From 7b9ab2d9d1f3360407baa19c7682c4094917c155 Mon Sep 17 00:00:00 2001
From: Mike Reeves <reevesmk@gmail.com>
Date: Mon, 4 May 2026 19:56:14 -0400
Subject: [PATCH] postsalt: enable PG-canonical pillar mode by default during
 so-setup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Drops a local pillar override (postgres.so_pillar.enabled = True) right
after secrets_pillar so the install-time highstate brings up
schema_pillar, ext_pillar_postgres, and the pg_notify_pillar engine
without operator intervention. Without this the whole PG-canonical
stack stays gated off on the default-False flag and the install lands
in legacy disk-pillar mode — which defeats the point of being on the
postsalt branch at all.

The new enable_so_pillar_postgres() function in so-functions is
idempotent (overwrites adv_postgres.sls with a fixed body) and the
generated file is mode 0644 socore:socore so it merges into pillar
under the existing local-pillar directory ownership convention.

Rollback path: edit /opt/so/saltstack/local/pillar/postgres/adv_postgres.sls
to set enabled: False, or delete the file. The schema and engine
config states will tear themselves down on the next highstate via
their existing else-branch absent states.
---
 setup/so-functions | 22 ++++++++++++++++++++++
 setup/so-setup     |  4 ++++
 2 files changed, 26 insertions(+)

diff --git a/setup/so-functions b/setup/so-functions
index 252a378fe..7a212fa50 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1916,6 +1916,28 @@ secrets_pillar(){
   fi
 }
 
+# postsalt: flip postgres:so_pillar:enabled to True in the local pillar so
+# the schema_pillar / ext_pillar_postgres / pg_notify_pillar engine states
+# all activate during the install highstate. Without this the entire
+# PG-canonical pillar stack short-circuits on its default-False gate and
+# the install ends in legacy disk-pillar mode — defeating the point of
+# being on postsalt at all. The companion enabled=False rollback just
+# rewrites this file or removes the flag.
+enable_so_pillar_postgres() {
+	local pillar_dir=/opt/so/saltstack/local/pillar/postgres
+	mkdir -p "$pillar_dir"
+	cat > "$pillar_dir/adv_postgres.sls" <<'EOPILLAR'
+# postsalt: enable PG-canonical pillar mode. Generated by setup/so-functions
+# during install. Flip to False here (or delete this file) to roll back to
+# disk-pillar mode without wiping the so_pillar.* schema in so-postgres.
+postgres:
+  so_pillar:
+    enabled: True
+EOPILLAR
+	chown -R socore:socore "$pillar_dir"
+	chmod 0644 "$pillar_dir/adv_postgres.sls"
+}
+
 set_network_dev_status_list() {
 	readarray -t nmcli_dev_status_list <<< "$(nmcli -t -f DEVICE,STATE -c no dev status)"
 	export nmcli_dev_status_list
diff --git a/setup/so-setup b/setup/so-setup
index 6c77e781c..8c824391c 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -676,6 +676,10 @@ if ! [[ -f $install_opt_file ]]; then
 		info "Populating the secrets pillar"
 		# Create the secrets pillar
 		secrets_pillar
+		info "Enabling postsalt PG-canonical pillar mode"
+		# Flip postgres:so_pillar:enabled so schema_pillar / ext_pillar_postgres /
+		# pg_notify_pillar engine states deploy as part of the install highstate.
+		enable_so_pillar_postgres
 		info "Add socore user"
 		# Add the socore user
 		add_socore_user_manager