release 9.4-5

start: maybe change DSM config in postgresql.conf

.dockerignore

@@ -0,0 +1,7 @@
+.git
+circle.yml
+LICENSE
+VERSION
+README.md
+Changelog.md
+Makefile

Changelog.md

@@ -0,0 +1,26 @@
+# Changelog
+
+**9.4-2**
+- added replication options
+
+**9.4-1**
+- start: removed `pwfile` logic
+- init: added `USERMAP_*` configuration options
+- base image update to fix SSL vulnerability
+
+**9.4**
+- postgresql: upgrade to 9.4
+
+**9.1-2**
+- use the official postgresql apt repo
+- feature: automatic data migration on upgrade
+
+**9.1-1**
+- upgrade to sameersbn/ubuntu:20141001, fixes shellshock
+- support creation of users and databases at launch (`docker run`)
+- mount volume at `/var/run/postgresql` allowing the postgresql unix socket to be exposed
+
+**9.1**
+- optimized image size by removing `/var/lib/apt/lists/*`.
+- update to the sameersbn/ubuntu:12.04.20140818 baseimage
+- removed use of supervisord

Dockerfile

@@ -1,14 +1,26 @@
-FROM sameersbn/ubuntu:12.04.20140818
+FROM quay.io/sameersbn/ubuntu:14.04.20151011
 MAINTAINER sameer@damagehead.com
 
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends postgresql postgresql-client && \
-    rm -rf /var/lib/postgresql &&  \
-    rm -rf /var/lib/apt/lists/* # 20140818
+ENV PG_VERSION=9.4 \
+    PG_USER=postgres \
+    PG_HOME=/var/lib/postgresql \
+    PG_RUNDIR=/run/postgresql \
+    PG_LOGDIR=/var/log/postgresql
 
-ADD start /start
-RUN chmod 755 /start
+ENV PG_CONFDIR="/etc/postgresql/${PG_VERSION}/main" \
+    PG_BINDIR="/usr/lib/postgresql/${PG_VERSION}/bin" \
+    PG_DATADIR="${PG_HOME}/${PG_VERSION}/main"
 
-EXPOSE 5432
-VOLUME ["/var/lib/postgresql"]
-CMD ["/start"]
+RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
+ && echo 'deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main' > /etc/apt/sources.list.d/pgdg.list \
+ && apt-get update \
+ && DEBIAN_FRONTEND=noninteractive apt-get install -y postgresql-${PG_VERSION} postgresql-client-${PG_VERSION} postgresql-contrib-${PG_VERSION} \
+ && rm -rf ${PG_HOME} \
+ && rm -rf /var/lib/apt/lists/*
+
+COPY entrypoint.sh /sbin/entrypoint.sh
+RUN chmod 755 /sbin/entrypoint.sh
+
+EXPOSE 5432/tcp
+VOLUME ["${PG_HOME}", "${PG_RUNDIR}"]
+CMD ["/sbin/entrypoint.sh"]

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Sameer Naik
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,7 @@
+all: build
+
+build:
+	@docker build --tag=${USER}/postgresql .
+
+release: build
+	@docker build --tag=${USER}/postgresql:$(shell cat VERSION) .

README.md

@@ -1,22 +1,66 @@
+[![Circle CI](https://circleci.com/gh/sameersbn/docker-postgresql.svg?style=svg)](https://circleci.com/gh/sameersbn/docker-postgresql)
+
 # Table of Contents
+
 - [Introduction](#introduction)
+- [Changelog](Changelog.md)
+- [Contributing](#contributing)
+- [Reporting Issues](#reporting-issues)
 - [Installation](#installation)
 - [Quick Start](#quick-start)
-- [Configuration](#configuration)
-    - [Data Store](#data-store)
-    - [Securing the server](#securing-the-server)
+- [Persistence](#persistence)
+- [Creating User and Database at Launch](#creating-user-and-database-at-launch)
+- [Creating a Snapshot or Slave Database](#creating-a-snapshot-or-slave-database)
+- [Host UID / GID Mapping](#host-uid--gid-mapping)
 - [Upgrading](#upgrading)
-- [Issues](#issues)
+- [Shell Access](#shell-access)
 
 # Introduction
+
 Dockerfile to build a PostgreSQL container image which can be linked to other containers.
 
+# Contributing
+
+If you find this image useful here's how you can help:
+
+- Send a Pull Request with your awesome new features and bug fixes
+- Help new users with [Issues](https://github.com/sameersbn/docker-postgresql/issues) they may encounter
+- Support the development of this image with a [donation](http://www.damagehead.com/donate/)
+
+# Reporting Issues
+
+Docker is a relatively new project and is being actively developed and tested by a thriving community of developers and testers and every release of Docker features many enhancements and bugfixes.
+
+Given the nature of the development and release cycle it is very important that you have the latest version of docker installed because any issue that you encounter might have already been fixed with a newer docker release.
+
+For ubuntu users I suggest [installing docker](https://docs.docker.com/installation/ubuntulinux/) using docker's own package repository since the version of docker packaged in the ubuntu repositories are a little dated.
+
+Here is the shortform of the installation of an updated version of docker on ubuntu.
+
+```bash
+sudo apt-get purge docker.io
+curl -s https://get.docker.io/ubuntu/ | sudo sh
+sudo apt-get update
+sudo apt-get install lxc-docker
+```
+
+Fedora and RHEL/CentOS users should try disabling selinux with `setenforce 0` and check if resolves the issue. If it does than there is not much that I can help you with. You can either stick with selinux disabled (not recommended by redhat) or switch to using ubuntu.
+
+If using the latest docker version and/or disabling selinux does not fix the issue then please file a issue request on the [issues](https://github.com/sameersbn/docker-postgresql/issues) page.
+
+In your issue report please make sure you provide the following information:
+
+- The host distribution and release version.
+- Output of the `docker version` command
+- Output of the `docker info` command
+- The `docker run` command you used to run the image (mask out the sensitive bits).
+
 # Installation
 
 Pull the latest version of the image from the docker index. This is the recommended method of installation as it is easier to update image in the future. These builds are performed by the **Docker Trusted Build** service.
 
 ```bash
-docker pull sameersbn/postgresql:latest
+docker pull sameersbn/postgresql:9.4-5
 ```
 
 Alternately you can build the image yourself.
@@ -28,65 +72,150 @@ docker build -t="$USER/postgresql" .
 ```
 
 # Quick Start
+
 Run the postgresql image
 
 ```bash
-docker run --name postgresql -d sameersbn/postgresql:latest
+docker run --name postgresql -d sameersbn/postgresql:9.4-5
 ```
 
-By default remote logins are permitted to the postgresql server and a random password is assigned for the postgres user. The password set for the postgres user can be retrieved from the container logs.
+The simplest way to login to the postgresql container as the administrative `postgres` user is to use the `docker exec` command to attach a new process to the running container and connect to the postgresql server over the unix socket.
 
 ```bash
-docker logs postgresql
+docker exec -it postgresql sudo -u postgres psql
 ```
 
-In the output you will notice the following lines with the password:
+# Persistence
+
+For data persistence a volume should be mounted at `/var/lib/postgresql`.
+
+SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.
+
 ```bash
-|------------------------------------------------------------------|
-| PostgreSQL User: postgres, Password: xxxxxxxxxxxxxx              |
-|                                                                  |
-| To remove the PostgreSQL login credentials from the logs, please |
-| make a note of password and then delete the file pwfile          |
-| from the data store.                                             |
-|------------------------------------------------------------------|
+mkdir -p /opt/postgresql/data
+sudo chcon -Rt svirt_sandbox_file_t /opt/postgresql/data
 ```
 
-To test if the postgresql server is working properly, try connecting to the server.
+The updated run command looks like this.
 
 ```bash
-psql -U postgres -h $(docker inspect --format {{.NetworkSettings.IPAddress}} postgresql)
-```
-
-# Configuration
-
-## Data Store
-For data persistence a volume should be mounted at /var/lib/postgresql.
-
-```bash
-mkdir /opt/postgresql/data
 docker run --name postgresql -d \
-  -v /opt/postgresql/data:/var/lib/postgresql sameersbn/postgresql:latest
+  -v /opt/postgresql/data:/var/lib/postgresql sameersbn/postgresql:9.4-5
 ```
 
 This will make sure that the data stored in the database is not lost when the image is stopped and started again.
 
-## Securing the server
-By default a randomly generated password is assigned for the postgres user. The password is stored in a file named pwpass in the data store and is printed in the logs.
+# Creating User and Database at Launch
 
-If you dont want this password to be displayed in the logs, then please note down the password listed in /opt/postgresql/data/pwpass and then delete the file.
+The image allows you to create a user and database at launch time.
+
+To create a new user you should specify the `DB_USER` and `DB_PASS` variables. The following command will create a new user *dbuser* with the password *dbpass*.
 
 ```bash
-cat /opt/postgresql/data/pwfile
-rm /opt/postgresql/data/pwfile
+docker run --name postgresql -d \
+  -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' \
+  sameersbn/postgresql:9.4-5
 ```
 
-Alternately, you can change the password of the postgres user
+**NOTE**
+- If the password is not specified the user will not be created
+- If the user user already exists no changes will be made
+
+Similarly, you can also create a new database by specifying the database name in the `DB_NAME` variable.
 
 ```bash
-psql -U postgres -h $(docker inspect --format {{.NetworkSettings.IPAddress}} postgresql)
-\password postgres
+docker run --name postgresql -d \
+  -e 'DB_NAME=dbname' sameersbn/postgresql:9.4-5
 ```
 
+You may also specify a comma separated list of database names in the `DB_NAME` variable. The following command creates two new databases named *dbname1* and *dbname2* (p.s. this feature is only available in releases greater than 9.1-1).
+
+```bash
+docker run --name postgresql -d \
+  -e 'DB_NAME=dbname1,dbname2' \
+  sameersbn/postgresql:9.4-5
+```
+
+If the `DB_USER` and `DB_PASS` variables are also specified while creating the database, then the user is granted access to the database(s).
+
+For example,
+
+```bash
+docker run --name postgresql -d \
+  -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' -e 'DB_NAME=dbname' \
+  sameersbn/postgresql:9.4-5
+```
+
+will create a user *dbuser* with the password *dbpass*. It will also create a database named *dbname* and the *dbuser* user will have full access to the *dbname* database.
+
+The `PSQL_TRUST_LOCALNET` environment variable can be used to configure postgres to trust connections on the same network.  This is handy for other containers to connect without authentication. To enable this behavior, set `PSQL_TRUST_LOCALNET` to `true`.
+
+For example,
+
+```bash
+docker run --name postgresql -d \
+  -e 'PSQL_TRUST_LOCALNET=true' \
+  sameersbn/postgresql:9.4-5
+```
+
+This has the effect of adding the following to the `pg_hba.conf` file:
+
+```
+host    all             all             samenet                 trust
+```
+
+# Creating a Snapshot or Slave Database
+
+You may use the `PSQL_MODE` variable along with `REPLICATION_HOST`, `REPLICATION_PORT`, `REPLICATION_USER` and `REPLICATION_PASS` to create a snapshot of an existing database and enable stream replication.
+
+Your master database must support replication or super-user access for the credentials you specify. The `PSQL_MODE` variable should be set to `master`, for replication on your master node and `slave` or `snapshot` respectively for streaming replication or a point-in-time snapshot of a running instance.
+
+Create a master instance
+
+```bash
+docker run --name='psql-master' -it --rm \
+  -e 'PSQL_MODE=master' -e 'PSQL_TRUST_LOCALNET=true' \
+  -e 'REPLICATION_USER=replicator' -e 'REPLICATION_PASS=replicatorpass' \
+  -e 'DB_NAME=dbname' -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' \
+  sameersbn/postgresql:9.4-5
+```
+
+Create a streaming replication instance
+
+```bash
+docker run --name='psql-slave' -it --rm  \
+  --link psql-master:psql-master  \
+  -e 'PSQL_MODE=slave' -e 'PSQL_TRUST_LOCALNET=true' \
+  -e 'REPLICATION_HOST=psql-master' -e 'REPLICATION_PORT=5432' \
+  -e 'REPLICATION_USER=replicator' -e 'REPLICATION_PASS=replicatorpass' \
+  sameersbn/postgresql:9.4-5
+```
+
+# Enable Unaccent (Search plain text with accent)
+
+Unaccent is a text search dictionary that removes accents (diacritic signs) from lexemes. It's a filtering dictionary, which means its output is always passed to the next dictionary (if any), unlike the normal behavior of dictionaries. This allows accent-insensitive processing for full text search.
+
+By default unaccent is configure to `false`
+
+```bash
+docker run --name postgresql -d \
+  -e 'DB_UNACCENT=true' \
+  sameersbn/postgresql:9.4-5
+```
+
+# Host UID / GID Mapping
+
+Per default the container is configured to run postgres as user and group `postgres` with some unknown `uid` and `gid`. The host possibly uses these ids for different purposes leading to unfavorable effects. From the host it appears as if the mounted data volumes are owned by the host's user/group `[whatever id postgres has in the image]`.
+
+Also the container processes seem to be executed as the host's user/group `[whatever id postgres has in the image]`. The container can be configured to map the `uid` and `gid` of `postgres` to different ids on host by passing the environment variables `USERMAP_UID` and `USERMAP_GID`. The following command maps the ids to user and group `postgres` on the host.
+
+```bash
+docker run --name=postgresql -it --rm [options] \
+  --env="USERMAP_UID=$(id -u postgres)" --env="USERMAP_GID=$(id -g postgres)" \
+  sameersbn/postgresql:9.4-5
+```
+
+
 # Upgrading
 
 To upgrade to newer releases, simply follow this 3 step upgrade procedure.
@@ -100,14 +229,37 @@ docker stop postgresql
 - **Step 2**: Update the docker image.
 
 ```bash
-docker pull sameersbn/postgresql:latest
+docker pull sameersbn/postgresql:9.4-5
 ```
 
 - **Step 3**: Start the image
 
 ```bash
-docker run --name postgresql -d [OPTIONS] sameersbn/postgresql:latest
+docker run --name postgresql -d [OPTIONS] sameersbn/postgresql:9.4-5
 ```
 
-# Issues
-Please report issues [here](https://github.com/sameersbn/docker-postgresql/issues)
+# Shell Access
+
+For debugging and maintenance purposes you may want access the containers shell. If you are using docker version `1.3.0` or higher you can access a running containers shell using `docker exec` command.
+
+```bash
+docker exec -it postgresql bash
+```
+
+If you are using an older version of docker, you can use the [nsenter](http://man7.org/linux/man-pages/man1/nsenter.1.html) linux tool (part of the util-linux package) to access the container shell.
+
+Some linux distros (e.g. ubuntu) use older versions of the util-linux which do not include the `nsenter` tool. To get around this @jpetazzo has created a nice docker image that allows you to install the `nsenter` utility and a helper script named `docker-enter` on these distros.
+
+To install `nsenter` execute the following command on your host,
+
+```bash
+docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter
+```
+
+Now you can access the container shell using the command
+
+```bash
+sudo docker-enter postgresql
+```
+
+For more information refer https://github.com/jpetazzo/nsenter

VERSION

@@ -1 +1 @@
-9.1
+9.4-5

circle.yml

@@ -0,0 +1,15 @@
+machine:
+  services:
+    - docker
+dependencies:
+  cache_directories:
+    - "~/docker-postgresql"
+  override:
+    - docker info
+    - if [[ -e ~/docker-postgresql/image.tar ]]; then docker load --input ~/docker-postgresql/image.tar; fi
+    - docker build -t sameersbn/postgresql .
+    - mkdir -p ~/docker-postgresql; docker save --output ~/docker-postgresql/image.tar sameersbn/postgresql
+test:
+  override:
+    - docker run -d --name=postgresql sameersbn/postgresql; sleep 10
+    - docker run -it --volumes-from=postgresql sameersbn/postgresql sudo -u postgres -H psql -c "\conninfo"

entrypoint.sh

@@ -0,0 +1,238 @@
+#!/bin/bash
+set -e
+
+# set this env variable to true to enable a line in the
+# pg_hba.conf file to trust samenet.  this can be used to connect
+# from other containers on the same host without authentication
+PSQL_TRUST_LOCALNET=${PSQL_TRUST_LOCALNET:-false}
+
+DB_NAME=${DB_NAME:-}
+DB_USER=${DB_USER:-}
+DB_PASS=${DB_PASS:-}
+DB_UNACCENT=${DB_UNACCENT:false}
+
+# by default postgresql will start up as a standalone instance.
+# set this environment variable to master, slave or snapshot to use replication features.
+# "snapshot" will create a point in time backup of a master instance.
+PSQL_MODE=${PSQL_MODE:-standalone}
+
+REPLICATION_USER=${REPLICATION_USER:-}
+REPLICATION_PASS=${REPLICATION_PASS:-}
+REPLICATION_HOST=${REPLICATION_HOST:-}
+REPLICATION_PORT=${REPLICATION_PORT:-5432}
+
+# set this env variable to "require" to enable encryption and "verify-full" for verification.
+PSQL_SSLMODE=${PSQL_SSLMODE:-disable}
+
+map_postgres_uid() {
+  USERMAP_ORIG_UID=$(id -u ${PG_USER})
+  USERMAP_ORIG_GID=$(id -g ${PG_USER})
+  USERMAP_GID=${USERMAP_GID:-${USERMAP_UID:-$USERMAP_ORIG_GID}}
+  USERMAP_UID=${USERMAP_UID:-$USERMAP_ORIG_UID}
+  if [[ ${USERMAP_UID} != ${USERMAP_ORIG_UID} ]] || [[ ${USERMAP_GID} != ${USERMAP_ORIG_GID} ]]; then
+    echo "Adapting uid and gid for ${PG_USER}:${PG_USER} to $USERMAP_UID:$USERMAP_GID"
+    groupmod -g ${USERMAP_GID} ${PG_USER}
+    sed -i -e "s/:${USERMAP_ORIG_UID}:${USERMAP_GID}:/:${USERMAP_UID}:${USERMAP_GID}:/" /etc/passwd
+  fi
+}
+
+create_data_dir() {
+  mkdir -p ${PG_HOME}
+  chmod -R 0700 ${PG_HOME}
+  chown -R ${PG_USER}:${PG_USER} ${PG_HOME}
+}
+
+create_log_dir() {
+  mkdir -p ${PG_LOGDIR}
+  chmod -R 1775 ${PG_LOGDIR}
+  chown -R root:${PG_USER} ${PG_LOGDIR}
+}
+
+create_run_dir() {
+  mkdir -p ${PG_RUNDIR} ${PG_RUNDIR}/${PG_VERSION}-main.pg_stat_tmp
+  chmod -R 0755 ${PG_RUNDIR}
+  chmod g+s ${PG_RUNDIR}
+  chown -R ${PG_USER}:${PG_USER} ${PG_RUNDIR}
+}
+
+map_postgres_uid
+create_data_dir
+create_log_dir
+create_run_dir
+
+# fix ownership of ${PG_CONFDIR} (may be necessary if USERMAP_* was set)
+chown -R ${PG_USER}:${PG_USER} ${PG_CONFDIR}
+
+if [[ ${PSQL_SSLMODE} == disable ]]; then
+  sed 's/ssl = true/#ssl = true/' -i ${PG_CONFDIR}/postgresql.conf
+fi
+
+# Change DSM from `posix' to `sysv' if we are inside an lx-brand container
+if [[ $(uname -v) == "BrandZ virtual linux" ]]; then
+  sed 's/\(dynamic_shared_memory_type = \)posix/\1sysv/' \
+    -i ${PG_CONFDIR}/postgresql.conf
+fi
+
+# listen on all interfaces
+cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
+listen_addresses = '*'
+EOF
+
+if [[ ${PSQL_TRUST_LOCALNET} == true ]]; then
+  echo "Enabling trust samenet in pg_hba.conf..."
+  cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
+host    all             all             samenet                 trust
+EOF
+fi
+
+# allow remote connections to postgresql database
+cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
+host    all             all             0.0.0.0/0               md5
+EOF
+
+# allow replication connections to the database
+if [[ -n ${REPLICATION_USER} ]]; then
+  if [[ ${PSQL_SSLMODE} == disable ]]; then
+    cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
+host    replication     $REPLICATION_USER       0.0.0.0/0               md5
+EOF
+  else
+    cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
+hostssl replication     $REPLICATION_USER       0.0.0.0/0               md5
+EOF
+  fi
+fi
+
+if [[ ${PSQL_MODE} == master ]]; then
+  if [[ -n ${REPLICATION_USER} ]]; then
+    echo "Supporting hot standby..."
+    cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
+wal_level = hot_standby
+max_wal_senders = 3
+checkpoint_segments = 8
+wal_keep_segments = 8
+EOF
+  fi
+fi
+
+cd ${PG_HOME}
+
+# initialize PostgreSQL data directory
+if [[ ! -d ${PG_DATADIR} ]]; then
+  if [[ ${PSQL_MODE} == slave || ${PSQL_MODE} == snapshot ]]; then
+    echo "Replicating database..."
+    if [[ ${PSQL_MODE} == snapshot ]]; then
+      sudo -Hu ${PG_USER} \
+        PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
+        -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -w -x -v -P
+    elif [[ ${PSQL_MODE} == slave ]]; then
+      # Setup streaming replication.
+      sudo -Hu ${PG_USER} \
+        PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
+        -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -w -v -P
+      echo "Setting up hot standby configuration..."
+      cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
+hot_standby = on
+EOF
+      sudo -Hu ${PG_USER} touch ${PG_DATADIR}/recovery.conf
+      cat >> ${PG_DATADIR}/recovery.conf <<EOF
+standby_mode = 'on'
+primary_conninfo = 'host=${REPLICATION_HOST} port=${REPLICATION_PORT} user=${REPLICATION_USER} password=${REPLICATION_PASS} sslmode=${PSQL_SSLMODE}'
+trigger_file = '/tmp/postgresql.trigger'
+EOF
+    fi
+
+  else
+    # check if we need to perform data migration
+    PG_OLD_VERSION=$(find ${PG_HOME}/[0-9].[0-9]/main -maxdepth 1 -name PG_VERSION 2>/dev/null | sort -r | head -n1 | cut -d'/' -f5)
+
+    echo "Initializing database..."
+    sudo -Hu ${PG_USER} ${PG_BINDIR}/initdb --pgdata=${PG_DATADIR} \
+      --username=${PG_USER} --encoding=unicode --auth=trust >/dev/null
+  fi
+fi
+
+if [[ -n ${PG_OLD_VERSION} ]]; then
+  echo "Migrating postgresql ${PG_OLD_VERSION} data..."
+  PG_OLD_CONFDIR="/etc/postgresql/${PG_OLD_VERSION}/main"
+  PG_OLD_BINDIR="/usr/lib/postgresql/${PG_OLD_VERSION}/bin"
+  PG_OLD_DATADIR="${PG_HOME}/${PG_OLD_VERSION}/main"
+
+  # backup ${PG_OLD_DATADIR} to avoid data loss
+  PG_BKP_SUFFIX=$(date +%Y%m%d%H%M%S)
+  echo "Backing up ${PG_OLD_DATADIR} to ${PG_OLD_DATADIR}.${PG_BKP_SUFFIX}..."
+  cp -a ${PG_OLD_DATADIR} ${PG_OLD_DATADIR}.${PG_BKP_SUFFIX}
+
+  echo "Installing postgresql-${PG_OLD_VERSION}..."
+  apt-get update
+  DEBIAN_FRONTEND=noninteractive apt-get install postgresql-${PG_OLD_VERSION} postgresql-client-${PG_OLD_VERSION}
+  rm -rf /var/lib/apt/lists/*
+
+  # migrate ${PG_OLD_VERSION} data
+  echo "Migration in progress. This could take a while, please be patient..."
+  sudo -Hu ${PG_USER} ${PG_BINDIR}/pg_upgrade \
+    -b ${PG_OLD_BINDIR} -B ${PG_BINDIR} \
+    -d ${PG_OLD_DATADIR} -D ${PG_DATADIR} \
+    -o "-c config_file=${PG_OLD_CONFDIR}/postgresql.conf" \
+    -O "-c config_file=${PG_CONFDIR}/postgresql.conf" >/dev/null
+fi
+
+# Hot standby (slave and snapshot) servers can ignore the following code.
+if [[ ${PSQL_MODE} == standalone || ${PSQL_MODE} == master ]]; then
+  if [[ -n ${REPLICATION_USER} ]]; then
+    if [[ -z ${REPLICATION_PASS} ]]; then
+      echo ""
+      echo "WARNING: "
+      echo "  Please specify a password for replication user \"${REPLICATION_USER}\". Skipping user creation..."
+      echo ""
+      DB_USER=
+    else
+      echo "Creating user \"${REPLICATION_USER}\"..."
+      echo "CREATE ROLE ${REPLICATION_USER} WITH REPLICATION LOGIN ENCRYPTED PASSWORD '${REPLICATION_PASS}';" |
+        sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+    fi
+  fi
+
+  if [[ -n ${DB_USER} ]]; then
+    if [[ -z ${DB_PASS} ]]; then
+      echo ""
+      echo "WARNING: "
+      echo "  Please specify a password for \"${DB_USER}\". Skipping user creation..."
+      echo ""
+      DB_USER=
+    else
+      echo "Creating user \"${DB_USER}\"..."
+      echo "CREATE ROLE ${DB_USER} with LOGIN CREATEDB PASSWORD '${DB_PASS}';" |
+        sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+    fi
+  fi
+
+  if [[ -n ${DB_NAME} ]]; then
+    for db in $(awk -F',' '{for (i = 1 ; i <= NF ; i++) print $i}' <<< "${DB_NAME}"); do
+      echo "Creating database \"${db}\"..."
+      echo "CREATE DATABASE ${db};" | \
+        sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+
+      if [[ ${DB_UNACCENT} == true ]]; then
+        echo "Installing unaccent extension..."
+        echo "CREATE EXTENSION IF NOT EXISTS unaccent;" | \
+          sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single ${db} \
+            -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+      fi
+
+      if [[ -n ${DB_USER} ]]; then
+        echo "Granting access to database \"${db}\" for user \"${DB_USER}\"..."
+        echo "GRANT ALL PRIVILEGES ON DATABASE ${db} to ${DB_USER};" |
+          sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+            -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+      fi
+    done
+  fi
+fi
+
+echo "Starting PostgreSQL server..."
+exec start-stop-daemon --start --chuid ${PG_USER}:${PG_USER} --exec ${PG_BINDIR}/postgres -- \
+  -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf

start

@@ -1,49 +0,0 @@
-#!/bin/bash
-set -e
-
-PG_VERSION="9.1"
-PG_CONFDIR="/etc/postgresql/${PG_VERSION}/main"
-PG_BINDIR="/usr/lib/postgresql/${PG_VERSION}/bin"
-PG_DATADIR="/var/lib/postgresql/${PG_VERSION}/main"
-
-# fix permissions and ownership of /var/lib/postgresql
-chown -R postgres:postgres /var/lib/postgresql
-chmod 700 /var/lib/postgresql
-
-# disable ssl
-sed 's/ssl = true/#ssl = true/' -i ${PG_CONFDIR}/postgresql.conf
-
-# listen on all interfaces
-cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
-listen_addresses = '*'
-EOF
-
-# allow remote connections to postgresql database
-cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
-host    all             all             0.0.0.0/0               md5
-EOF
-
-# initialize PostgreSQL data directory
-if [ ! -d ${PG_DATADIR} ]; then
-  echo "Initializing database..."
-  PG_PASSWORD=$(pwgen -c -n -1 14)
-  echo "${PG_PASSWORD}" > /var/lib/postgresql/pwfile
-  sudo -u postgres -H "${PG_BINDIR}/initdb" \
-    --pgdata="${PG_DATADIR}" --pwfile=/var/lib/postgresql/pwfile \
-    --username=postgres --encoding=unicode --auth=trust >/dev/null
-fi
-
-if [ -f /var/lib/postgresql/pwfile ]; then
-  PG_PASSWORD=$(cat /var/lib/postgresql/pwfile)
-  echo "|------------------------------------------------------------------|"
-  echo "| PostgreSQL User: postgres, Password: ${PG_PASSWORD}              |"
-  echo "|                                                                  |"
-  echo "| To remove the PostgreSQL login credentials from the logs, please |"
-  echo "| make a note of password and then delete the file pwfile          |"
-  echo "| from the data store.                                             |"
-  echo "|------------------------------------------------------------------|"
-fi
-
-echo "Starting PostgreSQL server..."
-exec sudo -u postgres -H ${PG_BINDIR}/postgres \
-  -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf