From 7d07f3c8fe1f1d7317aa4ac4bb7d4d345ccd158d Mon Sep 17 00:00:00 2001
From: Mike Reeves <reevesmk@gmail.com>
Date: Fri, 17 Apr 2026 10:51:08 -0400
Subject: [PATCH] Create so_telegraf DB from Salt and pin pg_partman schema

init-users.sh only runs on a fresh data dir, so upgrades onto an
existing /nsm/postgres volume never got so_telegraf. Pinning partman's
schema also makes partman.part_config reliably resolvable.
---
 salt/postgres/telegraf_users.sls | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/salt/postgres/telegraf_users.sls b/salt/postgres/telegraf_users.sls
index 5a3ea73e9..8c62a8961 100644
--- a/salt/postgres/telegraf_users.sls
+++ b/salt/postgres/telegraf_users.sls
@@ -10,6 +10,19 @@
 {% set TG_OUT = (GLOBALS.telegraf_output | default('INFLUXDB')) | upper %}
 {% if TG_OUT in ['POSTGRES', 'BOTH'] %}
 
+# Ensure the shared Telegraf database exists. init-users.sh only runs on a
+# fresh data dir, so hosts upgraded onto an existing /nsm/postgres volume
+# would otherwise never get so_telegraf.
+postgres_create_telegraf_db:
+  cmd.run:
+    - name: |
+        docker exec -i so-postgres psql -v ON_ERROR_STOP=1 -U postgres -d postgres <<'EOSQL'
+        SELECT 'CREATE DATABASE so_telegraf'
+        WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'so_telegraf')\gexec
+        EOSQL
+    - require:
+      - docker_container: so-postgres
+
 # Provision the shared group role and schema once. Every per-minion role is a
 # member of so_telegraf, and each Telegraf connection does SET ROLE so_telegraf
 # (via options='-c role=so_telegraf' in the connection string) so tables created
@@ -28,7 +41,8 @@ postgres_telegraf_group_role:
         GRANT CONNECT ON DATABASE so_telegraf TO so_telegraf;
         CREATE SCHEMA IF NOT EXISTS telegraf AUTHORIZATION so_telegraf;
         GRANT USAGE, CREATE ON SCHEMA telegraf TO so_telegraf;
-        CREATE EXTENSION IF NOT EXISTS pg_partman;
+        CREATE SCHEMA IF NOT EXISTS partman;
+        CREATE EXTENSION IF NOT EXISTS pg_partman SCHEMA partman;
         CREATE EXTENSION IF NOT EXISTS pg_cron;
         -- Hourly partman maintenance. cron.schedule is idempotent by jobname.
         SELECT cron.schedule(
@@ -38,7 +52,7 @@ postgres_telegraf_group_role:
         );
         EOSQL
     - require:
-      - docker_container: so-postgres
+      - cmd: postgres_create_telegraf_db
 
 {%   set users = salt['pillar.get']('postgres:auth:users', {}) %}
 {%   for key, entry in users.items() %}