tools to install the debug symbols stay near respective package installation tasks * Set core size unlimited for all users, not just the database owner * Set core size limit in limits.conf, not in systemd * Do not adjust OS default setuid for potential core dumps * Stop overriding core dump locations, which confuses distro specific helper tools Note that core dump handling is currently only handled for RHEL based systems and EPAS. These changes rearrange the functionality that is currently available.
EnterpriseDB · Oct 16, 2023 · d6e6441 · d6e6441
1 parent 90acc58
commit d6e6441
Show file tree

Hide file tree

Showing 13 changed files with 34 additions and 102 deletions.
diff --git a/roles/init_dbserver/defaults/main.yml b/roles/init_dbserver/defaults/main.yml
@@ -35,7 +35,6 @@ disable_logging: true
 use_replication_slots: true
 use_hostname: true
 update_etc_file: true
-enable_core_dump: false
 
 # setting validate_only to true allows you to validate setup on an existing node
 # use_validation flag applies to deployment configuration and validation after setup

diff --git a/roles/init_dbserver/tasks/pg_setup_systemd.yml b/roles/init_dbserver/tasks/pg_setup_systemd.yml
@@ -28,15 +28,3 @@
   become: true
   when:
     - ansible_os_family == 'RedHat'
-
-- name: Add LimitCORE in systemd file
-  edb_devops.edb_postgres.linesinfile:
-    path: "/etc/systemd/system/{{ pg_service }}.service"
-    lines:
-      - line: "LimitCORE=infinity"
-        regexp: "^LimitCORE=.*"
-        insertafter: "^\\[Service\\]$"
-  become: true
-  when:
-    - enable_core_dump|bool
-    - ansible_os_family == 'RedHat'
diff --git a/roles/install_dbserver/defaults/main.yml b/roles/install_dbserver/defaults/main.yml
@@ -6,7 +6,6 @@ pg_version: 14
 pg_tuner_version: 1
 pg_owner: "{{ 'enterprisedb' if pg_type == 'EPAS' else 'postgres' }}"
 enable_core_dump: false
-core_dump_directory: "/var/coredumps"
 pg_instance_name: "main"
 
 # setting validate_only to true allows you to validate setup on an existing node
@@ -33,9 +32,6 @@ pg_deb_drop_cluster: "/usr/bin/pg_dropcluster"
 pg_service: "{{ lookup('edb_devops.edb_postgres.pg_service') }}"
 pg_ssl: true
 
-sysctl_params:
-  - {"name": "fs.suid_dumpable", "value": "2", "state": "present"}
-
 supported_os:
   - CentOS7
   - CentOS8

diff --git a/roles/install_dbserver/tasks/EPAS_RedHat_install.yml b/roles/install_dbserver/tasks/EPAS_RedHat_install.yml
@@ -70,3 +70,15 @@
     state: present
   become: true
   when: pg_ssl
+
+- name: Install debug packages
+  ansible.builtin.command:
+    cmd: >-
+      debuginfo-install -y
+      edb-as{{ pg_version }}-server
+      edb-as{{ pg_version }}-server-core
+      edb-as{{ pg_version }}-server-contrib
+      edb-as{{ pg_version }}-server-libs
+      edb-as{{ pg_version }}-server-client
+  when: enable_core_dump is defined and enable_core_dump | bool
+  become: true
diff --git a/roles/install_dbserver/tasks/install_dbserver.yml b/roles/install_dbserver/tasks/install_dbserver.yml
@@ -39,13 +39,6 @@
     - not validate_only|bool
     - not remove_only|bool
 
-- name: Enable coredump based on enable_core_dump
-  ansible.builtin.include_tasks: linux_coredump.yml
-  when:
-    - enable_core_dump|bool
-    - not validate_only|bool
-    - not remove_only|bool
-
 - name: Validate install_dbserver tasks
   ansible.builtin.include_tasks: validate_install_dbserver.yml
   when:

diff --git a/roles/install_dbserver/tasks/linux_coredump.yml b/roles/install_dbserver/tasks/linux_coredump.yml
diff --git a/roles/manage_operating_system/README.md b/roles/manage_operating_system/README.md
@@ -12,6 +12,11 @@ Following are the requirements of this role.
 
 When executing the role via Ansible these are the applicable variables:
 
+  * ***enable_core_dump***
+
+    When `true`, enable operating system facilities to capture and save core
+    dumps.  Default: `false`
+
   * ***enable_user_profiling***
 
     When `true`, sets relevant operating system settings such that any user and
@@ -49,6 +54,7 @@ Content of the `inventory.yml` file:
   pre_tasks:
     - name: Initialize the user defined variables
       ansible.builtin.set_fact:
+        enable_core_dump: true
         enable_user_profiling: true
 
   collections:
@@ -65,7 +71,7 @@ $ ansible-playbook playbook.yml \
   -i inventory.yml \
   -u centos \
   --private-key <key.pem> \
-  --extra-vars="enable_user_profiling=true"
+  --extra-vars="enable_user_profiling=true enable_core_dump=true"
 ```
 
 ## License

diff --git a/roles/manage_operating_system/tasks/enable_core_dump.yml b/roles/manage_operating_system/tasks/enable_core_dump.yml
@@ -0,0 +1,15 @@
+---
+- name: Enable unlimited core size for all users
+  community.general.pam_limits:
+    domain: "*"
+    limit_type: "-"
+    limit_item: "core"
+    value: "unlimited"
+  become: true
+
+- name: Install debuginfo helper packages
+  ansible.builtin.package:
+    name: yum-utils
+    state: present
+  when: ansible_os_family == 'RedHat'
+  become: true
diff --git a/roles/setup_patroni/defaults/main.yml b/roles/setup_patroni/defaults/main.yml
@@ -9,7 +9,6 @@ pg_remote_ssl_src: false
 disable_logging: true
 use_hostname: true
 update_etc_file: true
-enable_core_dump: false
 use_replication_slots: true
 
 pass_dir: "~/.edb"

diff --git a/roles/setup_pgd/defaults/main.yml b/roles/setup_pgd/defaults/main.yml
@@ -22,7 +22,6 @@ disable_logging: true
 use_replication_slots: true
 use_hostname: true
 update_etc_file: true
-enable_core_dump: false
 
 # setting validate_only to true allows you to validate setup on an existing node
 # use_validation flag applies to deployment configuration and validation after setup

diff --git a/roles/setup_pgd/tasks/pg_setup_systemd.yml b/roles/setup_pgd/tasks/pg_setup_systemd.yml
@@ -28,15 +28,3 @@
   become: true
   when:
     - ansible_os_family == 'RedHat'
-
-- name: Add LimitCORE in systemd file
-  edb_devops.edb_postgres.linesinfile:
-    path: "/etc/systemd/system/{{ pg_service }}.service"
-    lines:
-      - line: "LimitCORE=infinity"
-        regexp: "^LimitCORE=.*"
-        insertafter: "^\\[Service\\]$"
-  become: true
-  when:
-    - enable_core_dump|bool
-    - ansible_os_family == 'RedHat'
diff --git a/roles/setup_replication/defaults/main.yml b/roles/setup_replication/defaults/main.yml
@@ -11,8 +11,6 @@ force_replication: false
 use_replication_slots: true
 use_hostname: true
 update_etc_file: true
-enable_core_dump: false
-
 
 # TDE functionality key
 edb_enable_tde: false

diff --git a/roles/setup_replication/tasks/pg_setup_systemd.yml b/roles/setup_replication/tasks/pg_setup_systemd.yml
@@ -29,15 +29,3 @@
   become: true
   when:
     - ansible_os_family == "RedHat"
-
-- name: Add LimitCORE in systemd file
-  edb_devops.edb_postgres.linesinfile:
-    path: "/etc/systemd/system/{{ pg_service }}.service"
-    lines:
-      - line: "LimitCORE=infinity"
-        regexp: "^LimitCORE=.*"
-        insertafter: "^\\[Service\\]$"
-  become: true
-  when:
-    - enable_core_dump|bool
-    - ansible_os_family == 'RedHat'