release 9.4-5

start: maybe change DSM config in postgresql.conf

.dockerignore

@@ -1,4 +1,7 @@
 .git
+circle.yml
+LICENSE
 VERSION
 README.md
 Changelog.md
+Makefile

Changelog.md

@@ -1,5 +1,16 @@
 # Changelog
 
+**9.4-2**
+- added replication options
+
+**9.4-1**
+- start: removed `pwfile` logic
+- init: added `USERMAP_*` configuration options
+- base image update to fix SSL vulnerability
+
+**9.4**
+- postgresql: upgrade to 9.4
+
 **9.1-2**
 - use the official postgresql apt repo
 - feature: automatic data migration on upgrade

Dockerfile

@@ -1,20 +1,26 @@
-FROM sameersbn/ubuntu:14.04.20150120
+FROM quay.io/sameersbn/ubuntu:14.04.20151011
 MAINTAINER sameer@damagehead.com
 
-ENV PG_VERSION 9.1
+ENV PG_VERSION=9.4 \
+    PG_USER=postgres \
+    PG_HOME=/var/lib/postgresql \
+    PG_RUNDIR=/run/postgresql \
+    PG_LOGDIR=/var/log/postgresql
+
+ENV PG_CONFDIR="/etc/postgresql/${PG_VERSION}/main" \
+    PG_BINDIR="/usr/lib/postgresql/${PG_VERSION}/bin" \
+    PG_DATADIR="${PG_HOME}/${PG_VERSION}/main"
+
 RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
  && echo 'deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main' > /etc/apt/sources.list.d/pgdg.list \
  && apt-get update \
- && apt-get install -y postgresql-${PG_VERSION} postgresql-client-${PG_VERSION} pwgen \
- && rm -rf /var/lib/postgresql \
- && rm -rf /var/lib/apt/lists/* # 20141001
+ && DEBIAN_FRONTEND=noninteractive apt-get install -y postgresql-${PG_VERSION} postgresql-client-${PG_VERSION} postgresql-contrib-${PG_VERSION} \
+ && rm -rf ${PG_HOME} \
+ && rm -rf /var/lib/apt/lists/*
 
-ADD start /start
-RUN chmod 755 /start
+COPY entrypoint.sh /sbin/entrypoint.sh
+RUN chmod 755 /sbin/entrypoint.sh
 
-EXPOSE 5432
-
-VOLUME ["/var/lib/postgresql"]
-VOLUME ["/run/postgresql"]
-
-CMD ["/start"]
+EXPOSE 5432/tcp
+VOLUME ["${PG_HOME}", "${PG_RUNDIR}"]
+CMD ["/sbin/entrypoint.sh"]

Makefile

@@ -2,3 +2,6 @@ all: build
 
 build:
 	@docker build --tag=${USER}/postgresql .
+
+release: build
+	@docker build --tag=${USER}/postgresql:$(shell cat VERSION) .

README.md

@@ -1,3 +1,5 @@
+[![Circle CI](https://circleci.com/gh/sameersbn/docker-postgresql.svg?style=svg)](https://circleci.com/gh/sameersbn/docker-postgresql)
+
 # Table of Contents
 
 - [Introduction](#introduction)
@@ -6,12 +8,12 @@
 - [Reporting Issues](#reporting-issues)
 - [Installation](#installation)
 - [Quick Start](#quick-start)
-- [Creating User and Database at Launch](creating-user-and-database-at-launch)
-- [Configuration](#configuration)
-    - [Data Store](#data-store)
-    - [Securing the server](#securing-the-server)
-- [Shell Access](#shell-access)
+- [Persistence](#persistence)
+- [Creating User and Database at Launch](#creating-user-and-database-at-launch)
+- [Creating a Snapshot or Slave Database](#creating-a-snapshot-or-slave-database)
+- [Host UID / GID Mapping](#host-uid--gid-mapping)
 - [Upgrading](#upgrading)
+- [Shell Access](#shell-access)
 
 # Introduction
 
@@ -23,11 +25,11 @@ If you find this image useful here's how you can help:
 
 - Send a Pull Request with your awesome new features and bug fixes
 - Help new users with [Issues](https://github.com/sameersbn/docker-postgresql/issues) they may encounter
-- Send me a tip via [Bitcoin](https://www.coinbase.com/sameersbn) or using [Gratipay](https://gratipay.com/sameersbn/)
+- Support the development of this image with a [donation](http://www.damagehead.com/donate/)
 
 # Reporting Issues
 
-Docker is a relatively new project and is active being developed and tested by a thriving community of developers and testers and every release of docker features many enhancements and bugfixes.
+Docker is a relatively new project and is being actively developed and tested by a thriving community of developers and testers and every release of Docker features many enhancements and bugfixes.
 
 Given the nature of the development and release cycle it is very important that you have the latest version of docker installed because any issue that you encounter might have already been fixed with a newer docker release.
 
@@ -48,7 +50,7 @@ If using the latest docker version and/or disabling selinux does not fix the iss
 
 In your issue report please make sure you provide the following information:
 
-- The host ditribution and release version.
+- The host distribution and release version.
 - Output of the `docker version` command
 - Output of the `docker info` command
 - The `docker run` command you used to run the image (mask out the sensitive bits).
@@ -58,7 +60,7 @@ In your issue report please make sure you provide the following information:
 Pull the latest version of the image from the docker index. This is the recommended method of installation as it is easier to update image in the future. These builds are performed by the **Docker Trusted Build** service.
 
 ```bash
-docker pull sameersbn/postgresql:9.1-2
+docker pull sameersbn/postgresql:9.4-5
 ```
 
 Alternately you can build the image yourself.
@@ -74,85 +76,16 @@ docker build -t="$USER/postgresql" .
 Run the postgresql image
 
 ```bash
-docker run --name postgresql -d sameersbn/postgresql:9.1-2
+docker run --name postgresql -d sameersbn/postgresql:9.4-5
 ```
 
-The simplest way to login to the postgresql container as the administrative `postgres` user is to use the `--volumes-from` docker option to connect to the postgresql server over the unix socket.
+The simplest way to login to the postgresql container as the administrative `postgres` user is to use the `docker exec` command to attach a new process to the running container and connect to the postgresql server over the unix socket.
 
 ```bash
-docker run -it --rm --volumes-from=postgresql \
-  sameersbn/postgresql:9.1-2 sudo -u postgres -H psql
+docker exec -it postgresql sudo -u postgres psql
 ```
 
-Alternately you can fetch the password set for the `postgres` user from the container logs.
-
-```bash
-docker logs postgresql
-```
-
-In the output you will notice the following lines with the password:
-
-```bash
-|------------------------------------------------------------------|
-| PostgreSQL User: postgres, Password: xxxxxxxxxxxxxx              |
-|                                                                  |
-| To remove the PostgreSQL login credentials from the logs, please |
-| make a note of password and then delete the file pwfile          |
-| from the data store.                                             |
-|------------------------------------------------------------------|
-```
-
-To test if the postgresql server is working properly, try connecting to the server.
-
-```bash
-psql -U postgres -h $(docker inspect --format {{.NetworkSettings.IPAddress}} postgresql)
-```
-
-# Creating User and Database at Launch
-
-The image allows you to create a user and database at launch time.
-
-To create a new user you should specify the `DB_USER` and `DB_PASS` variables. The following command will create a new user *dbuser* with the password *dbpass*.
-
-```bash
-docker run --name postgresql -d \
-  -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' \
-  sameersbn/postgresql:9.1-2
-```
-
-**NOTE**
-- If the password is not specified the user will not be created
-- If the user user already exists no changes will be made
-
-Similarly, you can also create a new database by specifying the database name in the `DB_NAME` variable.
-
-```bash
-docker run --name postgresql -d \
-  -e 'DB_NAME=dbname' sameersbn/postgresql:9.1-2
-```
-
-You may also specify a comma separated list of database names in the `DB_NAME` variable. The following command creates two new databases named *dbname1* and *dbname2 (p.s. this feature is only available in releases greater than 9.1-2)*
-
-```bash
-docker run --name postgresql -d \
--e 'DB_NAME=dbname1,dbname2' sameersbn/postgresql:latest
-```
-
-If the `DB_USER` and `DB_PASS` variables are also specified while creating the database, then the user is granted access to the database(s).
-
-For example,
-
-```bash
-docker run --name postgresql -d \
-  -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' -e 'DB_NAME=dbname' \
-  sameersbn/postgresql:9.1-2
-```
-
-, will create a user *dbuser* with the password *dbpass*. It will also create a database named *dbname* and the *dbuser* user will have full access to the *dbname* database.
-
-# Configuration
-
-## Data Store
+# Persistence
 
 For data persistence a volume should be mounted at `/var/lib/postgresql`.
 
@@ -167,27 +100,142 @@ The updated run command looks like this.
 
 ```bash
 docker run --name postgresql -d \
-  -v /opt/postgresql/data:/var/lib/postgresql sameersbn/postgresql:9.1-2
+  -v /opt/postgresql/data:/var/lib/postgresql sameersbn/postgresql:9.4-5
 ```
 
 This will make sure that the data stored in the database is not lost when the image is stopped and started again.
 
-## Securing the server
+# Creating User and Database at Launch
 
-By default a randomly generated password is assigned for the postgres user. The password is stored in a file named `pwfile` in the data store and is printed in the logs.
+The image allows you to create a user and database at launch time.
 
-If you dont want this password to be displayed in the logs, then please note down the password listed in `/opt/postgresql/data/pwfile` and then delete the file.
+To create a new user you should specify the `DB_USER` and `DB_PASS` variables. The following command will create a new user *dbuser* with the password *dbpass*.
 
 ```bash
-cat /opt/postgresql/data/pwfile
-rm /opt/postgresql/data/pwfile
+docker run --name postgresql -d \
+  -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' \
+  sameersbn/postgresql:9.4-5
 ```
 
-Alternately, you can change the password of the postgres user
+**NOTE**
+- If the password is not specified the user will not be created
+- If the user user already exists no changes will be made
+
+Similarly, you can also create a new database by specifying the database name in the `DB_NAME` variable.
 
 ```bash
-psql -U postgres -h $(docker inspect --format {{.NetworkSettings.IPAddress}} postgresql)
-\password postgres
+docker run --name postgresql -d \
+  -e 'DB_NAME=dbname' sameersbn/postgresql:9.4-5
+```
+
+You may also specify a comma separated list of database names in the `DB_NAME` variable. The following command creates two new databases named *dbname1* and *dbname2* (p.s. this feature is only available in releases greater than 9.1-1).
+
+```bash
+docker run --name postgresql -d \
+  -e 'DB_NAME=dbname1,dbname2' \
+  sameersbn/postgresql:9.4-5
+```
+
+If the `DB_USER` and `DB_PASS` variables are also specified while creating the database, then the user is granted access to the database(s).
+
+For example,
+
+```bash
+docker run --name postgresql -d \
+  -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' -e 'DB_NAME=dbname' \
+  sameersbn/postgresql:9.4-5
+```
+
+will create a user *dbuser* with the password *dbpass*. It will also create a database named *dbname* and the *dbuser* user will have full access to the *dbname* database.
+
+The `PSQL_TRUST_LOCALNET` environment variable can be used to configure postgres to trust connections on the same network.  This is handy for other containers to connect without authentication. To enable this behavior, set `PSQL_TRUST_LOCALNET` to `true`.
+
+For example,
+
+```bash
+docker run --name postgresql -d \
+  -e 'PSQL_TRUST_LOCALNET=true' \
+  sameersbn/postgresql:9.4-5
+```
+
+This has the effect of adding the following to the `pg_hba.conf` file:
+
+```
+host    all             all             samenet                 trust
+```
+
+# Creating a Snapshot or Slave Database
+
+You may use the `PSQL_MODE` variable along with `REPLICATION_HOST`, `REPLICATION_PORT`, `REPLICATION_USER` and `REPLICATION_PASS` to create a snapshot of an existing database and enable stream replication.
+
+Your master database must support replication or super-user access for the credentials you specify. The `PSQL_MODE` variable should be set to `master`, for replication on your master node and `slave` or `snapshot` respectively for streaming replication or a point-in-time snapshot of a running instance.
+
+Create a master instance
+
+```bash
+docker run --name='psql-master' -it --rm \
+  -e 'PSQL_MODE=master' -e 'PSQL_TRUST_LOCALNET=true' \
+  -e 'REPLICATION_USER=replicator' -e 'REPLICATION_PASS=replicatorpass' \
+  -e 'DB_NAME=dbname' -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' \
+  sameersbn/postgresql:9.4-5
+```
+
+Create a streaming replication instance
+
+```bash
+docker run --name='psql-slave' -it --rm  \
+  --link psql-master:psql-master  \
+  -e 'PSQL_MODE=slave' -e 'PSQL_TRUST_LOCALNET=true' \
+  -e 'REPLICATION_HOST=psql-master' -e 'REPLICATION_PORT=5432' \
+  -e 'REPLICATION_USER=replicator' -e 'REPLICATION_PASS=replicatorpass' \
+  sameersbn/postgresql:9.4-5
+```
+
+# Enable Unaccent (Search plain text with accent)
+
+Unaccent is a text search dictionary that removes accents (diacritic signs) from lexemes. It's a filtering dictionary, which means its output is always passed to the next dictionary (if any), unlike the normal behavior of dictionaries. This allows accent-insensitive processing for full text search.
+
+By default unaccent is configure to `false`
+
+```bash
+docker run --name postgresql -d \
+  -e 'DB_UNACCENT=true' \
+  sameersbn/postgresql:9.4-5
+```
+
+# Host UID / GID Mapping
+
+Per default the container is configured to run postgres as user and group `postgres` with some unknown `uid` and `gid`. The host possibly uses these ids for different purposes leading to unfavorable effects. From the host it appears as if the mounted data volumes are owned by the host's user/group `[whatever id postgres has in the image]`.
+
+Also the container processes seem to be executed as the host's user/group `[whatever id postgres has in the image]`. The container can be configured to map the `uid` and `gid` of `postgres` to different ids on host by passing the environment variables `USERMAP_UID` and `USERMAP_GID`. The following command maps the ids to user and group `postgres` on the host.
+
+```bash
+docker run --name=postgresql -it --rm [options] \
+  --env="USERMAP_UID=$(id -u postgres)" --env="USERMAP_GID=$(id -g postgres)" \
+  sameersbn/postgresql:9.4-5
+```
+
+
+# Upgrading
+
+To upgrade to newer releases, simply follow this 3 step upgrade procedure.
+
+- **Step 1**: Stop the currently running image
+
+```bash
+docker stop postgresql
+```
+
+- **Step 2**: Update the docker image.
+
+```bash
+docker pull sameersbn/postgresql:9.4-5
+```
+
+- **Step 3**: Start the image
+
+```bash
+docker run --name postgresql -d [OPTIONS] sameersbn/postgresql:9.4-5
 ```
 
 # Shell Access
@@ -215,25 +263,3 @@ sudo docker-enter postgresql
 ```
 
 For more information refer https://github.com/jpetazzo/nsenter
-
-# Upgrading
-
-To upgrade to newer releases, simply follow this 3 step upgrade procedure.
-
-- **Step 1**: Stop the currently running image
-
-```bash
-docker stop postgresql
-```
-
-- **Step 2**: Update the docker image.
-
-```bash
-docker pull sameersbn/postgresql:9.1-2
-```
-
-- **Step 3**: Start the image
-
-```bash
-docker run --name postgresql -d [OPTIONS] sameersbn/postgresql:9.1-2
-```

VERSION

@@ -1 +1 @@
-9.1
+9.4-5

circle.yml

@@ -0,0 +1,15 @@
+machine:
+  services:
+    - docker
+dependencies:
+  cache_directories:
+    - "~/docker-postgresql"
+  override:
+    - docker info
+    - if [[ -e ~/docker-postgresql/image.tar ]]; then docker load --input ~/docker-postgresql/image.tar; fi
+    - docker build -t sameersbn/postgresql .
+    - mkdir -p ~/docker-postgresql; docker save --output ~/docker-postgresql/image.tar sameersbn/postgresql
+test:
+  override:
+    - docker run -d --name=postgresql sameersbn/postgresql; sleep 10
+    - docker run -it --volumes-from=postgresql sameersbn/postgresql sudo -u postgres -H psql -c "\conninfo"

entrypoint.sh

@@ -0,0 +1,238 @@
+#!/bin/bash
+set -e
+
+# set this env variable to true to enable a line in the
+# pg_hba.conf file to trust samenet.  this can be used to connect
+# from other containers on the same host without authentication
+PSQL_TRUST_LOCALNET=${PSQL_TRUST_LOCALNET:-false}
+
+DB_NAME=${DB_NAME:-}
+DB_USER=${DB_USER:-}
+DB_PASS=${DB_PASS:-}
+DB_UNACCENT=${DB_UNACCENT:false}
+
+# by default postgresql will start up as a standalone instance.
+# set this environment variable to master, slave or snapshot to use replication features.
+# "snapshot" will create a point in time backup of a master instance.
+PSQL_MODE=${PSQL_MODE:-standalone}
+
+REPLICATION_USER=${REPLICATION_USER:-}
+REPLICATION_PASS=${REPLICATION_PASS:-}
+REPLICATION_HOST=${REPLICATION_HOST:-}
+REPLICATION_PORT=${REPLICATION_PORT:-5432}
+
+# set this env variable to "require" to enable encryption and "verify-full" for verification.
+PSQL_SSLMODE=${PSQL_SSLMODE:-disable}
+
+map_postgres_uid() {
+  USERMAP_ORIG_UID=$(id -u ${PG_USER})
+  USERMAP_ORIG_GID=$(id -g ${PG_USER})
+  USERMAP_GID=${USERMAP_GID:-${USERMAP_UID:-$USERMAP_ORIG_GID}}
+  USERMAP_UID=${USERMAP_UID:-$USERMAP_ORIG_UID}
+  if [[ ${USERMAP_UID} != ${USERMAP_ORIG_UID} ]] || [[ ${USERMAP_GID} != ${USERMAP_ORIG_GID} ]]; then
+    echo "Adapting uid and gid for ${PG_USER}:${PG_USER} to $USERMAP_UID:$USERMAP_GID"
+    groupmod -g ${USERMAP_GID} ${PG_USER}
+    sed -i -e "s/:${USERMAP_ORIG_UID}:${USERMAP_GID}:/:${USERMAP_UID}:${USERMAP_GID}:/" /etc/passwd
+  fi
+}
+
+create_data_dir() {
+  mkdir -p ${PG_HOME}
+  chmod -R 0700 ${PG_HOME}
+  chown -R ${PG_USER}:${PG_USER} ${PG_HOME}
+}
+
+create_log_dir() {
+  mkdir -p ${PG_LOGDIR}
+  chmod -R 1775 ${PG_LOGDIR}
+  chown -R root:${PG_USER} ${PG_LOGDIR}
+}
+
+create_run_dir() {
+  mkdir -p ${PG_RUNDIR} ${PG_RUNDIR}/${PG_VERSION}-main.pg_stat_tmp
+  chmod -R 0755 ${PG_RUNDIR}
+  chmod g+s ${PG_RUNDIR}
+  chown -R ${PG_USER}:${PG_USER} ${PG_RUNDIR}
+}
+
+map_postgres_uid
+create_data_dir
+create_log_dir
+create_run_dir
+
+# fix ownership of ${PG_CONFDIR} (may be necessary if USERMAP_* was set)
+chown -R ${PG_USER}:${PG_USER} ${PG_CONFDIR}
+
+if [[ ${PSQL_SSLMODE} == disable ]]; then
+  sed 's/ssl = true/#ssl = true/' -i ${PG_CONFDIR}/postgresql.conf
+fi
+
+# Change DSM from `posix' to `sysv' if we are inside an lx-brand container
+if [[ $(uname -v) == "BrandZ virtual linux" ]]; then
+  sed 's/\(dynamic_shared_memory_type = \)posix/\1sysv/' \
+    -i ${PG_CONFDIR}/postgresql.conf
+fi
+
+# listen on all interfaces
+cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
+listen_addresses = '*'
+EOF
+
+if [[ ${PSQL_TRUST_LOCALNET} == true ]]; then
+  echo "Enabling trust samenet in pg_hba.conf..."
+  cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
+host    all             all             samenet                 trust
+EOF
+fi
+
+# allow remote connections to postgresql database
+cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
+host    all             all             0.0.0.0/0               md5
+EOF
+
+# allow replication connections to the database
+if [[ -n ${REPLICATION_USER} ]]; then
+  if [[ ${PSQL_SSLMODE} == disable ]]; then
+    cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
+host    replication     $REPLICATION_USER       0.0.0.0/0               md5
+EOF
+  else
+    cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
+hostssl replication     $REPLICATION_USER       0.0.0.0/0               md5
+EOF
+  fi
+fi
+
+if [[ ${PSQL_MODE} == master ]]; then
+  if [[ -n ${REPLICATION_USER} ]]; then
+    echo "Supporting hot standby..."
+    cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
+wal_level = hot_standby
+max_wal_senders = 3
+checkpoint_segments = 8
+wal_keep_segments = 8
+EOF
+  fi
+fi
+
+cd ${PG_HOME}
+
+# initialize PostgreSQL data directory
+if [[ ! -d ${PG_DATADIR} ]]; then
+  if [[ ${PSQL_MODE} == slave || ${PSQL_MODE} == snapshot ]]; then
+    echo "Replicating database..."
+    if [[ ${PSQL_MODE} == snapshot ]]; then
+      sudo -Hu ${PG_USER} \
+        PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
+        -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -w -x -v -P
+    elif [[ ${PSQL_MODE} == slave ]]; then
+      # Setup streaming replication.
+      sudo -Hu ${PG_USER} \
+        PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
+        -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -w -v -P
+      echo "Setting up hot standby configuration..."
+      cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
+hot_standby = on
+EOF
+      sudo -Hu ${PG_USER} touch ${PG_DATADIR}/recovery.conf
+      cat >> ${PG_DATADIR}/recovery.conf <<EOF
+standby_mode = 'on'
+primary_conninfo = 'host=${REPLICATION_HOST} port=${REPLICATION_PORT} user=${REPLICATION_USER} password=${REPLICATION_PASS} sslmode=${PSQL_SSLMODE}'
+trigger_file = '/tmp/postgresql.trigger'
+EOF
+    fi
+
+  else
+    # check if we need to perform data migration
+    PG_OLD_VERSION=$(find ${PG_HOME}/[0-9].[0-9]/main -maxdepth 1 -name PG_VERSION 2>/dev/null | sort -r | head -n1 | cut -d'/' -f5)
+
+    echo "Initializing database..."
+    sudo -Hu ${PG_USER} ${PG_BINDIR}/initdb --pgdata=${PG_DATADIR} \
+      --username=${PG_USER} --encoding=unicode --auth=trust >/dev/null
+  fi
+fi
+
+if [[ -n ${PG_OLD_VERSION} ]]; then
+  echo "Migrating postgresql ${PG_OLD_VERSION} data..."
+  PG_OLD_CONFDIR="/etc/postgresql/${PG_OLD_VERSION}/main"
+  PG_OLD_BINDIR="/usr/lib/postgresql/${PG_OLD_VERSION}/bin"
+  PG_OLD_DATADIR="${PG_HOME}/${PG_OLD_VERSION}/main"
+
+  # backup ${PG_OLD_DATADIR} to avoid data loss
+  PG_BKP_SUFFIX=$(date +%Y%m%d%H%M%S)
+  echo "Backing up ${PG_OLD_DATADIR} to ${PG_OLD_DATADIR}.${PG_BKP_SUFFIX}..."
+  cp -a ${PG_OLD_DATADIR} ${PG_OLD_DATADIR}.${PG_BKP_SUFFIX}
+
+  echo "Installing postgresql-${PG_OLD_VERSION}..."
+  apt-get update
+  DEBIAN_FRONTEND=noninteractive apt-get install postgresql-${PG_OLD_VERSION} postgresql-client-${PG_OLD_VERSION}
+  rm -rf /var/lib/apt/lists/*
+
+  # migrate ${PG_OLD_VERSION} data
+  echo "Migration in progress. This could take a while, please be patient..."
+  sudo -Hu ${PG_USER} ${PG_BINDIR}/pg_upgrade \
+    -b ${PG_OLD_BINDIR} -B ${PG_BINDIR} \
+    -d ${PG_OLD_DATADIR} -D ${PG_DATADIR} \
+    -o "-c config_file=${PG_OLD_CONFDIR}/postgresql.conf" \
+    -O "-c config_file=${PG_CONFDIR}/postgresql.conf" >/dev/null
+fi
+
+# Hot standby (slave and snapshot) servers can ignore the following code.
+if [[ ${PSQL_MODE} == standalone || ${PSQL_MODE} == master ]]; then
+  if [[ -n ${REPLICATION_USER} ]]; then
+    if [[ -z ${REPLICATION_PASS} ]]; then
+      echo ""
+      echo "WARNING: "
+      echo "  Please specify a password for replication user \"${REPLICATION_USER}\". Skipping user creation..."
+      echo ""
+      DB_USER=
+    else
+      echo "Creating user \"${REPLICATION_USER}\"..."
+      echo "CREATE ROLE ${REPLICATION_USER} WITH REPLICATION LOGIN ENCRYPTED PASSWORD '${REPLICATION_PASS}';" |
+        sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+    fi
+  fi
+
+  if [[ -n ${DB_USER} ]]; then
+    if [[ -z ${DB_PASS} ]]; then
+      echo ""
+      echo "WARNING: "
+      echo "  Please specify a password for \"${DB_USER}\". Skipping user creation..."
+      echo ""
+      DB_USER=
+    else
+      echo "Creating user \"${DB_USER}\"..."
+      echo "CREATE ROLE ${DB_USER} with LOGIN CREATEDB PASSWORD '${DB_PASS}';" |
+        sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+    fi
+  fi
+
+  if [[ -n ${DB_NAME} ]]; then
+    for db in $(awk -F',' '{for (i = 1 ; i <= NF ; i++) print $i}' <<< "${DB_NAME}"); do
+      echo "Creating database \"${db}\"..."
+      echo "CREATE DATABASE ${db};" | \
+        sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+
+      if [[ ${DB_UNACCENT} == true ]]; then
+        echo "Installing unaccent extension..."
+        echo "CREATE EXTENSION IF NOT EXISTS unaccent;" | \
+          sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single ${db} \
+            -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+      fi
+
+      if [[ -n ${DB_USER} ]]; then
+        echo "Granting access to database \"${db}\" for user \"${DB_USER}\"..."
+        echo "GRANT ALL PRIVILEGES ON DATABASE ${db} to ${DB_USER};" |
+          sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+            -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+      fi
+    done
+  fi
+fi
+
+echo "Starting PostgreSQL server..."
+exec start-stop-daemon --start --chuid ${PG_USER}:${PG_USER} --exec ${PG_BINDIR}/postgres -- \
+  -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf

start

@@ -1,122 +0,0 @@
-#!/bin/bash
-set -e
-
-PG_HOME="/var/lib/postgresql"
-PG_CONFDIR="/etc/postgresql/${PG_VERSION}/main"
-PG_BINDIR="/usr/lib/postgresql/${PG_VERSION}/bin"
-PG_DATADIR="${PG_HOME}/${PG_VERSION}/main"
-
-DB_NAME=${DB_NAME:-}
-DB_USER=${DB_USER:-}
-DB_PASS=${DB_PASS:-}
-
-# fix permissions and ownership of ${PG_HOME}
-mkdir -p -m 0700 ${PG_HOME}
-chown -R postgres:postgres ${PG_HOME}
-
-# fix permissions and ownership of /run/postgresql
-mkdir -p -m 0755 /run/postgresql /run/postgresql/${PG_VERSION}-main.pg_stat_tmp
-chown -R postgres:postgres /run/postgresql
-chmod g+s /run/postgresql
-
-# disable ssl
-sed 's/ssl = true/#ssl = true/' -i ${PG_CONFDIR}/postgresql.conf
-
-# listen on all interfaces
-cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
-listen_addresses = '*'
-EOF
-
-# allow remote connections to postgresql database
-cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
-host    all             all             0.0.0.0/0               md5
-EOF
-
-cd ${PG_HOME}
-
-# initialize PostgreSQL data directory
-if [ ! -d ${PG_DATADIR} ]; then
-  # check if we need to perform data migration
-  PG_OLD_VERSION=$(find ${PG_HOME}/[0-9].[0-9]/main -maxdepth 1 -name PG_VERSION | sort -r | head -n1 | cut -d'/' -f5)
-
-  if [ ! -f "${PG_HOME}/pwfile" ]; then
-    PG_PASSWORD=$(pwgen -c -n -1 14)
-    echo "${PG_PASSWORD}" > ${PG_HOME}/pwfile
-  fi
-
-  echo "Initializing database..."
-  sudo -u postgres -H "${PG_BINDIR}/initdb" \
-    --pgdata="${PG_DATADIR}" --pwfile=${PG_HOME}/pwfile \
-    --username=postgres --encoding=unicode --auth=trust >/dev/null
-fi
-
-if [ -n "${PG_OLD_VERSION}" ]; then
-  echo "Migrating postgresql ${PG_OLD_VERSION} data..."
-  PG_OLD_CONFDIR="/etc/postgresql/${PG_OLD_VERSION}/main"
-  PG_OLD_BINDIR="/usr/lib/postgresql/${PG_OLD_VERSION}/bin"
-  PG_OLD_DATADIR="${PG_HOME}/${PG_OLD_VERSION}/main"
-
-  # backup ${PG_OLD_DATADIR} to avoid data loss
-  PG_BKP_SUFFIX=$(date +%Y%m%d%H%M%S)
-  echo "Backing up ${PG_OLD_DATADIR} to ${PG_OLD_DATADIR}.${PG_BKP_SUFFIX}..."
-  cp -a ${PG_OLD_DATADIR} ${PG_OLD_DATADIR}.${PG_BKP_SUFFIX}
-
-  echo "Installing postgresql-${PG_OLD_VERSION}..."
-  apt-get update
-  apt-get install postgresql-${PG_OLD_VERSION} postgresql-client-${PG_OLD_VERSION}
-  rm -rf /var/lib/apt/lists/*
-
-  # migrate ${PG_OLD_VERSION} data
-  echo "Migration in progress. This could take a while, please be patient..."
-  sudo -u postgres -H ${PG_BINDIR}/pg_upgrade \
-    -b ${PG_OLD_BINDIR} -B ${PG_BINDIR} \
-    -d ${PG_OLD_DATADIR} -D ${PG_DATADIR} \
-    -o "-c config_file=${PG_OLD_CONFDIR}/postgresql.conf" \
-    -O "-c config_file=${PG_CONFDIR}/postgresql.conf" >/dev/null
-fi
-
-if [ -f ${PG_HOME}/pwfile ]; then
-  PG_PASSWORD=$(cat ${PG_HOME}/pwfile)
-  echo "|------------------------------------------------------------------|"
-  echo "| PostgreSQL User: postgres, Password: ${PG_PASSWORD}              |"
-  echo "|                                                                  |"
-  echo "| To remove the PostgreSQL login credentials from the logs, please |"
-  echo "| make a note of password and then delete the file pwfile          |"
-  echo "| from the data store.                                             |"
-  echo "|------------------------------------------------------------------|"
-fi
-
-if [ -n "${DB_USER}" ]; then
-  if [ -z "${DB_PASS}" ]; then
-    echo ""
-    echo "WARNING: "
-    echo "  Please specify a password for \"${DB_USER}\". Skipping user creation..."
-    echo ""
-    DB_USER=
-  else
-    echo "Creating user \"${DB_USER}\"..."
-    echo "CREATE ROLE ${DB_USER} with LOGIN CREATEDB PASSWORD '${DB_PASS}';" |
-      sudo -u postgres -H ${PG_BINDIR}/postgres --single \
-        -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null 2>&1
-  fi
-fi
-
-if [ -n "${DB_NAME}" ]; then
-  for db in $(awk -F',' '{for (i = 1 ; i <= NF ; i++) print $i}' <<< "${DB_NAME}"); do
-    echo "Creating database \"${db}\"..."
-    echo "CREATE DATABASE ${db};" | \
-      sudo -u postgres -H ${PG_BINDIR}/postgres --single \
-        -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null 2>&1
-
-    if [ -n "${DB_USER}" ]; then
-      echo "Granting access to database \"${db}\" for user \"${DB_USER}\"..."
-      echo "GRANT ALL PRIVILEGES ON DATABASE ${db} to ${DB_USER};" |
-        sudo -u postgres -H ${PG_BINDIR}/postgres --single \
-          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null 2>&1
-    fi
-  done
-fi
-
-echo "Starting PostgreSQL server..."
-exec sudo -u postgres -H ${PG_BINDIR}/postgres \
-  -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf