wassname/docker-postgresql
1
0
Fork 0
mirror of https://github.com/wassname/docker-postgresql.git synced 2026-06-28 03:01:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'complete-rewrite-and-reorg'

Browse Source
This commit is contained in:
Sameer Naik
2015-11-27 15:44:26 +05:30
parent a68b58aefe c5522c9fda
commit c7bae0d677
7 changed files with 682 additions and 372 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Changelog.md
+10
View File
@@ -1,5 +1,15 @@
# Changelog
**latest**
- complete rewrite
- `PSQL_TRUST_LOCALNET` config parameter renamed to `PG_TRUST_LOCALNET`
- `PSQL_MODE` config parameter renamed to `REPLICATION_MODE`
- `PSQL_SSLMODE` config parameter renamed to `REPLICATION_SSLMODE`
- defined `/etc/postgresql/certs` as the mountpoint to install SSL key and certificate
- added `PG_SSL` parameter to enable/disable SSL support
- `DB_LOCALE` config parameter renamed to `PG_LOCALE`
- complete rewrite of the README
**9.4-2**
- added replication options
Dockerfile
+12 -6
View File
@@ -1,26 +1,32 @@
FROM sameersbn/ubuntu:14.04.20151117
MAINTAINER sameer@damagehead.com
ENV PG_VERSION=9.4 \
ENV PG_APP_HOME="/etc/docker-postgresql"\
PG_VERSION=9.4 \
PG_USER=postgres \
PG_HOME=/var/lib/postgresql \
PG_RUNDIR=/run/postgresql \
PG_LOGDIR=/var/log/postgresql
PG_LOGDIR=/var/log/postgresql \
PG_CERTDIR=/etc/postgresql/certs
ENV PG_BINDIR="/usr/lib/postgresql/${PG_VERSION}/bin" \
PG_CONFDIR="${PG_HOME}/${PG_VERSION}/main" \
PG_DATADIR="${PG_HOME}/${PG_VERSION}/main"
ENV PG_BINDIR=/usr/lib/postgresql/${PG_VERSION}/bin \
PG_DATADIR=${PG_HOME}/${PG_VERSION}/main
RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
&& echo 'deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main' > /etc/apt/sources.list.d/pgdg.list \
&& apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y postgresql-${PG_VERSION} postgresql-client-${PG_VERSION} postgresql-contrib-${PG_VERSION} \
&& ln -sf ${PG_DATADIR}/postgresql.conf /etc/postgresql/${PG_VERSION}/main/postgresql.conf \
&& ln -sf ${PG_DATADIR}/pg_hba.conf /etc/postgresql/${PG_VERSION}/main/pg_hba.conf \
&& ln -sf ${PG_DATADIR}/pg_ident.conf /etc/postgresql/${PG_VERSION}/main/pg_ident.conf \
&& rm -rf ${PG_HOME} \
&& rm -rf /var/lib/apt/lists/*
COPY runtime/ ${PG_APP_HOME}/
COPY entrypoint.sh /sbin/entrypoint.sh
RUN chmod 755 /sbin/entrypoint.sh
EXPOSE 5432/tcp
VOLUME ["${PG_HOME}", "${PG_RUNDIR}"]
CMD ["/sbin/entrypoint.sh"]
WORKDIR ${PG_HOME}
ENTRYPOINT ["/sbin/entrypoint.sh"]
README.md
+233 -144
View File
@@ -1,61 +1,59 @@
[![Circle CI](https://circleci.com/gh/sameersbn/docker-postgresql.svg?style=svg)](https://circleci.com/gh/sameersbn/docker-postgresql) [![Docker Repository on Quay.io](https://quay.io/repository/sameersbn/postgresql/status "Docker Repository on Quay.io")](https://quay.io/repository/sameersbn/postgresql)
[![Circle CI](https://circleci.com/gh/sameersbn/docker-postgresql.svg?style=shield)](https://circleci.com/gh/sameersbn/docker-postgresql) [![Docker Repository on Quay.io](https://quay.io/repository/sameersbn/postgresql/status "Docker Repository on Quay.io")](https://quay.io/repository/sameersbn/postgresql)
# Table of Contents
# sameersbn/postgresql:9.4-8
- [Introduction](#introduction)
- [Changelog](Changelog.md)
- [Contributing](#contributing)
- [Reporting Issues](#reporting-issues)
- [Installation](#installation)
- [Quick Start](#quick-start)
- [Persistence](#persistence)
- [Creating User and Database at Launch](#creating-user-and-database-at-launch)
- [Creating a Snapshot or Slave Database](#creating-a-snapshot-or-slave-database)
- [Host UID / GID Mapping](#host-uid--gid-mapping)
- [Upgrading](#upgrading)
- [Shell Access](#shell-access)
- [Contributing](#contributing)
- [Issues](#issues)
- [Getting started](#getting-started)
- [Installation](#installation)
- [Quickstart](#quickstart)
- [Command-line arguments](#command-line-arguments)
- [Persistence](#persistence)
- [Setting the default locale](#setting-the-default-locale)
- [Trusting local connections](#trusting-local-connections)
- [Creating database user](#creating-database-user)
- [Creating databases](#creating-databases)
- [Enabling unaccent extension](#enabling-unaccent-extension)
- [Granting user access to a database](#granting-user-access-to-a-database)
- [Creating replication user](#creating-replication-user)
- [Setting up a replication cluster](#setting-up-a-replication-cluster)
- [Creating a snapshot](#creating-a-snapshot)
- [Logs](#logs)
- [UID/GID mapping](#uid-gid-mapping)
- [Maintenance](#maintenance)
- [Upgrading](#upgrading)
- [Shell Access](#shell-access)
# Introduction
Dockerfile to build a PostgreSQL container image which can be linked to other containers.
`Dockerfile` to create a [Docker](https://www.docker.com/) container image for [PostgreSQL](http://postgresql.org/).
# Contributing
PostgreSQL is an object-relational database management system (ORDBMS) with an emphasis on extensibility and standards-compliance [[source](https://en.wikipedia.org/wiki/PostgreSQL)].
## Contributing
If you find this image useful here's how you can help:
- Send a Pull Request with your awesome new features and bug fixes
- Help new users with [Issues](https://github.com/sameersbn/docker-postgresql/issues) they may encounter
- Send a pull request with your awesome features and bug fixes
- Help users resolve their [issues](../../issues?q=is%3Aopen+is%3Aissue).
- Support the development of this image with a [donation](http://www.damagehead.com/donate/)
# Reporting Issues
## Issues
Docker is a relatively new project and is being actively developed and tested by a thriving community of developers and testers and every release of Docker features many enhancements and bugfixes.
Before reporting your issue please try updating Docker to the latest version and check if it resolves the issue. Refer to the Docker [installation guide](https://docs.docker.com/installation) for instructions.
Given the nature of the development and release cycle it is very important that you have the latest version of docker installed because any issue that you encounter might have already been fixed with a newer docker release.
SELinux users should try disabling SELinux using the command `setenforce 0` to see if it resolves the issue.
For ubuntu users I suggest [installing docker](https://docs.docker.com/installation/ubuntulinux/) using docker's own package repository since the version of docker packaged in the ubuntu repositories are a little dated.
If the above recommendations do not help then [report your issue](../../issues/new) along with the following information:
Here is the shortform of the installation of an updated version of docker on ubuntu.
- Output of the `docker version` and `docker info` commands
- The `docker run` command or `docker-compose.yml` used to start the image. Mask out the sensitive bits.
- Please state if you are using [Boot2Docker](http://www.boot2docker.io), [VirtualBox](https://www.virtualbox.org), etc.
```bash
sudo apt-get purge docker.io
curl -s https://get.docker.io/ubuntu/ | sudo sh
sudo apt-get update
sudo apt-get install lxc-docker
```
# Getting started
Fedora and RHEL/CentOS users should try disabling selinux with `setenforce 0` and check if resolves the issue. If it does than there is not much that I can help you with. You can either stick with selinux disabled (not recommended by redhat) or switch to using ubuntu.
If using the latest docker version and/or disabling selinux does not fix the issue then please file a issue request on the [issues](https://github.com/sameersbn/docker-postgresql/issues) page.
In your issue report please make sure you provide the following information:
- The host distribution and release version.
- Output of the `docker version` command
- Output of the `docker info` command
- The `docker run` command you used to run the image (mask out the sensitive bits).
# Installation
## Installation
Automated builds of the image are available on [Dockerhub](https://hub.docker.com/r/sameersbn/postgresql) and is the recommended method of installation.
@@ -65,203 +63,294 @@ Automated builds of the image are available on [Dockerhub](https://hub.docker.co
docker pull sameersbn/postgresql:9.4-8
```
Alternately you can build the image yourself.
Alternatively you can build the image yourself.
```bash
docker build -t sameersbn/postgresql github.com/sameersbn/docker-postgresql
```
# Quick Start
## Quickstart
Run the postgresql image
Start PostgreSQL using:
```bash
docker run --name postgresql -d sameersbn/postgresql:9.4-8
docker run --name postgresql -itd --restart always \
--publish 5432:5432 \
--volume /srv/docker/postgresql:/var/lib/postgresql \
sameersbn/postgresql:9.4-8
```
The simplest way to login to the postgresql container as the administrative `postgres` user is to use the `docker exec` command to attach a new process to the running container and connect to the postgresql server over the unix socket.
Login to the PostgreSQL server using:
```bash
docker exec -it postgresql sudo -u postgres psql
```
# Persistence
*Alternatively, you can use the sample [docker-compose.yml](docker-compose.yml) file to start the container using [Docker Compose](https://docs.docker.com/compose/)*
For data persistence a volume should be mounted at `/var/lib/postgresql`.
## Command-line arguments
SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.
You can customize the launch command of PostgreSQL server by specifying arguments for `postgres` on the `docker run` command. For example the following command enables connection logging:
```bash
mkdir -p /opt/postgresql/data
sudo chcon -Rt svirt_sandbox_file_t /opt/postgresql/data
docker run --name postgresql -itd --restart always \
sameersbn/postgresql:9.4-8 -c log_connections=on
```
The updated run command looks like this.
Please refer to the documentation of [postgres](http://www.postgresql.org/docs/9.4/static/app-postgres.html) for the complete list of available options.
## Persistence
For PostgreSQL to preserve its state across container shutdown and startup you should mount a volume at `/var/lib/postgresql`.
> *The [Quickstart](#quickstart) command already mounts a volume for persistence.*
SELinux users should update the security context of the host mountpoint so that it plays nicely with Docker:
```bash
docker run --name postgresql -d \
-v /opt/postgresql/data:/var/lib/postgresql sameersbn/postgresql:9.4-8
mkdir -p /srv/docker/postgresql
chcon -Rt svirt_sandbox_file_t /srv/docker/postgresql
```
This will make sure that the data stored in the database is not lost when the image is stopped and started again.
## Setting the default locale
# Creating User and Database at Launch
*This is an experimental option. Please share your feedback and/or suggestions*
The image allows you to create a user and database at launch time.
Using the `PG_LOCALE` variable you can set the default [locale](http://www.postgresql.org/docs/9.4/static/locale.html) for the database cluster. The default value of this variable is `PG_LOCALE=C`.
To create a new user you should specify the `DB_USER` and `DB_PASS` variables. The following command will create a new user *dbuser* with the password *dbpass*.
[Example redacted]
> **Note**
>
> This variable is effective only on the first run of the container as it is used while creating a new PostgreSQL database cluster using [initdb](http://www.postgresql.org/docs/9.4/static/app-initdb.html)
## Trusting local connections
By default connections to the PostgreSQL server need to authenticated using a password. If desired you can trust connections from the local network using the `PG_TRUST_LOCALNET` variable.
```bash
docker run --name postgresql -d \
-e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' \
docker run --name postgresql -itd --restart always \
--env 'PG_TRUST_LOCALNET=true' \
sameersbn/postgresql:9.4-8
```
**NOTE**
- If the password is not specified the user will not be created
- If the user user already exists no changes will be made
> **Note**
>
> The local network here is network to which the container is attached. This has different meanings depending on the `--net` parameter specified while starting the container. In the default configuration, this parameter would trust connections from other containers on the `docker0` bridge.
Similarly, you can also create a new database by specifying the database name in the `DB_NAME` variable.
## Creating database user
A new PostgreSQL database user can be created by specifying the `DB_USER` and `DB_PASS` variables while starting the container.
```bash
docker run --name postgresql -d \
-e 'DB_NAME=dbname' sameersbn/postgresql:9.4-8
```
You may also specify a comma separated list of database names in the `DB_NAME` variable. The following command creates two new databases named *dbname1* and *dbname2* (p.s. this feature is only available in releases greater than 9.1-1).
```bash
docker run --name postgresql -d \
-e 'DB_NAME=dbname1,dbname2' \
docker run --name postgresql -itd --restart always \
--env 'DB_USER=dbuser' --env 'DB_PASS=dbuserpass' \
sameersbn/postgresql:9.4-8
```
If the `DB_USER` and `DB_PASS` variables are also specified while creating the database, then the user is granted access to the database(s).
> **Notes**
>
> - The created user can login remotely
> - The container will error out if a password is not specified for the user
> - No changes will be made if the user already exists
> - Only a single user can be created at each launch
For example,
## Creating databases
A new PostgreSQL database can be created by specifying the `DB_NAME` variable while starting the container.
```bash
docker run --name postgresql -d \
-e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' -e 'DB_NAME=dbname' \
docker run --name postgresql -itd --restart always \
--env 'DB_NAME=dbname' \
sameersbn/postgresql:9.4-8
```
will create a user *dbuser* with the password *dbpass*. It will also create a database named *dbname* and the *dbuser* user will have full access to the *dbname* database.
Additionally, more than one database can be created by specifying a comma separated list of database names in `DB_NAME`. For example, the following command creates two new databases named `dbname1` and `dbname2`.
The `DB_LOCALE` environment variable can be used to configure the locale used for database creation. Its default value is set to C.
The `PSQL_TRUST_LOCALNET` environment variable can be used to configure postgres to trust connections on the same network. This is handy for other containers to connect without authentication. To enable this behavior, set `PSQL_TRUST_LOCALNET` to `true`.
For example,
*This feature is only available in releases greater than `9.1-1`*
```bash
docker run --name postgresql -d \
-e 'PSQL_TRUST_LOCALNET=true' \
docker run --name postgresql -itd --restart always \
--env 'DB_NAME=dbname1,dbname2' \
sameersbn/postgresql:9.4-8
```
This has the effect of adding the following to the `pg_hba.conf` file:
# Enabling unaccent extension
```
host all all samenet trust
```
Unaccent is a text search dictionary that removes accents (diacritic signs) from lexemes. It's a filtering dictionary, which means its output is always passed to the next dictionary (if any), unlike the normal behavior of dictionaries. This allows accent-insensitive processing for full text search [[source](http://www.postgresql.org/docs/9.4/static/unaccent.html)].
# Creating a Snapshot or Slave Database
You may use the `PSQL_MODE` variable along with `REPLICATION_HOST`, `REPLICATION_PORT`, `REPLICATION_USER` and `REPLICATION_PASS` to create a snapshot of an existing database and enable stream replication.
Your master database must support replication or super-user access for the credentials you specify. The `PSQL_MODE` variable should be set to `master`, for replication on your master node and `slave` or `snapshot` respectively for streaming replication or a point-in-time snapshot of a running instance.
Create a master instance
You can enable the unaccent extension on database(s) by specifying `DB_UNACCENT=true`. For example, the following command enables the unaccent extension for the `dbname` database.
```bash
docker run --name='psql-master' -it --rm \
-e 'PSQL_MODE=master' -e 'PSQL_TRUST_LOCALNET=true' \
-e 'REPLICATION_USER=replicator' -e 'REPLICATION_PASS=replicatorpass' \
-e 'DB_NAME=dbname' -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' \
docker run --name postgresql -itd \
--env 'DB_NAME=dbname' --env 'DB_UNACCENT=true' \
sameersbn/postgresql:9.4-8
```
Create a streaming replication instance
*By default the unaccent extension is disabled*
## Granting user access to a database
If the `DB_USER` and `DB_PASS` variables are specified along with the `DB_NAME` variable, then the user specified in `DB_USER` will be granted access to all the databases listed in `DB_NAME`. Note that if the user and/or databases do not exist, they will be created.
```bash
docker run --name='psql-slave' -it --rm \
--link psql-master:psql-master \
-e 'PSQL_MODE=slave' -e 'PSQL_TRUST_LOCALNET=true' \
-e 'REPLICATION_HOST=psql-master' -e 'REPLICATION_PORT=5432' \
-e 'REPLICATION_USER=replicator' -e 'REPLICATION_PASS=replicatorpass' \
docker run --name postgresql -itd --restart always \
--env 'DB_USER=dbuser' --env 'DB_PASS=dbuserpass' \
--env 'DB_NAME=dbname1,dbname2' \
sameersbn/postgresql:9.4-8
```
# Enable Unaccent (Search plain text with accent)
In the above example `dbuser` with be granted access to both the `dbname1` and `dbname2` databases.
Unaccent is a text search dictionary that removes accents (diacritic signs) from lexemes. It's a filtering dictionary, which means its output is always passed to the next dictionary (if any), unlike the normal behavior of dictionaries. This allows accent-insensitive processing for full text search.
## Creating replication user
By default unaccent is configure to `false`
Similar to the creation of a database user, a new PostgreSQL replication user can be created by specifying the `REPLICATION_USER` and `REPLICATION_PASS` variables while starting the container.
```bash
docker run --name postgresql -d \
-e 'DB_UNACCENT=true' \
docker run --name postgresql -itd --restart always \
--env 'REPLICATION_USER=repluser' --env 'REPLICATION_PASS=repluserpass' \
sameersbn/postgresql:9.4-8
```
# Host UID / GID Mapping
> **Notes**
>
> - The created user can login remotely
> - The container will error out if a password is not specified for the user
> - No changes will be made if the user already exists
> - Only a single user can be created at each launch
Per default the container is configured to run postgres as user and group `postgres` with some unknown `uid` and `gid`. The host possibly uses these ids for different purposes leading to unfavorable effects. From the host it appears as if the mounted data volumes are owned by the host's user/group `[whatever id postgres has in the image]`.
*It is a good idea to create a replication user even if you are not going to use it as it will allow you to setup slave nodes and/or generate snapshots when the need arises.*
Also the container processes seem to be executed as the host's user/group `[whatever id postgres has in the image]`. The container can be configured to map the `uid` and `gid` of `postgres` to different ids on host by passing the environment variables `USERMAP_UID` and `USERMAP_GID`. The following command maps the ids to user and group `postgres` on the host.
## Setting up a replication cluster
When the container is started, it is by default configured to act as a master node in a replication cluster. This means that you can scale your PostgreSQL database backend when the need arises without incurring any downtime. However do note that a replication user must exist on the master node for this to work.
Begin by creating the master node of our cluster:
```bash
docker run --name=postgresql -it --rm [options] \
--env="USERMAP_UID=$(id -u postgres)" --env="USERMAP_GID=$(id -g postgres)" \
docker run --name postgresql-master -itd --restart always \
--env 'DB_USER=dbuser' --env 'DB_PASS=dbuserpass' --env 'DB_NAME=dbname' \
--env 'REPLICATION_USER=repluser' --env 'REPLICATION_PASS=repluserpass' \
sameersbn/postgresql:9.4-8
```
Notice that no additional arguments are specified while starting the master node of the cluster.
# Upgrading
To create a replication slave the `REPLICATION_MODE` variable should be set to `slave` and additionally the `REPLICATION_HOST`, `REPLICATION_PORT`, `REPLICATION_SSLMODE`, `REPLICATION_USER` and `REPLICATION_PASS` variables should be specified.
To upgrade to newer releases, simply follow this 3 step upgrade procedure.
- **Step 1**: Stop the currently running image
Create a slave node:
```bash
docker stop postgresql
docker run --name postgresql-slave01 -itd --restart always \
--link postgresql-master:master \
--env 'REPLICATION_MODE=slave' -e 'REPLICATION_SSLMODE=prefer' \
--env 'REPLICATION_HOST=master' -e 'REPLICATION_PORT=5432' \
--env 'REPLICATION_USER=repluser' --env 'REPLICATION_PASS=repluserpass' \
sameersbn/postgresql:9.4-8
```
- **Step 2**: Update the docker image.
*In the above command, we used docker links so that we can address the master node using the `master` alias in `REPLICATION_HOST`.*
> **Note**
>
> - The default value of `REPLICATION_PORT` is `5432`
> - The default value of `REPLICATION_SSLMODE` is `prefer`
> - The value of `REPLICATION_USER` and `REPLICATION_PASS` should be the same as the ones specified on the master node.
And just like that with minimal effort you have a PostgreSQL replication cluster setup. You can create additional slaves to scale the cluster horizontally.
Here are some important notes about a PostgreSQL replication cluster:
- Writes can only occur on the master
- Slaves are read-only
- For best performance, limit the reads to the slave nodes
## Creating a snapshot
Similar to a creating replication slave node, you can create a snapshot of the master by specifying `REPLICATION_MODE=snapshot`.
Once the master node is created as specified in [Setting up a replication cluster](#setting-up-a-replication-cluster), you can create a snapshot using:
```bash
docker pull sameersbn/postgresql:9.4-8
docker run --name postgresql-snapshot -itd --restart always \
--link postgresql-master:master \
--env 'REPLICATION_MODE=snapshot' -e 'REPLICATION_SSLMODE=prefer' \
--env 'REPLICATION_HOST=master' -e 'REPLICATION_PORT=5432' \
--env 'REPLICATION_USER=repluser' --env 'REPLICATION_PASS=repluserpass' \
sameersbn/postgresql:9.4-8
```
- **Step 3**: Start the image
The difference between a slave and a snapshot is that a slave is read-only and updated whenever the master data is updated (streaming replication), while a snapshot is read-write and is not updated after the initial snapshot of the data on the master.
This is useful for developers to quickly snapshot the current state of a live database and use it for development/debugging purposes without altering the database on the live instance.
## Logs
By default the PostgreSQL server logs are sent to the standard output. Using the [Command-line arguments](#command-line-arguments) feature you can configure the PostgreSQL server to send the log output to a file using the `-c logging_collector=on` argument:
```bash
docker run --name postgresql -d [OPTIONS] sameersbn/postgresql:9.4-8
docker run --name postgresql -itd --restart always \
sameersbn/postgresql:9.4-8 -c logging_collector=on
```
# Shell Access
To access the PostgreSQL logs you can use `docker exec`. For example:
For debugging and maintenance purposes you may want access the containers shell. If you are using docker version `1.3.0` or higher you can access a running containers shell using `docker exec` command.
```bash
docker exec -it postgresql tail -f /var/log/postgresql/postgresql-9.4-main.log
```
# UID/GID mapping
The files and processes created by the container are owned by the `postgres` user that is internal to the container. In the absense of user namespace in docker the UID and GID of the containers `postgres` user may have different meaning on the host.
For example, a user on the host with the same UID and/or GID as the `postgres` user of the container will be able to access the data in the persistent volumes mounted from the host as well as be able to KILL the `postgres` server process started by the container.
To circumvent this issue you can specify the UID and GID for the `postgres` user of the container using the `USERMAP_UID` and `USERMAP_GID` variables respectively.
For example, if you want to assign the `postgres` user of the container the UID and GID `999`:
```bash
docker run --name postgresql -itd --restart always \
--env 'USERMAP_UID=999' --env 'USERMAP_GID=999' \
sameersbn/postgresql:9.4-8
```
# Maintenance
## Upgrading
To upgrade to newer releases:
1. Download the updated Docker image:
```bash
docker pull sameersbn/postgresql:9.4-8
```
2. Stop the currently running image:
```bash
docker stop postgresql
```
3. Remove the stopped container
```bash
docker rm -v postgresql
```
4. Start the updated image
```bash
docker run --name postgresql -itd \
[OPTIONS] \
sameersbn/postgresql:9.4-8
```
## Shell Access
For debugging and maintenance purposes you may want access the containers shell. If you are using Docker version `1.3.0` or higher you can access a running containers shell by starting `bash` using `docker exec`:
```bash
docker exec -it postgresql bash
```
If you are using an older version of docker, you can use the [nsenter](http://man7.org/linux/man-pages/man1/nsenter.1.html) linux tool (part of the util-linux package) to access the container shell.
Some linux distros (e.g. ubuntu) use older versions of the util-linux which do not include the `nsenter` tool. To get around this @jpetazzo has created a nice docker image that allows you to install the `nsenter` utility and a helper script named `docker-enter` on these distros.
To install `nsenter` execute the following command on your host,
```bash
docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter
```
Now you can access the container shell using the command
```bash
sudo docker-enter postgresql
```
For more information refer https://github.com/jpetazzo/nsenter
docker-compose.yml
+15
View File
@@ -0,0 +1,15 @@
PostgreSQL:
restart: always
image: sameersbn/postgresql:9.4-8
ports:
- "5432:5432"
environment:
- DB_USER=
- DB_PASS=
- DB_NAME=
- REPLICATION_MODE=
- REPLICATION_USER=
- REPLICATION_PASS=
- REPLICATION_SSLMODE=
volumes:
- /srv/docker/postgresql:/var/lib/postgresql
entrypoint.sh
+27 -222
View File
@@ -1,234 +1,39 @@
#!/bin/bash
set -e
source ${PG_APP_HOME}/functions
# set this env variable to true to enable a line in the
# pg_hba.conf file to trust samenet. this can be used to connect
# from other containers on the same host without authentication
PSQL_TRUST_LOCALNET=${PSQL_TRUST_LOCALNET:-false}
DB_NAME=${DB_NAME:-}
DB_USER=${DB_USER:-}
DB_PASS=${DB_PASS:-}
DB_LOCALE=${DB_LOCALE:-C}
DB_UNACCENT=${DB_UNACCENT:false}
# by default postgresql will start up as a standalone instance.
# set this environment variable to master, slave or snapshot to use replication features.
# "snapshot" will create a point in time backup of a master instance.
PSQL_MODE=${PSQL_MODE:-standalone}
REPLICATION_USER=${REPLICATION_USER:-}
REPLICATION_PASS=${REPLICATION_PASS:-}
REPLICATION_HOST=${REPLICATION_HOST:-}
REPLICATION_PORT=${REPLICATION_PORT:-5432}
# set this env variable to "require" to enable encryption and "verify-full" for verification.
PSQL_SSLMODE=${PSQL_SSLMODE:-disable}
map_postgres_uid() {
USERMAP_ORIG_UID=$(id -u ${PG_USER})
USERMAP_ORIG_GID=$(id -g ${PG_USER})
USERMAP_GID=${USERMAP_GID:-${USERMAP_UID:-$USERMAP_ORIG_GID}}
USERMAP_UID=${USERMAP_UID:-$USERMAP_ORIG_UID}
if [[ ${USERMAP_UID} != ${USERMAP_ORIG_UID} ]] || [[ ${USERMAP_GID} != ${USERMAP_ORIG_GID} ]]; then
echo "Adapting uid and gid for ${PG_USER}:${PG_USER} to $USERMAP_UID:$USERMAP_GID"
groupmod -g ${USERMAP_GID} ${PG_USER}
sed -i -e "s/:${USERMAP_ORIG_UID}:${USERMAP_GID}:/:${USERMAP_UID}:${USERMAP_GID}:/" /etc/passwd
fi
}
create_data_dir() {
mkdir -p ${PG_HOME}
chmod -R 0700 ${PG_HOME}
chown -R ${PG_USER}:${PG_USER} ${PG_HOME}
}
create_log_dir() {
mkdir -p ${PG_LOGDIR}
chmod -R 1775 ${PG_LOGDIR}
chown -R root:${PG_USER} ${PG_LOGDIR}
}
create_run_dir() {
mkdir -p ${PG_RUNDIR} ${PG_RUNDIR}/${PG_VERSION}-main.pg_stat_tmp
chmod -R 0755 ${PG_RUNDIR}
chmod g+s ${PG_RUNDIR}
chown -R ${PG_USER}:${PG_USER} ${PG_RUNDIR}
}
map_postgres_uid
create_data_dir
create_log_dir
create_run_dir
cd ${PG_HOME}
# initialize PostgreSQL data directory
if [[ ! -d ${PG_DATADIR} ]]; then
if [[ ${PSQL_MODE} == slave || ${PSQL_MODE} == snapshot ]]; then
echo "Replicating database..."
if [[ ${PSQL_MODE} == snapshot ]]; then
sudo -Hu ${PG_USER} \
PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
-h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -w -x -v -P
elif [[ ${PSQL_MODE} == slave ]]; then
# Setup streaming replication.
sudo -Hu ${PG_USER} \
PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
-h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -X stream -w -v -P
echo "Setting up hot standby configuration..."
sudo -Hu ${PG_USER} sed -i "s|^#hot_standby = .*|hot_standby = on|" ${PG_CONFDIR}/postgresql.conf
sudo -Hu ${PG_USER} touch ${PG_DATADIR}/recovery.conf
( echo "standby_mode = 'on'";
echo "primary_conninfo = 'host=${REPLICATION_HOST} port=${REPLICATION_PORT} user=${REPLICATION_USER} password=${REPLICATION_PASS} sslmode=${PSQL_SSLMODE}'";
echo "trigger_file = '/tmp/postgresql.trigger'" ) > ${PG_DATADIR}/recovery.conf
fi
else
# check if we need to perform data migration
PG_OLD_VERSION=$(find ${PG_HOME}/[0-9].[0-9]/main -maxdepth 1 -name PG_VERSION 2>/dev/null | sort -r | head -n1 | cut -d'/' -f5)
if [[ $DB_LOCALE != C ]]; then
echo "Generating required locale \"${DB_LOCALE}\"..."
locale-gen ${DB_LOCALE} >/dev/null
fi
echo "Initializing database..."
sudo -Hu ${PG_USER} ${PG_BINDIR}/initdb --pgdata=${PG_DATADIR} \
--username=${PG_USER} --encoding=unicode --locale=${DB_LOCALE} --auth=trust >/dev/null
fi
# allow arguments to be passed to postgres
if [[ ${1:0:1} = '-' ]]; then
EXTRA_ARGS="$@"
set --
elif [[ ${1} == postgres || ${1} == $(which postgres) ]]; then
EXTRA_ARGS="${@:2}"
set --
fi
if [[ -n ${PG_OLD_VERSION} ]]; then
echo "Migrating postgresql ${PG_OLD_VERSION} data..."
PG_OLD_CONFDIR="${PG_HOME}/${PG_OLD_VERSION}/main"
PG_OLD_BINDIR="/usr/lib/postgresql/${PG_OLD_VERSION}/bin"
PG_OLD_DATADIR="${PG_HOME}/${PG_OLD_VERSION}/main"
# default behaviour is to launch postgres
if [[ -z ${1} ]]; then
map_uidgid
locale_gen
# backup ${PG_OLD_DATADIR} to avoid data loss
PG_BKP_SUFFIX=$(date +%Y%m%d%H%M%S)
echo "Backing up ${PG_OLD_DATADIR} to ${PG_OLD_DATADIR}.${PG_BKP_SUFFIX}..."
cp -a ${PG_OLD_DATADIR} ${PG_OLD_DATADIR}.${PG_BKP_SUFFIX}
create_datadir
create_certdir
create_logdir
create_rundir
echo "Installing postgresql-${PG_OLD_VERSION}..."
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install postgresql-${PG_OLD_VERSION} postgresql-client-${PG_OLD_VERSION}
rm -rf /var/lib/apt/lists/*
initialize_database
configure_ssl
trust_localnet
# migrate ${PG_OLD_VERSION} data
echo "Migration in progress. This could take a while, please be patient..."
sudo -Hu ${PG_USER} ${PG_BINDIR}/pg_upgrade \
-b ${PG_OLD_BINDIR} -B ${PG_BINDIR} \
-d ${PG_OLD_DATADIR} -D ${PG_DATADIR} \
-o "-c config_file=${PG_OLD_CONFDIR}/postgresql.conf --hba_file=${PG_OLD_CONFDIR}/pg_hba.conf --ident_file=${PG_OLD_CONFDIR}/pg_ident.conf" \
-O "-c config_file=${PG_CONFDIR}/postgresql.conf --hba_file=${PG_CONFDIR}/pg_hba.conf --ident_file=${PG_CONFDIR}/pg_ident.conf" >/dev/null
fi
create_user
create_database
create_replication_user
configure_recovery
if [[ ${PSQL_SSLMODE} == disable ]]; then
sudo -Hu ${PG_USER} sed -i "s|^[#]*[ ]*ssl = .*|ssl = off|" ${PG_CONFDIR}/postgresql.conf
echo "Starting PostgreSQL ${PG_VERSION}..."
exec start-stop-daemon --start --chuid ${PG_USER}:${PG_USER} \
--exec ${PG_BINDIR}/postgres -- -D ${PG_DATADIR} ${EXTRA_ARGS}
else
sudo -Hu ${PG_USER} sed -i "s|^[#]*[ ]*ssl = .*|ssl = on|" ${PG_CONFDIR}/postgresql.conf
exec "$@"
fi
# Change DSM from `posix' to `sysv' if we are inside an lx-brand container
if [[ $(uname -v) == "BrandZ virtual linux" ]]; then
sed 's/\(dynamic_shared_memory_type = \)posix/\1sysv/' -i ${PG_CONFDIR}/postgresql.conf
fi
# listen on all interfaces
sudo -Hu ${PG_USER} sed -i "s|^[#]*[ ]*listen_addresses = .*|listen_addresses = '*'|" ${PG_CONFDIR}/postgresql.conf
if [[ ${PSQL_TRUST_LOCALNET} == true ]]; then
if ! grep -q "host \+all \+all \+samenet \+trust" ${PG_CONFDIR}/pg_hba.conf; then
echo "Enabling trust samenet in pg_hba.conf..."
echo "host all all samenet trust" >> ${PG_CONFDIR}/pg_hba.conf
fi
fi
# allow remote connections to postgresql database
if ! grep -q "host \+all \+all \+0.0.0.0/0 \+md5" ${PG_CONFDIR}/pg_hba.conf; then
echo "host all all 0.0.0.0/0 md5" >> ${PG_CONFDIR}/pg_hba.conf
fi
# allow replication connections to the database
if [[ -n ${REPLICATION_USER} ]]; then
if [[ ${PSQL_SSLMODE} == disable ]]; then
if ! grep -q "host \+replication \+$REPLICATION_USER \+0.0.0.0/0 \+md5" ${PG_CONFDIR}/pg_hba.conf; then
echo "host replication $REPLICATION_USER 0.0.0.0/0 md5" >> ${PG_CONFDIR}/pg_hba.conf
fi
else
if ! grep -q "hostssl \+replication \+$REPLICATION_USER \+0.0.0.0/0 \+md5" ${PG_CONFDIR}/pg_hba.conf; then
echo "hostssl replication $REPLICATION_USER 0.0.0.0/0 md5" >> ${PG_CONFDIR}/pg_hba.conf
fi
fi
fi
if [[ ${PSQL_MODE} == master ]]; then
if [[ -n ${REPLICATION_USER} ]]; then
echo "Supporting hot standby..."
sudo -Hu ${PG_USER} sed -i "s|^#wal_level = .*|wal_level = hot_standby|" ${PG_CONFDIR}/postgresql.conf
sudo -Hu ${PG_USER} sed -i "s|^#max_wal_senders = .*|max_wal_senders = 3|" ${PG_CONFDIR}/postgresql.conf
sudo -Hu ${PG_USER} sed -i "s|^#checkpoint_segments = .*|checkpoint_segments = 8|" ${PG_CONFDIR}/postgresql.conf
sudo -Hu ${PG_USER} sed -i "s|^#wal_keep_segments = .*|wal_keep_segments = 8|" ${PG_CONFDIR}/postgresql.conf
fi
fi
# Hot standby (slave and snapshot) servers can ignore the following code.
if [[ ${PSQL_MODE} == standalone || ${PSQL_MODE} == master ]]; then
if [[ -n ${REPLICATION_USER} ]]; then
if [[ -z ${REPLICATION_PASS} ]]; then
echo ""
echo "WARNING: "
echo " Please specify a password for replication user \"${REPLICATION_USER}\". Skipping user creation..."
echo ""
DB_USER=
else
echo "Creating user \"${REPLICATION_USER}\"..."
echo "CREATE ROLE \"${REPLICATION_USER}\" WITH REPLICATION LOGIN ENCRYPTED PASSWORD '${REPLICATION_PASS}';" |
sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single -D ${PG_DATADIR} \
-c config_file=${PG_CONFDIR}/postgresql.conf --hba_file=${PG_CONFDIR}/pg_hba.conf --ident_file=${PG_CONFDIR}/pg_ident.conf >/dev/null
fi
fi
if [[ -n ${DB_USER} ]]; then
if [[ -z ${DB_PASS} ]]; then
echo ""
echo "WARNING: "
echo " Please specify a password for \"${DB_USER}\". Skipping user creation..."
echo ""
DB_USER=
else
echo "Creating user \"${DB_USER}\"..."
echo "CREATE ROLE \"${DB_USER}\" with LOGIN CREATEDB PASSWORD '${DB_PASS}';" |
sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single -D ${PG_DATADIR} \
-c config_file=${PG_CONFDIR}/postgresql.conf --hba_file=${PG_CONFDIR}/pg_hba.conf --ident_file=${PG_CONFDIR}/pg_ident.conf >/dev/null
fi
fi
if [[ -n ${DB_NAME} ]]; then
for db in $(awk -F',' '{for (i = 1 ; i <= NF ; i++) print $i}' <<< "${DB_NAME}"); do
echo "Creating database \"${db}\"..."
echo "CREATE DATABASE \"${db}\";" | \
sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single -D ${PG_DATADIR} \
-c config_file=${PG_CONFDIR}/postgresql.conf --hba_file=${PG_CONFDIR}/pg_hba.conf --ident_file=${PG_CONFDIR}/pg_ident.conf >/dev/null
if [[ ${DB_UNACCENT} == true ]]; then
echo "Installing unaccent extension..."
echo "CREATE EXTENSION IF NOT EXISTS unaccent;" | \
sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single ${db} -D ${PG_DATADIR} \
-c config_file=${PG_CONFDIR}/postgresql.conf --hba_file=${PG_CONFDIR}/pg_hba.conf --ident_file=${PG_CONFDIR}/pg_ident.conf >/dev/null
fi
if [[ -n ${DB_USER} ]]; then
echo "Granting access to database \"${db}\" for user \"${DB_USER}\"..."
echo "GRANT ALL PRIVILEGES ON DATABASE \"${db}\" to \"${DB_USER}\";" |
sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single -D ${PG_DATADIR} \
-c config_file=${PG_CONFDIR}/postgresql.conf --hba_file=${PG_CONFDIR}/pg_hba.conf --ident_file=${PG_CONFDIR}/pg_ident.conf >/dev/null
fi
done
fi
fi
echo "Starting PostgreSQL server..."
exec start-stop-daemon --start --chuid ${PG_USER}:${PG_USER} --exec ${PG_BINDIR}/postgres -- -D ${PG_DATADIR} \
-c config_file=${PG_CONFDIR}/postgresql.conf --hba_file=${PG_CONFDIR}/pg_hba.conf --ident_file=${PG_CONFDIR}/pg_ident.conf
runtime/env-defaults
+23
View File
@@ -0,0 +1,23 @@
#!/bin/bash
PG_SSL=${PG_SSL:-}
PG_LOCALE=${PG_LOCALE:-$DB_LOCALE} # backward compatibility
PG_LOCALE=${PG_LOCALE:-C}
PG_TRUST_LOCALNET=${PG_TRUST_LOCALNET:-$PSQL_TRUST_LOCALNET} # backward compatibility
PG_TRUST_LOCALNET=${PG_TRUST_LOCALNET:-false}
REPLICATION_MODE=${REPLICATION_MODE:-$PSQL_MODE} # backward compatibility
REPLICATION_MODE=${REPLICATION_MODE:-}
REPLICATION_USER=${REPLICATION_USER:-}
REPLICATION_PASS=${REPLICATION_PASS:-}
REPLICATION_HOST=${REPLICATION_HOST:-}
REPLICATION_PORT=${REPLICATION_PORT:-}
REPLICATION_SSLMODE=${REPLICATION_SSLMODE:-}
DB_NAME=${DB_NAME:-}
DB_USER=${DB_USER:-}
DB_PASS=${DB_PASS:-}
DB_UNACCENT=${DB_UNACCENT:-false}
runtime/functions
Executable
+362
View File
@@ -0,0 +1,362 @@
#!/bin/bash
set -e
source ${PG_APP_HOME}/env-defaults
PG_CONF=${PG_DATADIR}/postgresql.conf
PG_HBA_CONF=${PG_DATADIR}/pg_hba.conf
PG_IDENT_CONF=${PG_DATADIR}/pg_ident.conf
PG_RECOVERY_CONF=${PG_DATADIR}/recovery.conf
## Execute command as PG_USER
exec_as_postgres() {
sudo -HEu ${PG_USER} "$@"
}
map_uidgid() {
USERMAP_ORIG_UID=$(id -u ${PG_USER})
USERMAP_ORIG_GID=$(id -g ${PG_USER})
USERMAP_GID=${USERMAP_GID:-${USERMAP_UID:-$USERMAP_ORIG_GID}}
USERMAP_UID=${USERMAP_UID:-$USERMAP_ORIG_UID}
if [[ ${USERMAP_UID} != ${USERMAP_ORIG_UID} ]] || [[ ${USERMAP_GID} != ${USERMAP_ORIG_GID} ]]; then
echo "Adapting uid and gid for ${PG_USER}:${PG_USER} to $USERMAP_UID:$USERMAP_GID"
groupmod -g ${USERMAP_GID} ${PG_USER}
sed -i -e "s|:${USERMAP_ORIG_UID}:${USERMAP_GID}:|:${USERMAP_UID}:${USERMAP_GID}:|" /etc/passwd
fi
}
locale_gen() {
if [[ $PG_LOCALE != C ]]; then
echo "Generating locale \"${PG_LOCALE}\"..."
locale-gen ${PG_LOCALE} >/dev/null
fi
}
create_datadir() {
echo "Initializing datadir..."
mkdir -p ${PG_HOME}
if [[ -d ${PG_DATADIR} ]]; then
find ${PG_DATADIR} -type f -exec chmod 0600 {} \;
find ${PG_DATADIR} -type d -exec chmod 0700 {} \;
fi
chown -R ${PG_USER}:${PG_USER} ${PG_HOME}
}
create_certdir() {
echo "Initializing certdir..."
mkdir -p ${PG_CERTDIR}
[[ -f ${PG_CERTDIR}/server.crt ]] && chmod 0644 ${PG_CERTDIR}/server.crt
[[ -f ${PG_CERTDIR}/server.key ]] && chmod 0640 ${PG_CERTDIR}/server.key
chmod 0755 ${PG_CERTDIR}
chown -R root:${PG_USER} ${PG_CERTDIR}
}
create_logdir() {
echo "Initializing logdir..."
mkdir -p ${PG_LOGDIR}
chmod -R 1775 ${PG_LOGDIR}
chown -R root:${PG_USER} ${PG_LOGDIR}
}
create_rundir() {
echo "Initializing rundir..."
mkdir -p ${PG_RUNDIR} ${PG_RUNDIR}/${PG_VERSION}-main.pg_stat_tmp
chmod -R 0755 ${PG_RUNDIR}
chmod g+s ${PG_RUNDIR}
chown -R ${PG_USER}:${PG_USER} ${PG_RUNDIR}
}
set_postgresql_param() {
local key=${1}
local value=${2}
if [[ -n ${value} ]]; then
local current=$(exec_as_postgres sed -n -e "s/^\("${key}" = '\)\([^ ']*\)\(.*\)$/\2/p" ${PG_CONF})
if [[ "${current}" != "${value}" ]]; then
echo "‣ Setting postgresql.conf parameter: ${key} = '${value}'"
exec_as_postgres sed -i "s|^[#]*[ ]*"${key}" = .*|"${key}" = '"${value}"'|" ${PG_CONF}
fi
fi
}
set_recovery_param() {
local key=${1}
local value=${2}
if [[ -n ${value} ]]; then
local current=$(exec_as_postgres sed -n -e "s/^\(.*\)\("${key}"=\)\([^ ']*\)\(.*\)$/\3/p" ${PG_RECOVERY_CONF})
if [[ "${current}" != "${value}" ]]; then
echo "Updating primary_conninfo ${key}..."
exec_as_postgres sed -i "s|"${key}"=[^ ']*|"${key}"="${value}"|" ${PG_RECOVERY_CONF}
fi
fi
}
set_hba_param() {
local value=${1}
if ! grep -q "$(sed "s| | \\\+|g" <<< ${value})" ${PG_HBA_CONF}; then
echo "${value}" >> ${PG_HBA_CONF}
fi
}
configure_ssl() {
## NOT SURE IF THIS IS A GOOD ALTERNATIVE TO ENABLE SSL SUPPORT BY DEFAULT ##
## BECAUSE USERS WHO PULL A PREBUILT IMAGE WILL HAVE THE SAME CERTIFICATES ##
# if [[ ! -f ${PG_CERTDIR}/server.crt && ! -f ${PG_CERTDIR}/server.key ]]; then
# if [[ -f /etc/ssl/certs/ssl-cert-snakeoil.pem && -f /etc/ssl/private/ssl-cert-snakeoil.key ]]; then
# ln -sf /etc/ssl/certs/ssl-cert-snakeoil.pem ${PG_CERTDIR}/server.crt
# ln -sf /etc/ssl/private/ssl-cert-snakeoil.key ${PG_CERTDIR}/server.key
# fi
# fi
if [[ -f ${PG_CERTDIR}/server.crt && -f ${PG_CERTDIR}/server.key ]]; then
PG_SSL=${PG_SSL:-on}
set_postgresql_param "ssl_cert_file" "${PG_CERTDIR}/server.crt"
set_postgresql_param "ssl_key_file" "${PG_CERTDIR}/server.key"
fi
PG_SSL=${PG_SSL:-off}
set_postgresql_param "ssl" "${PG_SSL}"
}
configure_hot_standby() {
case ${REPLICATION_MODE} in
slave|snapshot) ;;
*)
echo "Configuring hot standby..."
set_postgresql_param "wal_level" "hot_standby"
set_postgresql_param "max_wal_senders" "16"
set_postgresql_param "checkpoint_segments" "8"
set_postgresql_param "wal_keep_segments" "32"
set_postgresql_param "hot_standby" "on"
;;
esac
}
initialize_database() {
if [[ ! -f ${PG_DATADIR}/PG_VERSION ]]; then
case ${REPLICATION_MODE} in
slave|snapshot)
# default params
REPLICATION_PORT=${REPLICATION_PORT:-5432}
REPLICATION_SSLMODE=${REPLICATION_SSLMODE:-prefer}
if [[ -z $REPLICATION_HOST ]]; then
echo "ERROR! Cannot continue without the REPLICATION_HOST. Exiting..."
exit 1
fi
if [[ -z $REPLICATION_USER ]]; then
echo "ERROR! Cannot continue without the REPLICATION_USER. Exiting..."
exit 1
fi
if [[ -z $REPLICATION_PASS ]]; then
echo "ERROR! Cannot continue without the REPLICATION_PASS. Exiting..."
exit 1
fi
echo -n "Waiting for $REPLICATION_HOST to accept connections (60s timeout)"
timeout=60
while ! ${PG_BINDIR}/pg_isready -h $REPLICATION_HOST -p $REPLICATION_PORT -t 1 >/dev/null 2>&1
do
timeout=$(expr $timeout - 1)
if [[ $timeout -eq 0 ]]; then
echo "Timeout! Exiting..."
exit 1
fi
echo -n "."
sleep 1
done
echo
case ${REPLICATION_MODE} in
slave)
echo "Replicating initial data from $REPLICATION_HOST..."
exec_as_postgres PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
-h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -X stream -w >/dev/null
;;
snapshot)
echo "Generating a snapshot data on $REPLICATION_HOST..."
exec_as_postgres PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
-h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -X fetch -w >/dev/null
esac
;;
*)
echo "Initializing database..."
PG_OLD_VERSION=$(find ${PG_HOME}/[0-9].[0-9]/main -maxdepth 1 -name PG_VERSION 2>/dev/null | grep -v $PG_VERSION | sort -r | head -n1 | cut -d'/' -f5)
if [[ -n ${PG_OLD_VERSION} ]]; then
echo "‣ Migrating PostgreSQL ${PG_OLD_VERSION} data to ${PG_VERSION}..."
# protect the existing data from being altered by apt-get
mv ${PG_HOME}/${PG_OLD_VERSION} ${PG_HOME}/${PG_OLD_VERSION}.migrating
echo "‣ Installing PostgreSQL ${PG_OLD_VERSION}..."
if ! ( apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y postgresql-${PG_OLD_VERSION} postgresql-client-${PG_OLD_VERSION} ) >/dev/null; then
echo "ERROR! Failed to install PostgreSQL ${PG_OLD_VERSION}. Exiting..."
# first move the old data back
rm -rf ${PG_HOME}/${PG_OLD_VERSION}
mv ${PG_HOME}/${PG_OLD_VERSION}.migrating ${PG_HOME}/${PG_OLD_VERSION}
exit 1
fi
rm -rf /var/lib/apt/lists/*
# we're ready to migrate, move back the old data and remove the trap
rm -rf ${PG_HOME}/${PG_OLD_VERSION}
mv ${PG_HOME}/${PG_OLD_VERSION}.migrating ${PG_HOME}/${PG_OLD_VERSION}
fi
exec_as_postgres ${PG_BINDIR}/initdb --pgdata=${PG_DATADIR} \
--username=${PG_USER} --encoding=unicode --locale=${PG_LOCALE} --auth=trust >/dev/null
if [[ -n ${PG_OLD_VERSION} ]]; then
PG_OLD_BINDIR=/usr/lib/postgresql/${PG_OLD_VERSION}/bin
PG_OLD_DATADIR=${PG_HOME}/${PG_OLD_VERSION}/main
PG_OLD_CONF=${PG_OLD_DATADIR}/postgresql.conf
PG_OLD_HBA_CONF=${PG_OLD_DATADIR}/pg_hba.conf
PG_OLD_IDENT_CONF=${PG_OLD_DATADIR}/pg_ident.conf
echo -n "‣ Migration in progress. Please be patient..."
exec_as_postgres ${PG_BINDIR}/pg_upgrade \
-b ${PG_OLD_BINDIR} -B ${PG_BINDIR} \
-d ${PG_OLD_DATADIR} -D ${PG_DATADIR} \
-o "-c config_file=${PG_OLD_CONF} --hba_file=${PG_OLD_HBA_CONF} --ident_file=${PG_OLD_IDENT_CONF}" \
-O "-c config_file=${PG_CONF} --hba_file=${PG_HBA_CONF} --ident_file=${PG_IDENT_CONF}" >/dev/null
echo
fi
;;
esac
# configure path to data_directory
set_postgresql_param "data_directory" "${PG_DATADIR}"
# configure logging
set_postgresql_param "log_directory" "${PG_LOGDIR}"
set_postgresql_param "log_filename" "postgresql-${PG_VERSION}-main.log"
# listen on all interfaces
set_postgresql_param "listen_addresses" "*"
# allow remote connections to postgresql database
set_hba_param "host all all 0.0.0.0/0 md5"
configure_hot_standby
# Change DSM from `posix' to `sysv' if we are inside an lx-brand container
if [[ $(uname -v) == "BrandZ virtual linux" ]]; then
set_postgresql_param "dynamic_shared_memory_type" "sysv"
fi
fi
}
trust_localnet() {
if [[ ${PG_TRUST_LOCALNET} == true ]]; then
echo "Trusting connections from the local network..."
set_hba_param "host all all samenet trust"
fi
}
create_user() {
if [[ -n ${DB_USER} ]]; then
if [[ -z ${DB_PASS} ]]; then
echo "ERROR! Please specify a password for DB_USER in DB_PASS. Exiting..."
exit 1
fi
echo "Creating database user: ${DB_USER}"
echo "CREATE ROLE \"${DB_USER}\" with LOGIN CREATEDB PASSWORD '${DB_PASS}';" | \
exec_as_postgres ${PG_BINDIR}/postgres --single -D ${PG_DATADIR} >/dev/null 2>&1
fi
}
create_database() {
if [[ -n ${DB_NAME} ]]; then
echo -n "Creating database(s): "
for database in $(awk -F',' '{for (i = 1 ; i <= NF ; i++) print $i}' <<< "${DB_NAME}"); do
echo -n "${database} "
echo "CREATE DATABASE \"${database}\";" | \
exec_as_postgres ${PG_BINDIR}/postgres --single -D ${PG_DATADIR} >/dev/null 2>&1
if [[ ${DB_UNACCENT} == true ]]; then
echo "CREATE EXTENSION IF NOT EXISTS unaccent;" | \
exec_as_postgres ${PG_BINDIR}/postgres --single ${database} -D ${PG_DATADIR} >/dev/null 2>&1
fi
if [[ -n ${DB_USER} ]]; then
echo "GRANT ALL PRIVILEGES ON DATABASE \"${database}\" to \"${DB_USER}\";" | \
exec_as_postgres ${PG_BINDIR}/postgres --single -D ${PG_DATADIR} >/dev/null 2>&1
fi
done
echo
fi
}
create_replication_user() {
case $REPLICATION_MODE in
slave|snapshot) ;; # replication user can only be created on the master
*)
if [[ -n ${REPLICATION_USER} ]]; then
if [[ -z ${REPLICATION_PASS} ]]; then
echo "ERROR! Please specify a password for REPLICATION_USER in REPLICATION_PASS. Exiting..."
exit 1
fi
echo "Creating replication user: ${REPLICATION_USER}"
echo "CREATE ROLE \"${REPLICATION_USER}\" WITH REPLICATION LOGIN ENCRYPTED PASSWORD '${REPLICATION_PASS}';" | \
exec_as_postgres ${PG_BINDIR}/postgres --single -D ${PG_DATADIR} >/dev/null 2>&1
set_hba_param "host replication ${REPLICATION_USER} 0.0.0.0/0 md5"
fi
;;
esac
}
configure_recovery() {
if [[ ! -f ${PG_RECOVERY_CONF} ]]; then
if [[ ${REPLICATION_MODE} == slave ]]; then
# initialize recovery.conf on the firstrun (slave only)
echo "Configuring recovery..."
exec_as_postgres touch ${PG_RECOVERY_CONF}
( echo "standby_mode = 'on'";
echo "primary_conninfo = 'host=${REPLICATION_HOST} port=${REPLICATION_PORT} user=${REPLICATION_USER} password=${REPLICATION_PASS} sslmode=${REPLICATION_SSLMODE}'";
echo "trigger_file = '/tmp/postgresql.trigger'" ) > ${PG_RECOVERY_CONF}
fi
else
set_recovery_param "host" "${REPLICATION_HOST}"
set_recovery_param "port" "${REPLICATION_PORT}"
set_recovery_param "user" "${REPLICATION_USER}"
set_recovery_param "password" "${REPLICATION_PASS}"
set_recovery_param "sslmode" "${REPLICATION_SSLMODE}"
fi
}
# allow arguments to be passed to postgers
if [[ ${1:0:1} = '-' ]]; then
EXTRA_ARGS="$@"
set --
elif [[ ${1} == mongod || ${1} == $(which mongod) ]]; then
EXTRA_ARGS="${@:2}"
set --
fi
# default behaviour is to launch postgres
if [[ -z ${1} ]]; then
map_uidgid
locale_gen
create_datadir
create_certdir
create_logdir
create_rundir
initialize_database
configure_ssl
trust_localnet
create_user
create_database
create_replication_user
configure_recovery
echo "Starting PostgreSQL ${PG_VERSION}..."
exec start-stop-daemon --start --chuid ${PG_USER}:${PG_USER} \
--exec ${PG_BINDIR}/postgres -- -D ${PG_DATADIR} ${EXTRA_ARGS}
else
exec "$@"
fi