PMM-14934 Fix admin pass creation

build/ansible/pmm-docker/post-build.yml

@@ -3,42 +3,9 @@
 
 - hosts: all
   become: yes
-  gather_facts: yes
-  vars:
-    pmm_server_distribution: "docker"
+  gather_facts: no
 
   tasks:
-    # pmm-managed checks that if /srv/pmm-distribution exists, it contains "docker", "ovf", "ami" or "digitalocean" - all lowercase.
-    # TODO: refactor the build pipelines to call post-build.yml with the distribution name provided in the variable (above).
-    # https://jira.percona.com/browse/PMM-4991
-    - name: Create a distribution file for Docker
-      copy:
-        content: "{{ pmm_server_distribution}}"
-        dest: /srv/pmm-distribution
-        owner: pmm
-        group: root
-
-    - name: Remove pmm-managed database from PostgreSQL
-      postgresql_db:
-        login_user: postgres
-        name: pmm-managed
-        force: true
-        state: absent
-      environment:
-        PGPASSWORD: "{{ lookup('file', '/srv/.postgres_password') }}"
-
-    - name: Remove pmm-managed role from PostgreSQL database
-      postgresql_user:
-        name: pmm-managed
-        state: absent
-      environment:
-        PGPASSWORD: "{{ lookup('file', '/srv/.postgres_password') }}"
-
-    - name: Remove postgres password file so each container generates a unique one
-      file:
-        path: /srv/.postgres_password
-        state: absent
-
     - name: Stop supervisord service
       command: supervisorctl shutdown
       become: true
@@ -48,12 +15,11 @@
     - name: Cleanup dnf cache
       command: dnf clean all
 
-    - name: Cleanup build logs, data, config files and package cache
+    - name: Cleanup build logs and package cache
       file:
         path: "{{ item }}"
         state: absent
       loop:
-        - /srv/logs
         - /var/log/dnf.log
         - /var/log/secure
         - /var/log/wtmp
@@ -63,9 +29,6 @@
         - /var/lib/pgsql
         - /var/cache/dnf
         - /var/cache/yum
-        - /srv/pmm-encryption.key
-        - /srv/pmm-agent/tmp
-        - /srv/pmm-agent/config
         - /usr/local/percona/pmm/config/pmm-agent.yaml
 
     - name: Remove users created by installers
@@ -77,29 +40,6 @@
         - clickhouse
         - nginx
 
-    - name: Clean Clickhouse dir
-      shell: find /srv/clickhouse -mindepth 1 -maxdepth 1 -print0 | xargs -0 rm -rf --
-
-    - name: Clean pmm-server dir
-      shell: find /usr/share/pmm-server -mindepth 1 -maxdepth 1 -print0 | xargs -0 rm -rf --
-
-    # This step is required because of a change between VictoriaMetrics 1.77.1 and 1.82.1.
-    # VictoriaMetrics tries to atomically rename directories in this folder on startup.
-    # With RedHat-based docker images the rename fails with an error "Invalid cross-device link".
-    # This is due to the way OverlayFS and kernel works. More info https://github.com/moby/moby/issues/25409
-    # This step ensures the directory is empty on startup and the contents are recreated.
-    # This is not an issue if the folder is in a volume or mounted from the host OS.
-    - name: Recreate '/srv/victoriametrics' directory
-      file:
-        state: "{{ item }}"
-        path: /srv/victoriametrics
-        owner: pmm
-        group: root
-        mode: 0775
-      loop:
-        - absent
-        - directory
-
     - name: Remove auto-generated config files
       file:
         path: "/etc/supervisord.d/{{ item }}"
@@ -112,34 +52,16 @@
         - grafana.ini
         - nomad-server.ini
 
-    - name: Create '/srv/logs' directory
-      file:
-        path: /srv/logs
-        state: directory
-        owner: pmm
-        group: root
-        mode: 0775
-
-    - name: Set ownership for Grafana plugins directory
-      file:
-        path: /srv/grafana/plugins
-        owner: pmm
-        group: root
-        recurse: yes
-        state: directory
-        mode: 0775
+    - name: Clean pmm-server dir
+      shell: find /usr/share/pmm-server -mindepth 1 -maxdepth 1 -print0 | xargs -0 rm -rf --
 
-    - name: Set ownership for backup directory
+    - name: Clean /srv directory for fresh initialization on first start
       file:
-        path: /srv/backup
+        path: /srv
+        state: "{{ item }}"
         owner: pmm
         group: root
-        state: directory
         mode: 0775
-
-    - name: Set ownership for Grafana dashboards version file
-      file:
-        path: /srv/grafana/PERCONA_DASHBOARDS_VERSION
-        owner: pmm
-        group: root
-        state: file
+      loop:
+        - absent
+        - directory

build/ansible/roles/nginx/files/nginx.conf

@@ -12,12 +12,11 @@ events {
 }
 
 http {
-    # Configure temporary directories to use /usr/share/pmm-server/nginx
-    client_body_temp_path /usr/share/pmm-server/nginx/client_temp;
-    proxy_temp_path /usr/share/pmm-server/nginx/proxy_temp;
-    fastcgi_temp_path /usr/share/pmm-server/nginx/fastcgi_temp;
-    uwsgi_temp_path /usr/share/pmm-server/nginx/uwsgi_temp;
-    scgi_temp_path /usr/share/pmm-server/nginx/scgi_temp;
+    client_body_temp_path /srv/nginx/tmp/client;
+    proxy_temp_path /srv/nginx/tmp/proxy;
+    fastcgi_temp_path /srv/nginx/tmp/fastcgi;
+    uwsgi_temp_path /srv/nginx/tmp/uwsgi;
+    scgi_temp_path /srv/nginx/tmp/scgi;
 
     map $http_upgrade $connection_upgrade {
         default upgrade;

build/ansible/roles/nginx/tasks/main.yml

@@ -8,12 +8,11 @@
     mode: 0775
   loop:
     - /usr/share/pmm-server/static/
-    - /usr/share/pmm-server/nginx/
-    - /usr/share/pmm-server/nginx/client_temp/
-    - /usr/share/pmm-server/nginx/proxy_temp/
-    - /usr/share/pmm-server/nginx/fastcgi_temp/
-    - /usr/share/pmm-server/nginx/uwsgi_temp/
-    - /usr/share/pmm-server/nginx/scgi_temp/
+    - /srv/nginx/tmp/client/
+    - /srv/nginx/tmp/proxy/
+    - /srv/nginx/tmp/fastcgi/
+    - /srv/nginx/tmp/uwsgi/
+    - /srv/nginx/tmp/scgi/
     - /etc/nginx/conf.d/
     - /etc/nginx/ssl/
 

build/docker/server/entrypoint.sh

@@ -73,27 +73,13 @@ if [ "$CURRENT_UID" != "1000" ] || [ "$CURRENT_GID" != "0" ]; then
     echo "NSS wrapper enabled with $NSS_WRAPPER_LIB"
 fi
 
-# Check /usr/share/pmm-server directory on every start
-echo "Checking /usr/share/pmm-server directory structure..."
-# Still ensure critical directories exist, but don't create empty ones
-if [ ! -d "/usr/share/pmm-server/nginx" ]; then
-    echo "Creating nginx temp directories..."
-    mkdir -p /usr/share/pmm-server/nginx/{client_temp,proxy_temp,fastcgi_temp,uwsgi_temp,scgi_temp}
-fi
-
-if [ ! -d "/srv/pmm-agent/tmp" ]; then
-    echo "Creating pmm-agent temp directory..."
-    install -d -m 770 /srv/pmm-agent/tmp
-fi
-
 # Initialize /srv if empty
 declare DIST_FILE=/srv/pmm-distribution
 if [ ! -f "$DIST_FILE" ]; then
     echo -n "$PMM_DISTRIBUTION_METHOD" > "$DIST_FILE"
     echo "Initializing /srv..."
-    mkdir -p /srv/{backup,clickhouse,grafana,logs,nginx,prometheus,victoriametrics}
+    mkdir -p /srv/{backup,clickhouse,grafana/plugins,logs,nginx,prometheus/rules,victoriametrics}
     echo "Copying grafana plugins and the VERSION file..."
-    mkdir -p /srv/grafana/plugins
     cp -r /usr/share/percona-dashboards/panels/* /srv/grafana/plugins
 
     if is_enabled "$PMM_HA_ENABLE"; then
@@ -125,6 +111,16 @@ if [ ! -f "$DIST_FILE" ]; then
     fi
 fi
 
+if [ ! -d "/srv/nginx/tmp" ]; then
+    echo "Creating nginx temp directories..."
+    mkdir -p /srv/nginx/tmp/{client,proxy,fastcgi,uwsgi,scgi}
+fi
+
+if [ ! -d "/srv/pmm-agent/tmp" ]; then
+    echo "Creating pmm-agent temp directory..."
+    install -d -m 770 /srv/pmm-agent/tmp
+fi
+
 if is_enabled "$PMM_HA_ENABLE"; then
     echo "Skipping embedded PostgreSQL migration in HA mode."
 elif is_enabled "$PMM_DISABLE_BUILTIN_POSTGRES"; then
@@ -179,5 +175,5 @@ fi
 
 unset AGENT_CONFIG_DIR AGENT_ID
 
-# Start supervisor in foreground
+# Start supervisor in foreground, i.e. as PID 1
 exec supervisord -n -c /etc/supervisord.conf