release 9.4-2

fix a few typos

.dockerignore

@@ -1,4 +1,7 @@
 .git
+circle.yml
+LICENSE
 VERSION
 README.md
 Changelog.md
+Makefile

Changelog.md

@@ -1,5 +1,20 @@
 # Changelog
 
+**9.4-2**
+- added replication options
+
+**9.4-1**
+- start: removed `pwfile` logic
+- init: added `USERMAP_*` configuration options
+- base image update to fix SSL vulnerability
+
+**9.4**
+- postgresql: upgrade to 9.4
+
+**9.1-2**
+- use the official postgresql apt repo
+- feature: automatic data migration on upgrade
+
 **9.1-1**
 - upgrade to sameersbn/ubuntu:20141001, fixes shellshock
 - support creation of users and databases at launch (`docker run`)

Dockerfile

@@ -1,17 +1,24 @@
-FROM sameersbn/ubuntu:12.04.20141001
+FROM sameersbn/ubuntu:14.04.20150712
 MAINTAINER sameer@damagehead.com
 
-RUN apt-get update \
- && apt-get install -y postgresql postgresql-client pwgen \
- && rm -rf /var/lib/postgresql \
- && rm -rf /var/lib/apt/lists/* # 20141001
+ENV PG_VERSION=9.4 \
+    PG_USER=postgres \
+    PG_HOME="/var/lib/postgresql"
 
-ADD start /start
+ENV PG_CONFDIR="/etc/postgresql/${PG_VERSION}/main" \
+    PG_BINDIR="/usr/lib/postgresql/${PG_VERSION}/bin" \
+    PG_DATADIR="${PG_HOME}/${PG_VERSION}/main"
+
+RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
+ && echo 'deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main' > /etc/apt/sources.list.d/pgdg.list \
+ && apt-get update \
+ && apt-get install -y postgresql-${PG_VERSION} postgresql-client-${PG_VERSION} postgresql-contrib-${PG_VERSION} \
+ && rm -rf ${PG_HOME} \
+ && rm -rf /var/lib/apt/lists/*
+
+COPY start /start
 RUN chmod 755 /start
 
-EXPOSE 5432
-
-VOLUME ["/var/lib/postgresql"]
-VOLUME ["/run/postgresql"]
-
+EXPOSE 5432/tcp
+VOLUME ["${PG_HOME}", "/run/postgresql"]
 CMD ["/start"]

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Sameer Naik
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -2,3 +2,6 @@ all: build
 
 build:
 	@docker build --tag=${USER}/postgresql .
+
+release: build
+	@docker build --tag=${USER}/postgresql:$(shell cat VERSION) .

README.md

@@ -1,24 +1,35 @@
+[![Circle CI](https://circleci.com/gh/sameersbn/docker-postgresql.svg?style=svg)](https://circleci.com/gh/sameersbn/docker-postgresql)
+
 # Table of Contents
 
 - [Introduction](#introduction)
 - [Changelog](Changelog.md)
+- [Contributing](#contributing)
 - [Reporting Issues](#reporting-issues)
 - [Installation](#installation)
 - [Quick Start](#quick-start)
-- [Creating User and Database at Launch](creating-user-and-database-at-launch)
-- [Configuration](#configuration)
-    - [Data Store](#data-store)
-    - [Securing the server](#securing-the-server)
-- [Shell Access](#shell-access)
+- [Persistence](#persistence)
+- [Creating User and Database at Launch](#creating-user-and-database-at-launch)
+- [Creating a Snapshot or Slave Database](#creating-a-snapshot-or-slave-database)
+- [Host UID / GID Mapping](#host-uid--gid-mapping)
 - [Upgrading](#upgrading)
+- [Shell Access](#shell-access)
 
 # Introduction
 
 Dockerfile to build a PostgreSQL container image which can be linked to other containers.
 
+# Contributing
+
+If you find this image useful here's how you can help:
+
+- Send a Pull Request with your awesome new features and bug fixes
+- Help new users with [Issues](https://github.com/sameersbn/docker-postgresql/issues) they may encounter
+- Support the development of this image with a [donation](http://www.damagehead.com/donate/)
+
 # Reporting Issues
 
-Docker is a relatively new project and is active being developed and tested by a thriving community of developers and testers and every release of docker features many enhancements and bugfixes.
+Docker is a relatively new project and is being actively developed and tested by a thriving community of developers and testers and every release of Docker features many enhancements and bugfixes.
 
 Given the nature of the development and release cycle it is very important that you have the latest version of docker installed because any issue that you encounter might have already been fixed with a newer docker release.
 
@@ -39,7 +50,7 @@ If using the latest docker version and/or disabling selinux does not fix the iss
 
 In your issue report please make sure you provide the following information:
 
-- The host ditribution and release version.
+- The host distribution and release version.
 - Output of the `docker version` command
 - Output of the `docker info` command
 - The `docker run` command you used to run the image (mask out the sensitive bits).
@@ -49,7 +60,7 @@ In your issue report please make sure you provide the following information:
 Pull the latest version of the image from the docker index. This is the recommended method of installation as it is easier to update image in the future. These builds are performed by the **Docker Trusted Build** service.
 
 ```bash
-docker pull sameersbn/postgresql:latest
+docker pull sameersbn/postgresql:9.4-2
 ```
 
 Alternately you can build the image yourself.
@@ -65,78 +76,16 @@ docker build -t="$USER/postgresql" .
 Run the postgresql image
 
 ```bash
-docker run --name postgresql -d sameersbn/postgresql:latest
+docker run --name postgresql -d sameersbn/postgresql:9.4-2
 ```
 
-The simplest way to login to the postgresql container as the administrative `postgres` user is to use the `--volumes-from` docker option to connect to the postgresql server over the unix socket.
+The simplest way to login to the postgresql container as the administrative `postgres` user is to use the `docker exec` command to attach a new process to the running container and connect to the postgresql server over the unix socket.
 
 ```bash
-docker run -it --rm --volumes-from=postgresql \
-  sameersbn/postgresql sudo -u postgres -H psql
+docker exec -it postgresql sudo -u postgres psql
 ```
 
-Alternately you can fetch the password set for the `postgres` user from the container logs.
-
-```bash
-docker logs postgresql
-```
-
-In the output you will notice the following lines with the password:
-
-```bash
-|------------------------------------------------------------------|
-| PostgreSQL User: postgres, Password: xxxxxxxxxxxxxx              |
-|                                                                  |
-| To remove the PostgreSQL login credentials from the logs, please |
-| make a note of password and then delete the file pwfile          |
-| from the data store.                                             |
-|------------------------------------------------------------------|
-```
-
-To test if the postgresql server is working properly, try connecting to the server.
-
-```bash
-psql -U postgres -h $(docker inspect --format {{.NetworkSettings.IPAddress}} postgresql)
-```
-
-# Creating User and Database at Launch
-
-The image allows you to create a user and database at launch time.
-
-To create a new user you should specify the `DB_USER` and `DB_PASS` variables. The following command will create a new user *dbuser* with the password *dbpass*.
-
-```bash
-docker run --name postgresql -d \
-  -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' \
-  sameersbn/postgresql:latest
-```
-
-**NOTE**
-- If the password is not specified the user will not be created
-- If the user user already exists no changes will be made
-
-Similarly, you can also create a new database by specifying the database name in the `DB_NAME` variable.
-
-```bash
-docker run --name postgresql -d \
-  -e 'DB_NAME=dbname' sameersbn/postgresql:latest
-```
-
-If the `DB_USER` and `DB_PASS` variables are also specified while creating the database, then the user is granted access to the database.
-
-For example,
-
-```bash
-docker run --name postgresql -d \
-  -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' -e 'DB_NAME=dbname' \
-  sameersbn/postgresql:latest
-```
-
-, will create a user *dbuser* with the password *dbpass*. It will also create a database named *dbname* and the *dbuser* user will have full access to the *dbname* database.
-
-# Configuration
-
-## Data Store
+# Persistence
 
 For data persistence a volume should be mounted at `/var/lib/postgresql`.
 
@@ -151,50 +100,121 @@ The updated run command looks like this.
 
 ```bash
 docker run --name postgresql -d \
-  -v /opt/postgresql/data:/var/lib/postgresql sameersbn/postgresql:latest
+  -v /opt/postgresql/data:/var/lib/postgresql sameersbn/postgresql:9.4-2
 ```
 
 This will make sure that the data stored in the database is not lost when the image is stopped and started again.
 
-## Securing the server
+# Creating User and Database at Launch
 
-By default a randomly generated password is assigned for the postgres user. The password is stored in a file named `pwpass` in the data store and is printed in the logs.
+The image allows you to create a user and database at launch time.
 
-If you dont want this password to be displayed in the logs, then please note down the password listed in `/opt/postgresql/data/pwpass` and then delete the file.
+To create a new user you should specify the `DB_USER` and `DB_PASS` variables. The following command will create a new user *dbuser* with the password *dbpass*.
 
 ```bash
-cat /opt/postgresql/data/pwfile
-rm /opt/postgresql/data/pwfile
+docker run --name postgresql -d \
+  -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' \
+  sameersbn/postgresql:9.4-2
 ```
 
-Alternately, you can change the password of the postgres user
+**NOTE**
+- If the password is not specified the user will not be created
+- If the user user already exists no changes will be made
+
+Similarly, you can also create a new database by specifying the database name in the `DB_NAME` variable.
 
 ```bash
-psql -U postgres -h $(docker inspect --format {{.NetworkSettings.IPAddress}} postgresql)
-\password postgres
+docker run --name postgresql -d \
+  -e 'DB_NAME=dbname' sameersbn/postgresql:9.4-2
 ```
 
-# Shell Access
-
-For debugging and maintenance purposes you may want access the container shell. Since the container does not allow interactive login over the SSH protocol, you can use the [nsenter](http://man7.org/linux/man-pages/man1/nsenter.1.html) linux tool (part of the util-linux package) to access the container shell.
-
-Some linux distros (e.g. ubuntu) use older versions of the util-linux which do not include the `nsenter` tool. To get around this @jpetazzo has created a nice docker image that allows you to install the `nsenter` utility and a helper script named `docker-enter` on these distros.
-
-To install the nsenter tool on your host execute the following command.
+You may also specify a comma separated list of database names in the `DB_NAME` variable. The following command creates two new databases named *dbname1* and *dbname2* (p.s. this feature is only available in releases greater than 9.1-1).
 
 ```bash
-docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter
+docker run --name postgresql -d \
+  -e 'DB_NAME=dbname1,dbname2' \
+  sameersbn/postgresql:9.4-2
 ```
 
-Now you can access the container shell using the command
+If the `DB_USER` and `DB_PASS` variables are also specified while creating the database, then the user is granted access to the database(s).
+
+For example,
 
 ```bash
-sudo docker-enter postgresql
+docker run --name postgresql -d \
+  -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' -e 'DB_NAME=dbname' \
+  sameersbn/postgresql:9.4-2
 ```
 
-For more information refer https://github.com/jpetazzo/nsenter
+will create a user *dbuser* with the password *dbpass*. It will also create a database named *dbname* and the *dbuser* user will have full access to the *dbname* database.
+
+The `PSQL_TRUST_LOCALNET` environment variable can be used to configure postgres to trust connections on the same network.  This is handy for other containers to connect without authentication. To enable this behavior, set `PSQL_TRUST_LOCALNET` to `true`.
+
+For example,
+
+```bash
+docker run --name postgresql -d \
+  -e 'PSQL_TRUST_LOCALNET=true' \
+  sameersbn/postgresql:9.4-2
+```
+
+This has the effect of adding the following to the `pg_hba.conf` file:
+
+```
+host    all             all             samenet                 trust
+```
+
+# Creating a Snapshot or Slave Database
+
+You may use the `PSQL_MODE` variable along with `REPLICATION_HOST`, `REPLICATION_PORT`, `REPLICATION_USER` and `REPLICATION_PASS` to create a snapshot of an existing database and enable stream replication.
+
+Your master database must support replication or super-user access for the credentials you specify. The `PSQL_MODE` variable should be set to `master`, for replication on your master node and `slave` or `snapshot` respectively for streaming replication or a point-in-time snapshot of a running instance.
+
+Create a master instance
+
+```bash
+docker run --name='psql-master' -it --rm \
+  -e 'PSQL_MODE=master' -e 'PSQL_TRUST_LOCALNET=true' \
+  -e 'REPLICATION_USER=replicator' -e 'REPLICATION_PASS=replicatorpass' \
+  -e 'DB_NAME=dbname' -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' \
+  sameersbn/postgresql:9.4-2
+```
+
+Create a streaming replication instance
+
+```bash
+docker run --name='psql-slave' -it --rm  \
+  --link psql-master:psql-master  \
+  -e 'PSQL_MODE=slave' -e 'PSQL_TRUST_LOCALNET=true' \
+  -e 'REPLICATION_HOST=psql-master' -e 'REPLICATION_PORT=5432' \
+  -e 'REPLICATION_USER=replicator' -e 'REPLICATION_PASS=replicatorpass' \
+  sameersbn/postgresql:9.4-2
+```
+
+# Enable Unaccent (Search plain text with accent)
+
+Unaccent is a text search dictionary that removes accents (diacritic signs) from lexemes. It's a filtering dictionary, which means its output is always passed to the next dictionary (if any), unlike the normal behavior of dictionaries. This allows accent-insensitive processing for full text search.
+
+By default unaccent is configure to `false`
+
+```bash
+docker run --name postgresql -d \
+  -e 'DB_UNACCENT=true' \
+  sameersbn/postgresql:9.4-2
+```
+
+# Host UID / GID Mapping
+
+Per default the container is configured to run postgres as user and group `postgres` with some unknown `uid` and `gid`. The host possibly uses these ids for different purposes leading to unfavorable effects. From the host it appears as if the mounted data volumes are owned by the host's user/group `[whatever id postgres has in the image]`.
+
+Also the container processes seem to be executed as the host's user/group `[whatever id postgres has in the image]`. The container can be configured to map the `uid` and `gid` of `postgres` to different ids on host by passing the environment variables `USERMAP_UID` and `USERMAP_GID`. The following command maps the ids to user and group `postgres` on the host.
+
+```bash
+docker run --name=postgresql -it --rm [options] \
+  --env="USERMAP_UID=$(id -u postgres)" --env="USERMAP_GID=$(id -g postgres)" \
+  sameersbn/postgresql:9.4-2
+```
 
-Another tool named `nsinit` can also be used for the same purpose. Please refer https://jpetazzo.github.io/2014/03/23/lxc-attach-nsinit-nsenter-docker-0-9/ for more information.
 
 # Upgrading
 
@@ -209,11 +229,37 @@ docker stop postgresql
 - **Step 2**: Update the docker image.
 
 ```bash
-docker pull sameersbn/postgresql:latest
+docker pull sameersbn/postgresql:9.4-2
 ```
 
 - **Step 3**: Start the image
 
 ```bash
-docker run --name postgresql -d [OPTIONS] sameersbn/postgresql:latest
+docker run --name postgresql -d [OPTIONS] sameersbn/postgresql:9.4-2
 ```
+
+# Shell Access
+
+For debugging and maintenance purposes you may want access the containers shell. If you are using docker version `1.3.0` or higher you can access a running containers shell using `docker exec` command.
+
+```bash
+docker exec -it postgresql bash
+```
+
+If you are using an older version of docker, you can use the [nsenter](http://man7.org/linux/man-pages/man1/nsenter.1.html) linux tool (part of the util-linux package) to access the container shell.
+
+Some linux distros (e.g. ubuntu) use older versions of the util-linux which do not include the `nsenter` tool. To get around this @jpetazzo has created a nice docker image that allows you to install the `nsenter` utility and a helper script named `docker-enter` on these distros.
+
+To install `nsenter` execute the following command on your host,
+
+```bash
+docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter
+```
+
+Now you can access the container shell using the command
+
+```bash
+sudo docker-enter postgresql
+```
+
+For more information refer https://github.com/jpetazzo/nsenter

VERSION

@@ -1 +1 @@
-9.1
+9.4-2

circle.yml

@@ -0,0 +1,15 @@
+machine:
+  services:
+    - docker
+dependencies:
+  cache_directories:
+    - "~/docker-postgresql"
+  override:
+    - docker info
+    - if [[ -e ~/docker-postgresql/image.tar ]]; then docker load --input ~/docker-postgresql/image.tar; fi
+    - docker build -t sameersbn/postgresql .
+    - mkdir -p ~/docker-postgresql; docker save --output ~/docker-postgresql/image.tar sameersbn/postgresql
+test:
+  override:
+    - docker run -d --name=postgresql sameersbn/postgresql; sleep 10
+    - docker run -it --volumes-from=postgresql sameersbn/postgresql sudo -u postgres -H psql -c "\conninfo"

start

@@ -1,87 +1,216 @@
 #!/bin/bash
 set -e
 
-PG_VERSION="9.1"
-PG_CONFDIR="/etc/postgresql/${PG_VERSION}/main"
-PG_BINDIR="/usr/lib/postgresql/${PG_VERSION}/bin"
-PG_DATADIR="/var/lib/postgresql/${PG_VERSION}/main"
+# set this env variable to true to enable a line in the
+# pg_hba.conf file to trust samenet.  this can be used to connect
+# from other containers on the same host without authentication
+PSQL_TRUST_LOCALNET=${PSQL_TRUST_LOCALNET:-false}
 
 DB_NAME=${DB_NAME:-}
 DB_USER=${DB_USER:-}
 DB_PASS=${DB_PASS:-}
+DB_UNACCENT=${DB_UNACCENT:false}
 
-# fix permissions and ownership of /var/lib/postgresql
-mkdir -p -m 0700 /var/lib/postgresql
-chown -R postgres:postgres /var/lib/postgresql
+# by default postgresql will start up as a standalone instance.
+# set this environment variable to master, slave or snapshot to use replication features.
+# "snapshot" will create a point in time backup of a master instance.
+PSQL_MODE=${PSQL_MODE:-standalone}
+
+REPLICATION_USER=${REPLICATION_USER:-}
+REPLICATION_PASS=${REPLICATION_PASS:-}
+REPLICATION_HOST=${REPLICATION_HOST:-}
+REPLICATION_PORT=${REPLICATION_PORT:-5432}
+
+# set this env variable to "require" to enable encryption and "verify-full" for verification.
+PSQL_SSLMODE=${PSQL_SSLMODE:-disable}
+
+## Adapt uid and gid for ${PG_USER}:${PG_USER}
+USERMAP_ORIG_UID=$(id -u ${PG_USER})
+USERMAP_ORIG_GID=$(id -g ${PG_USER})
+USERMAP_GID=${USERMAP_GID:-${USERMAP_UID:-$USERMAP_ORIG_GID}}
+USERMAP_UID=${USERMAP_UID:-$USERMAP_ORIG_UID}
+if [[ ${USERMAP_UID} != ${USERMAP_ORIG_UID} ]] || [[ ${USERMAP_GID} != ${USERMAP_ORIG_GID} ]]; then
+  echo "Adapting uid and gid for ${PG_USER}:${PG_USER} to $USERMAP_UID:$USERMAP_GID"
+  groupmod -g ${USERMAP_GID} ${PG_USER}
+  sed -i -e "s/:${USERMAP_ORIG_UID}:${USERMAP_GID}:/:${USERMAP_UID}:${USERMAP_GID}:/" /etc/passwd
+fi
+
+# fix ownership of ${PG_CONFDIR} (may be necessary if USERMAP_* was set)
+chown -R ${PG_USER}:${PG_USER} ${PG_CONFDIR}
+
+# fix permissions and ownership of ${PG_HOME}
+mkdir -p -m 0700 ${PG_HOME}
+chown -R ${PG_USER}:${PG_USER} ${PG_HOME}
 
 # fix permissions and ownership of /run/postgresql
-mkdir -p -m 0755 /run/postgresql
-chown -R postgres:postgres /run/postgresql
+mkdir -p -m 0755 /run/postgresql /run/postgresql/${PG_VERSION}-main.pg_stat_tmp
+chown -R ${PG_USER}:${PG_USER} /run/postgresql
 chmod g+s /run/postgresql
 
-# disable ssl
-sed 's/ssl = true/#ssl = true/' -i ${PG_CONFDIR}/postgresql.conf
+if [[ ${PSQL_SSLMODE} == disable ]]; then
+  sed 's/ssl = true/#ssl = true/' -i ${PG_CONFDIR}/postgresql.conf
+fi
 
 # listen on all interfaces
 cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
 listen_addresses = '*'
 EOF
 
+if [[ ${PSQL_TRUST_LOCALNET} == true ]]; then
+  echo "Enabling trust samenet in pg_hba.conf..."
+  cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
+host    all             all             samenet                 trust
+EOF
+fi
+
 # allow remote connections to postgresql database
 cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
 host    all             all             0.0.0.0/0               md5
 EOF
 
-# initialize PostgreSQL data directory
-if [ ! -d ${PG_DATADIR} ]; then
-  echo "Initializing database..."
-  PG_PASSWORD=$(pwgen -c -n -1 14)
-  echo "${PG_PASSWORD}" > /var/lib/postgresql/pwfile
-  sudo -u postgres -H "${PG_BINDIR}/initdb" \
-    --pgdata="${PG_DATADIR}" --pwfile=/var/lib/postgresql/pwfile \
-    --username=postgres --encoding=unicode --auth=trust >/dev/null
-fi
-
-if [ -f /var/lib/postgresql/pwfile ]; then
-  PG_PASSWORD=$(cat /var/lib/postgresql/pwfile)
-  echo "|------------------------------------------------------------------|"
-  echo "| PostgreSQL User: postgres, Password: ${PG_PASSWORD}              |"
-  echo "|                                                                  |"
-  echo "| To remove the PostgreSQL login credentials from the logs, please |"
-  echo "| make a note of password and then delete the file pwfile          |"
-  echo "| from the data store.                                             |"
-  echo "|------------------------------------------------------------------|"
-fi
-
-if [ -n "${DB_USER}" ]; then
-  if [ -z "${DB_PASS}" ]; then
-    echo ""
-    echo "WARNING: "
-    echo "  Please specify a password for \"${DB_USER}\". Skipping user creation..."
-    echo ""
-    DB_USER=
+# allow replication connections to the database
+if [[ -n ${REPLICATION_USER} ]]; then
+  if [[ ${PSQL_SSLMODE} == disable ]]; then
+    cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
+host    replication     $REPLICATION_USER       0.0.0.0/0               md5
+EOF
   else
-    echo "Creating user \"${DB_USER}\"..."
-    echo "CREATE ROLE ${DB_USER} with LOGIN CREATEDB PASSWORD '${DB_PASS}';" |
-      sudo -u postgres -H ${PG_BINDIR}/postgres --single \
-        -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null 2>&1
+    cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
+hostssl replication     $REPLICATION_USER       0.0.0.0/0               md5
+EOF
   fi
 fi
 
-if [ -n "${DB_NAME}" ]; then
-  echo "Creating database \"${DB_NAME}\"..."
-  echo "CREATE DATABASE ${DB_NAME};" | \
-    sudo -u postgres -H ${PG_BINDIR}/postgres --single \
-      -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null 2>&1
+if [[ ${PSQL_MODE} == master ]]; then
+  if [[ -n ${REPLICATION_USER} ]]; then
+    echo "Supporting hot standby..."
+    cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
+wal_level = hot_standby
+max_wal_senders = 3
+checkpoint_segments = 8
+wal_keep_segments = 8
+EOF
+  fi
+fi
 
-  if [ -n "${DB_USER}" ]; then
-    echo "Granting access to database \"${DB_NAME}\" for user \"${DB_USER}\"..."
-    echo "GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} to ${DB_USER};" |
-      sudo -u postgres -H ${PG_BINDIR}/postgres --single \
-        -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null 2>&1
+cd ${PG_HOME}
+
+# initialize PostgreSQL data directory
+if [[ ! -d ${PG_DATADIR} ]]; then
+  if [[ ${PSQL_MODE} == slave || ${PSQL_MODE} == snapshot ]]; then
+    echo "Replicating database..."
+    if [[ ${PSQL_MODE} == snapshot ]]; then
+      sudo -Hu ${PG_USER} \
+        PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
+        -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -w -x -v -P
+    elif [[ ${PSQL_MODE} == slave ]]; then
+      # Setup streaming replication.
+      sudo -Hu ${PG_USER} \
+        PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
+        -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -w -v -P
+      echo "Setting up hot standby configuration..."
+      cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
+hot_standby = on
+EOF
+      sudo -Hu ${PG_USER} touch ${PG_DATADIR}/recovery.conf
+      cat >> ${PG_DATADIR}/recovery.conf <<EOF
+standby_mode = 'on'
+primary_conninfo = 'host=${REPLICATION_HOST} port=${REPLICATION_PORT} user=${REPLICATION_USER} password=${REPLICATION_PASS} sslmode=${PSQL_SSLMODE}'
+trigger_file = '/tmp/postgresql.trigger'
+EOF
+    fi
+
+  else
+    # check if we need to perform data migration
+    PG_OLD_VERSION=$(find ${PG_HOME}/[0-9].[0-9]/main -maxdepth 1 -name PG_VERSION 2>/dev/null | sort -r | head -n1 | cut -d'/' -f5)
+
+    echo "Initializing database..."
+    sudo -Hu ${PG_USER} ${PG_BINDIR}/initdb --pgdata=${PG_DATADIR} \
+      --username=${PG_USER} --encoding=unicode --auth=trust >/dev/null
+  fi
+fi
+
+if [[ -n ${PG_OLD_VERSION} ]]; then
+  echo "Migrating postgresql ${PG_OLD_VERSION} data..."
+  PG_OLD_CONFDIR="/etc/postgresql/${PG_OLD_VERSION}/main"
+  PG_OLD_BINDIR="/usr/lib/postgresql/${PG_OLD_VERSION}/bin"
+  PG_OLD_DATADIR="${PG_HOME}/${PG_OLD_VERSION}/main"
+
+  # backup ${PG_OLD_DATADIR} to avoid data loss
+  PG_BKP_SUFFIX=$(date +%Y%m%d%H%M%S)
+  echo "Backing up ${PG_OLD_DATADIR} to ${PG_OLD_DATADIR}.${PG_BKP_SUFFIX}..."
+  cp -a ${PG_OLD_DATADIR} ${PG_OLD_DATADIR}.${PG_BKP_SUFFIX}
+
+  echo "Installing postgresql-${PG_OLD_VERSION}..."
+  apt-get update
+  apt-get install postgresql-${PG_OLD_VERSION} postgresql-client-${PG_OLD_VERSION}
+  rm -rf /var/lib/apt/lists/*
+
+  # migrate ${PG_OLD_VERSION} data
+  echo "Migration in progress. This could take a while, please be patient..."
+  sudo -Hu ${PG_USER} ${PG_BINDIR}/pg_upgrade \
+    -b ${PG_OLD_BINDIR} -B ${PG_BINDIR} \
+    -d ${PG_OLD_DATADIR} -D ${PG_DATADIR} \
+    -o "-c config_file=${PG_OLD_CONFDIR}/postgresql.conf" \
+    -O "-c config_file=${PG_CONFDIR}/postgresql.conf" >/dev/null
+fi
+
+# Hot standby (slave and snapshot) servers can ignore the following code.
+if [[ ${PSQL_MODE} == standalone || ${PSQL_MODE} == master ]]; then
+  if [[ -n ${REPLICATION_USER} ]]; then
+    if [[ -z ${REPLICATION_PASS} ]]; then
+      echo ""
+      echo "WARNING: "
+      echo "  Please specify a password for replication user \"${REPLICATION_USER}\". Skipping user creation..."
+      echo ""
+      DB_USER=
+    else
+      echo "Creating user \"${REPLICATION_USER}\"..."
+      echo "CREATE ROLE ${REPLICATION_USER} WITH REPLICATION LOGIN ENCRYPTED PASSWORD '${REPLICATION_PASS}';" |
+        sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+    fi
+  fi
+
+  if [[ -n ${DB_USER} ]]; then
+    if [[ -z ${DB_PASS} ]]; then
+      echo ""
+      echo "WARNING: "
+      echo "  Please specify a password for \"${DB_USER}\". Skipping user creation..."
+      echo ""
+      DB_USER=
+    else
+      echo "Creating user \"${DB_USER}\"..."
+      echo "CREATE ROLE ${DB_USER} with LOGIN CREATEDB PASSWORD '${DB_PASS}';" |
+        sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+    fi
+  fi
+
+  if [[ -n ${DB_NAME} ]]; then
+    for db in $(awk -F',' '{for (i = 1 ; i <= NF ; i++) print $i}' <<< "${DB_NAME}"); do
+      echo "Creating database \"${db}\"..."
+      echo "CREATE DATABASE ${db};" | \
+        sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+
+      if [[ ${DB_UNACCENT} == true ]]; then
+        echo "Installing unaccent extension..."
+        echo "CREATE EXTENSION IF NOT EXISTS unaccent;" | \
+          sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single ${db} \
+            -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+      fi
+
+      if [[ -n ${DB_USER} ]]; then
+        echo "Granting access to database \"${db}\" for user \"${DB_USER}\"..."
+        echo "GRANT ALL PRIVILEGES ON DATABASE ${db} to ${DB_USER};" |
+          sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+            -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+      fi
+    done
   fi
 fi
 
 echo "Starting PostgreSQL server..."
-exec sudo -u postgres -H ${PG_BINDIR}/postgres \
+exec start-stop-daemon --start --chuid ${PG_USER}:${PG_USER} --exec ${PG_BINDIR}/postgres -- \
   -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf