A major maintenance activity is on its way: all PostgreSQL 13 services will be upgraded to PostgreSQL 15! Learn more about the migration process and schedule here.
Lucy Linder
Team Lead Site Reliability Engineer
As part of our continuous efforts to provide you with the most secure and efficient managed services, we are excited to announce an important upcoming maintenance activity. From July 1st to August 20th 2024, we will be upgrading all PostgreSQL 13 services to PostgreSQL 15. This upgrade aligns with AWS's key rotation policy and their plan to update RDS PostgreSQL 13 certificate authorities (CA).
AWS will soon upgrade the certificate authorities for RDS PostgreSQL 13. This means that any certificates signed by the current CAs will expire on August 22nd 2024. We want to make sure that our customers are ensured with uninterrupted service and can enjoy the improved features and security enhancements in PostgreSQL 15. That’s why we decided to seize the opportunity to bring PostgreSQL 15 to all our clients.
PostgreSQL 14 changed the default password encryption server parameter from md5 to scram-sha-256. This new authentication encryption requires libpq version 10 or higher. PostgreSQL drivers such as psycopg2
(Python), pg
(Ruby), and pdo_pgsql
(PHP PDO extension) are known to rely on libpq behind the scenes.
All divio/base images are already updated to use a recent version of libpq; if your application uses such an image, ensure you rebuild the application before the migration.
Please read the Divio documentation to learn how to check your version of libpq: https://docs.divio.com/how-to/upgrade-postgres/
Other incompatibilities may cause problems after the migration, but this highly depends on your usage. To avoid any surprises, we recommend that you check the PostgreSQL changelogs for known incompatibilities:
Use your local and test environments to carefully test your application with PostgreSQL 15 prior to the migration. See how to upgrade PostgreSQL in our documentation for more information on how to adapt your local environment.
Between July 1st and August 20th 2024, we will schedule the migration of Divio applications using one or more PostgreSQL 13 instances, starting with the free plans.
Enterprise customers with private CloudSpaces will be contacted separately to agree on a suitable time for the migration.
Once your application is scheduled for migration, you will see an entry called “Migration from PostgreSQL 13 to PostgreSQL 15” in the “Maintenance” tab and receive a notification by email. The migration is scheduled to run in the next available maintenance window 14 days after the notification. This gives you at least two weeks to test your application and consider a manual upgrade (keep reading).
For example, if the migration of the application foo
was created on June 4th, it will not run until 14 days after the initial notification, which is June 18th. Since the application is configured with a maintenance window on Mondays, the final date of the migration is June 24th.
You can trigger the automatic migration before the scheduled date by clicking on the “Start now” button.
The automatic migration process follows these steps sequentially for each environment using at least one PostgreSQL 13 instance:
Provision a new PostgreSQL database 15 instance.
Pause the application and display a generic maintenance page to visitors.
Copy the data over from the old PostgreSQL database to the new one.
Redeploy the application. Note that the application will not be rebuilt. The same codebase is used, but some environment variables are modified to point the application to PostgreSQL 15.
Unpause the application.
Delete the old PostgreSQL 13 database.
During steps 2-5, the application is unavailable. If the redeployment fails (step 4), the application is reverted to its previous state and the migration is stopped. A new migration can be planned once the issues are resolved.
The migration starts with the test environment. If it fails, the live environment is left untouched. If an environment is not deployed, steps 2, 4, and 5 are skipped.
The entire migration should take up to 15 minutes. The exact duration will vary based on the volume of data being migrated. If your database is small, the migration may be completed in a few minutes. For large databases, you may want to consider manual upgrades.
Manual migration can be performed as soon as PostgreSQL 15 is available in your region (check the “Services” tab). You do not need to wait for an automatic migration to be scheduled.
The automatic migration is scheduled to run at a specific time and causes minimal downtime.
If you prefer to manage your migration yourself, please refer to our documentation for a step-by-step guide. Be sure to pay close attention to the risks and instructions specific to PostgreSQL 15.
It is important to complete the manual migration of all PostgreSQL 13 services before the scheduled automatic migration date. This includes inactive or backup services within an environment (e.g. an outdated PostgreSQL 13 service that may remain after a manual migration). Failure to do so will result in the automatic upgrade to proceed as planned and result in application downtime.
Update Your Tools: Ensure that you are using the latest versions of any tools dependent on libpq to support SCRAM authentication and check for known incompatibilities that could affect your application.
Test Your App: Check for known incompatibilities that could affect your application in advance, and take advantage of the local and test environments provided by Divio to avoid surprises.
Plan for Downtime: Be aware of the scheduled maintenance and plan for up to 15 minutes of downtime.
Consider Manual Migration: To avoid downtime, review the manual upgrade guide and complete any manual migrations before our scheduled upgrade.
Don’t Procrastinate: PostgreSQL 13 databases will be decommissioned on August 22nd 2024. Be sure to complete all migrations before that date. You can start the manual migration as soon as PostgreSQL 15 is available in your region.
Review Hard-Coded Certificates: The PostgreSQL 15 databases will be signed by the rds-ca-rsa2048-g1 CA, which is available for download on AWS.
Our support team is here to assist you with any questions or concerns you may have regarding this upgrade. Please do not hesitate to reach out if you need further information or assistance.
We appreciate your cooperation and understanding as we work to enhance our services. Thank you for choosing us as your PaaS provider.
Happy Migration!
The Divio Team