release 9.4-11

Refer #43

.dockerignore

@@ -0,0 +1,7 @@
+.git
+circle.yml
+LICENSE
+VERSION
+README.md
+Changelog.md
+Makefile

Changelog.md

@@ -0,0 +1,42 @@
+# Changelog
+
+**9.4-11**
+- added `PG_PASSWORD` variable to specify password for `postgres` user
+
+**9.4-9**
+- complete rewrite
+- `PSQL_TRUST_LOCALNET` config parameter renamed to `PG_TRUST_LOCALNET`
+- `PSQL_MODE` config parameter renamed to `REPLICATION_MODE`
+- `PSQL_SSLMODE` config parameter renamed to `REPLICATION_SSLMODE`
+- defined `/etc/postgresql/certs` as the mountpoint to install SSL key and certificate
+- added `PG_SSL` parameter to enable/disable SSL support
+- `DB_LOCALE` config parameter renamed to `PG_LOCALE`
+- complete rewrite of the README
+- add support for creating backups using `pg_basebackup`
+- removed `PG_LOCALE` option (doesn't work!)
+- added `DEBUG` option to enable bash debugging
+
+**9.4-2**
+- added replication options
+
+**9.4-1**
+- start: removed `pwfile` logic
+- init: added `USERMAP_*` configuration options
+- base image update to fix SSL vulnerability
+
+**9.4**
+- postgresql: upgrade to 9.4
+
+**9.1-2**
+- use the official postgresql apt repo
+- feature: automatic data migration on upgrade
+
+**9.1-1**
+- upgrade to sameersbn/ubuntu:20141001, fixes shellshock
+- support creation of users and databases at launch (`docker run`)
+- mount volume at `/var/run/postgresql` allowing the postgresql unix socket to be exposed
+
+**9.1**
+- optimized image size by removing `/var/lib/apt/lists/*`.
+- update to the sameersbn/ubuntu:12.04.20140818 baseimage
+- removed use of supervisord

Dockerfile

@@ -1,14 +1,32 @@
-FROM sameersbn/ubuntu:12.04.20140818
+FROM sameersbn/ubuntu:14.04.20151213
 MAINTAINER sameer@damagehead.com
 
-RUN apt-get update && \
+ENV PG_APP_HOME="/etc/docker-postgresql"\
-    apt-get install -y --no-install-recommends postgresql postgresql-client && \
+    PG_VERSION=9.4 \
-    rm -rf /var/lib/postgresql &&  \
+    PG_USER=postgres \
-    rm -rf /var/lib/apt/lists/* # 20140818
+    PG_HOME=/var/lib/postgresql \
+    PG_RUNDIR=/run/postgresql \
+    PG_LOGDIR=/var/log/postgresql \
+    PG_CERTDIR=/etc/postgresql/certs
 
-ADD start /start
+ENV PG_BINDIR=/usr/lib/postgresql/${PG_VERSION}/bin \
-RUN chmod 755 /start
+    PG_DATADIR=${PG_HOME}/${PG_VERSION}/main
 
-EXPOSE 5432
+RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
-VOLUME ["/var/lib/postgresql"]
+ && echo 'deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main' > /etc/apt/sources.list.d/pgdg.list \
-CMD ["/start"]
+ && apt-get update \
+ && DEBIAN_FRONTEND=noninteractive apt-get install -y postgresql-${PG_VERSION} postgresql-client-${PG_VERSION} postgresql-contrib-${PG_VERSION} \
+ && ln -sf ${PG_DATADIR}/postgresql.conf /etc/postgresql/${PG_VERSION}/main/postgresql.conf \
+ && ln -sf ${PG_DATADIR}/pg_hba.conf /etc/postgresql/${PG_VERSION}/main/pg_hba.conf \
+ && ln -sf ${PG_DATADIR}/pg_ident.conf /etc/postgresql/${PG_VERSION}/main/pg_ident.conf \
+ && rm -rf ${PG_HOME} \
+ && rm -rf /var/lib/apt/lists/*
+
+COPY runtime/ ${PG_APP_HOME}/
+COPY entrypoint.sh /sbin/entrypoint.sh
+RUN chmod 755 /sbin/entrypoint.sh
+
+EXPOSE 5432/tcp
+VOLUME ["${PG_HOME}", "${PG_RUNDIR}"]
+WORKDIR ${PG_HOME}
+ENTRYPOINT ["/sbin/entrypoint.sh"]

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Sameer Naik
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,7 @@
+all: build
+
+build:
+	@docker build --tag=sameersbn/postgresql .
+
+release: build
+	@docker build --tag=sameersbn/postgresql:$(shell cat VERSION) .

README.md

@@ -1,113 +1,382 @@
-# Table of Contents
+[![Circle CI](https://circleci.com/gh/sameersbn/docker-postgresql.svg?style=shield)](https://circleci.com/gh/sameersbn/docker-postgresql) [![Docker Repository on Quay.io](https://quay.io/repository/sameersbn/postgresql/status "Docker Repository on Quay.io")](https://quay.io/repository/sameersbn/postgresql) [![](https://badge.imagelayers.io/sameersbn/postgresql.svg)](https://imagelayers.io/?images=sameersbn/postgresql:latest 'Get your own badge on imagelayers.io')
+
+# sameersbn/postgresql:9.4-11
+
 - [Introduction](#introduction)
-- [Installation](#installation)
+  - [Contributing](#contributing)
-- [Quick Start](#quick-start)
+  - [Issues](#issues)
-- [Configuration](#configuration)
+- [Getting started](#getting-started)
-    - [Data Store](#data-store)
+  - [Installation](#installation)
-    - [Securing the server](#securing-the-server)
+  - [Quickstart](#quickstart)
-- [Upgrading](#upgrading)
+  - [Persistence](#persistence)
-- [Issues](#issues)
+  - [Trusting local connections](#trusting-local-connections)
+  - [Setting `postgres` user password](#setting-postgres-user-password)
+  - [Creating database user](#creating-database-user)
+  - [Creating databases](#creating-databases)
+  - [Enabling unaccent extension](#enabling-unaccent-extension)
+  - [Granting user access to a database](#granting-user-access-to-a-database)
+  - [Creating replication user](#creating-replication-user)
+  - [Setting up a replication cluster](#setting-up-a-replication-cluster)
+  - [Creating a snapshot](#creating-a-snapshot)
+  - [Creating a backup](#creating-a-backup)
+  - [Command-line arguments](#command-line-arguments)
+  - [Logs](#logs)
+  - [UID/GID mapping](#uid-gid-mapping)
+- [Maintenance](#maintenance)
+  - [Upgrading](#upgrading)
+  - [Shell Access](#shell-access)
 
 # Introduction
-Dockerfile to build a PostgreSQL container image which can be linked to other containers.
 
-# Installation
+`Dockerfile` to create a [Docker](https://www.docker.com/) container image for [PostgreSQL](http://postgresql.org/).
 
-Pull the latest version of the image from the docker index. This is the recommended method of installation as it is easier to update image in the future. These builds are performed by the **Docker Trusted Build** service.
+PostgreSQL is an object-relational database management system (ORDBMS) with an emphasis on extensibility and standards-compliance [[source](https://en.wikipedia.org/wiki/PostgreSQL)].
+
+## Contributing
+
+If you find this image useful here's how you can help:
+
+- Send a pull request with your awesome features and bug fixes
+- Help users resolve their [issues](../../issues?q=is%3Aopen+is%3Aissue).
+- Support the development of this image with a [donation](http://www.damagehead.com/donate/)
+
+## Issues
+
+Before reporting your issue please try updating Docker to the latest version and check if it resolves the issue. Refer to the Docker [installation guide](https://docs.docker.com/installation) for instructions.
+
+SELinux users should try disabling SELinux using the command `setenforce 0` to see if it resolves the issue.
+
+If the above recommendations do not help then [report your issue](../../issues/new) along with the following information:
+
+- Output of the `docker version` and `docker info` commands
+- The `docker run` command or `docker-compose.yml` used to start the image. Mask out the sensitive bits.
+- Please state if you are using [Boot2Docker](http://www.boot2docker.io), [VirtualBox](https://www.virtualbox.org), etc.
+
+# Getting started
+
+## Installation
+
+Automated builds of the image are available on [Dockerhub](https://hub.docker.com/r/sameersbn/postgresql) and is the recommended method of installation.
+
+> **Note**: Builds are also available on [Quay.io](https://quay.io/repository/sameersbn/postgresql)
 
 ```bash
-docker pull sameersbn/postgresql:latest
+docker pull sameersbn/postgresql:9.4-11
 ```
 
-Alternately you can build the image yourself.
+Alternatively you can build the image yourself.
 
 ```bash
-git clone https://github.com/sameersbn/docker-postgresql.git
+docker build -t sameersbn/postgresql github.com/sameersbn/docker-postgresql
-cd docker-postgresql
-docker build -t="$USER/postgresql" .
 ```
 
-# Quick Start
+## Quickstart
-Run the postgresql image
+
+Start PostgreSQL using:
 
 ```bash
-docker run --name postgresql -d sameersbn/postgresql:latest
+docker run --name postgresql -itd --restart always \
+  --publish 5432:5432 \
+  --volume /srv/docker/postgresql:/var/lib/postgresql \
+  sameersbn/postgresql:9.4-11
 ```
 
-By default remote logins are permitted to the postgresql server and a random password is assigned for the postgres user. The password set for the postgres user can be retrieved from the container logs.
+Login to the PostgreSQL server using:
 
 ```bash
-docker logs postgresql
+docker exec -it postgresql sudo -u postgres psql
 ```
 
-In the output you will notice the following lines with the password:
+*Alternatively, you can use the sample [docker-compose.yml](docker-compose.yml) file to start the container using [Docker Compose](https://docs.docker.com/compose/)*
-```bash
-|------------------------------------------------------------------|
-| PostgreSQL User: postgres, Password: xxxxxxxxxxxxxx              |
-|                                                                  |
-| To remove the PostgreSQL login credentials from the logs, please |
-| make a note of password and then delete the file pwfile          |
-| from the data store.                                             |
-|------------------------------------------------------------------|
-```
 
-To test if the postgresql server is working properly, try connecting to the server.
+## Persistence
+
+For PostgreSQL to preserve its state across container shutdown and startup you should mount a volume at `/var/lib/postgresql`.
+
+> *The [Quickstart](#quickstart) command already mounts a volume for persistence.*
+
+SELinux users should update the security context of the host mountpoint so that it plays nicely with Docker:
 
 ```bash
-psql -U postgres -h $(docker inspect --format {{.NetworkSettings.IPAddress}} postgresql)
+mkdir -p /srv/docker/postgresql
+chcon -Rt svirt_sandbox_file_t /srv/docker/postgresql
 ```
 
-# Configuration
+## Trusting local connections
 
-## Data Store
+By default connections to the PostgreSQL server need to authenticated using a password. If desired you can trust connections from the local network using the `PG_TRUST_LOCALNET` variable.
-For data persistence a volume should be mounted at /var/lib/postgresql.
 
 ```bash
-mkdir /opt/postgresql/data
+docker run --name postgresql -itd --restart always \
-docker run --name postgresql -d \
+  --env 'PG_TRUST_LOCALNET=true' \
-  -v /opt/postgresql/data:/var/lib/postgresql sameersbn/postgresql:latest
+  sameersbn/postgresql:9.4-11
 ```
 
-This will make sure that the data stored in the database is not lost when the image is stopped and started again.
+> **Note**
+>
+> The local network here is network to which the container is attached. This has different meanings depending on the `--net` parameter specified while starting the container. In the default configuration, this parameter would trust connections from other containers on the `docker0` bridge.
 
-## Securing the server
+## Setting `postgres` user password
-By default a randomly generated password is assigned for the postgres user. The password is stored in a file named pwpass in the data store and is printed in the logs.
 
-If you dont want this password to be displayed in the logs, then please note down the password listed in /opt/postgresql/data/pwpass and then delete the file.
+By default the `postgres` user is not assigned a password and as a result you can only login to the PostgreSQL server locally. If you wish to login remotely to the PostgreSQL server as the `postgres` user, you will need to assign a password for the user using the `PG_PASSWORD` variable.
 
 ```bash
-cat /opt/postgresql/data/pwfile
+docker run --name postgresql -itd --restart always \
-rm /opt/postgresql/data/pwfile
+  --env 'PG_PASSWORD=passw0rd' \
+  sameersbn/postgresql:9.4-11
 ```
 
-Alternately, you can change the password of the postgres user
+
+> **Note**
+>
+> - When [persistence](#persistence) is in use, `PG_PASSWORD` is effective on the first run.
+> - This feature is only available in the `latest` and versions > `9.4-10`
+
+## Creating database user
+
+A new PostgreSQL database user can be created by specifying the `DB_USER` and `DB_PASS` variables while starting the container.
 
 ```bash
-psql -U postgres -h $(docker inspect --format {{.NetworkSettings.IPAddress}} postgresql)
+docker run --name postgresql -itd --restart always \
-\password postgres
+  --env 'DB_USER=dbuser' --env 'DB_PASS=dbuserpass' \
+  sameersbn/postgresql:9.4-11
 ```
 
-# Upgrading
+> **Notes**
+>
+> - The created user can login remotely
+> - The container will error out if a password is not specified for the user
+> - No changes will be made if the user already exists
+> - Only a single user can be created at each launch
 
-To upgrade to newer releases, simply follow this 3 step upgrade procedure.
+## Creating databases
 
-- **Step 1**: Stop the currently running image
+A new PostgreSQL database can be created by specifying the `DB_NAME` variable while starting the container.
 
 ```bash
-docker stop postgresql
+docker run --name postgresql -itd --restart always \
+  --env 'DB_NAME=dbname' \
+  sameersbn/postgresql:9.4-11
 ```
 
-- **Step 2**: Update the docker image.
+Additionally, more than one database can be created by specifying a comma separated list of database names in `DB_NAME`. For example, the following command creates two new databases named `dbname1` and `dbname2`.
+
+*This feature is only available in releases greater than `9.1-1`*
 
 ```bash
-docker pull sameersbn/postgresql:latest
+docker run --name postgresql -itd --restart always \
+  --env 'DB_NAME=dbname1,dbname2' \
+  sameersbn/postgresql:9.4-11
 ```
 
-- **Step 3**: Start the image
+# Enabling unaccent extension
+
+Unaccent is a text search dictionary that removes accents (diacritic signs) from lexemes. It's a filtering dictionary, which means its output is always passed to the next dictionary (if any), unlike the normal behavior of dictionaries. This allows accent-insensitive processing for full text search [[source](http://www.postgresql.org/docs/9.4/static/unaccent.html)].
+
+You can enable the unaccent extension on database(s) by specifying `DB_UNACCENT=true`. For example, the following command enables the unaccent extension for the `dbname` database.
 
 ```bash
-docker run --name postgresql -d [OPTIONS] sameersbn/postgresql:latest
+docker run --name postgresql -itd \
+  --env 'DB_NAME=dbname' --env 'DB_UNACCENT=true' \
+  sameersbn/postgresql:9.4-11
 ```
 
-# Issues
+*By default the unaccent extension is disabled*
-Please report issues [here](https://github.com/sameersbn/docker-postgresql/issues)
+
+## Granting user access to a database
+
+If the `DB_USER` and `DB_PASS` variables are specified along with the `DB_NAME` variable, then the user specified in `DB_USER` will be granted access to all the databases listed in `DB_NAME`. Note that if the user and/or databases do not exist, they will be created.
+
+```bash
+docker run --name postgresql -itd --restart always \
+  --env 'DB_USER=dbuser' --env 'DB_PASS=dbuserpass' \
+  --env 'DB_NAME=dbname1,dbname2' \
+  sameersbn/postgresql:9.4-11
+```
+
+In the above example `dbuser` with be granted access to both the `dbname1` and `dbname2` databases.
+
+## Creating replication user
+
+Similar to the creation of a database user, a new PostgreSQL replication user can be created by specifying the `REPLICATION_USER` and `REPLICATION_PASS` variables while starting the container.
+
+```bash
+docker run --name postgresql -itd --restart always \
+  --env 'REPLICATION_USER=repluser' --env 'REPLICATION_PASS=repluserpass' \
+  sameersbn/postgresql:9.4-11
+```
+
+> **Notes**
+>
+> - The created user can login remotely
+> - The container will error out if a password is not specified for the user
+> - No changes will be made if the user already exists
+> - Only a single user can be created at each launch
+
+*It is a good idea to create a replication user even if you are not going to use it as it will allow you to setup slave nodes and/or generate snapshots and backups when the need arises.*
+
+## Setting up a replication cluster
+
+When the container is started, it is by default configured to act as a master node in a replication cluster. This means that you can scale your PostgreSQL database backend when the need arises without incurring any downtime. However do note that a replication user must exist on the master node for this to work.
+
+Begin by creating the master node of our cluster:
+
+```bash
+docker run --name postgresql-master -itd --restart always \
+  --env 'DB_USER=dbuser' --env 'DB_PASS=dbuserpass' --env 'DB_NAME=dbname' \
+  --env 'REPLICATION_USER=repluser' --env 'REPLICATION_PASS=repluserpass' \
+  sameersbn/postgresql:9.4-11
+```
+
+Notice that no additional arguments are specified while starting the master node of the cluster.
+
+To create a replication slave the `REPLICATION_MODE` variable should be set to `slave` and additionally the `REPLICATION_HOST`, `REPLICATION_PORT`, `REPLICATION_SSLMODE`, `REPLICATION_USER` and `REPLICATION_PASS` variables should be specified.
+
+Create a slave node:
+
+```bash
+docker run --name postgresql-slave01 -itd --restart always \
+  --link postgresql-master:master \
+  --env 'REPLICATION_MODE=slave' --env 'REPLICATION_SSLMODE=prefer' \
+  --env 'REPLICATION_HOST=master' --env 'REPLICATION_PORT=5432'  \
+  --env 'REPLICATION_USER=repluser' --env 'REPLICATION_PASS=repluserpass' \
+  sameersbn/postgresql:9.4-11
+```
+
+*In the above command, we used docker links so that we can address the master node using the `master` alias in `REPLICATION_HOST`.*
+
+> **Note**
+>
+> - The default value of `REPLICATION_PORT` is `5432`
+> - The default value of `REPLICATION_SSLMODE` is `prefer`
+> - The value of `REPLICATION_USER` and `REPLICATION_PASS` should be the same as the ones specified on the master node.
+> - With [persistence](#persistence) in use, if the container is stopped and started, for the container continue to function as a slave you need to ensure that `REPLICATION_MODE=slave` is defined in the containers environment. In the absense of which the slave configuration will be turned off and the node will allow writing to it while having the last synced data from the master.
+
+And just like that with minimal effort you have a PostgreSQL replication cluster setup. You can create additional slaves to scale the cluster horizontally.
+
+Here are some important notes about a PostgreSQL replication cluster:
+
+ - Writes can only occur on the master
+ - Slaves are read-only
+ - For best performance, limit the reads to the slave nodes
+
+## Creating a snapshot
+
+Similar to a creating replication slave node, you can create a snapshot of the master by specifying `REPLICATION_MODE=snapshot`.
+
+Once the master node is created as specified in [Setting up a replication cluster](#setting-up-a-replication-cluster), you can create a snapshot using:
+
+```bash
+docker run --name postgresql-snapshot -itd --restart always \
+  --link postgresql-master:master \
+  --env 'REPLICATION_MODE=snapshot' --env 'REPLICATION_SSLMODE=prefer' \
+  --env 'REPLICATION_HOST=master' --env 'REPLICATION_PORT=5432'  \
+  --env 'REPLICATION_USER=repluser' --env 'REPLICATION_PASS=repluserpass' \
+  sameersbn/postgresql:9.4-11
+```
+
+The difference between a slave and a snapshot is that a slave is read-only and updated whenever the master data is updated (streaming replication), while a snapshot is read-write and is not updated after the initial snapshot of the data from the master.
+
+This is useful for developers to quickly snapshot the current state of a live database and use it for development/debugging purposes without altering the database on the live instance.
+
+## Creating a backup
+
+Just as the case of setting up a slave node or generating a snapshot, you can also create a backup of the data on the master by specifying `REPLICATION_MODE=backup`.
+
+> The backups are generated with [pg_basebackup](http://www.postgresql.org/docs/9.4/static/app-pgbasebackup.html) using the replication protocol.
+
+Once the master node is created as specified in [Setting up a replication cluster](#setting-up-a-replication-cluster), you can create a point-in-time backup using:
+
+```bash
+docker run --name postgresql-backup -it --rm \
+  --link postgresql-master:master \
+  --env 'REPLICATION_MODE=backup' --env 'REPLICATION_SSLMODE=prefer' \
+  --env 'REPLICATION_HOST=master' --env 'REPLICATION_PORT=5432'  \
+  --env 'REPLICATION_USER=repluser' --env 'REPLICATION_PASS=repluserpass' \
+  --volume /srv/docker/backups/postgresql.$(date +%Y%m%d%H$M%S):/var/lib/postgresql \
+  sameersbn/postgresql:9.4-11
+```
+
+Once the backup is generated, the container will exit and the backup of the master data will be available at `/srv/docker/backups/postgresql.XXXXXXXXXXXX/`. Restoring the backup involves starting a container with the data in `/srv/docker/backups/postgresql.XXXXXXXXXXXX`.
+
+## Command-line arguments
+
+You can customize the launch command of PostgreSQL server by specifying arguments for `postgres` on the `docker run` command. For example the following command enables connection logging:
+
+```bash
+docker run --name postgresql -itd --restart always \
+  sameersbn/postgresql:9.4-11 -c log_connections=on
+```
+
+Please refer to the documentation of [postgres](http://www.postgresql.org/docs/9.4/static/app-postgres.html) for the complete list of available options.
+
+## Logs
+
+By default the PostgreSQL server logs are sent to the standard output. Using the [Command-line arguments](#command-line-arguments) feature you can configure the PostgreSQL server to send the log output to a file using the `-c logging_collector=on` argument:
+
+```bash
+docker run --name postgresql -itd --restart always \
+  sameersbn/postgresql:9.4-11 -c logging_collector=on
+```
+
+To access the PostgreSQL logs you can use `docker exec`. For example:
+
+```bash
+docker exec -it postgresql tail -f /var/log/postgresql/postgresql-9.4-main.log
+```
+
+# UID/GID mapping
+
+The files and processes created by the container are owned by the `postgres` user that is internal to the container. In the absense of user namespace in docker the UID and GID of the containers `postgres` user may have different meaning on the host.
+
+For example, a user on the host with the same UID and/or GID as the `postgres` user of the container will be able to access the data in the persistent volumes mounted from the host as well as be able to KILL the `postgres` server process started by the container.
+
+To circumvent this issue you can specify the UID and GID for the `postgres` user of the container using the `USERMAP_UID` and `USERMAP_GID` variables respectively.
+
+For example, if you want to assign the `postgres` user of the container the UID and GID `999`:
+
+```bash
+docker run --name postgresql -itd --restart always \
+  --env 'USERMAP_UID=999' --env 'USERMAP_GID=999' \
+  sameersbn/postgresql:9.4-11
+```
+
+# Maintenance
+
+## Upgrading
+
+To upgrade to newer releases:
+
+  1. Download the updated Docker image:
+
+  ```bash
+  docker pull sameersbn/postgresql:9.4-11
+  ```
+
+  2. Stop the currently running image:
+
+  ```bash
+  docker stop postgresql
+  ```
+
+  3. Remove the stopped container
+
+  ```bash
+  docker rm -v postgresql
+  ```
+
+  4. Start the updated image
+
+  ```bash
+  docker run --name postgresql -itd \
+    [OPTIONS] \
+    sameersbn/postgresql:9.4-11
+  ```
+
+## Shell Access
+
+For debugging and maintenance purposes you may want access the containers shell. If you are using Docker version `1.3.0` or higher you can access a running containers shell by starting `bash` using `docker exec`:
+
+```bash
+docker exec -it postgresql bash
+```

VERSION

@@ -1 +1 @@
-9.1
+9.4-11

circle.yml

@@ -0,0 +1,15 @@
+machine:
+  services:
+    - docker
+dependencies:
+  cache_directories:
+    - "~/docker-postgresql"
+  override:
+    - docker info
+    - if [[ -e ~/docker-postgresql/image.tar ]]; then docker load --input ~/docker-postgresql/image.tar; fi
+    - docker build -t sameersbn/postgresql .
+    - mkdir -p ~/docker-postgresql; docker save --output ~/docker-postgresql/image.tar sameersbn/postgresql
+test:
+  override:
+    - docker run -d --name=postgresql sameersbn/postgresql; sleep 10
+    - docker run -it --volumes-from=postgresql sameersbn/postgresql sudo -u postgres -H psql -c "\conninfo"

docker-compose.yml

@@ -0,0 +1,16 @@
+PostgreSQL:
+  restart: always
+  image: sameersbn/postgresql:9.4-11
+  ports:
+    - "5432:5432"
+  environment:
+    - DEBUG=false
+    - DB_USER=
+    - DB_PASS=
+    - DB_NAME=
+    - REPLICATION_MODE=
+    - REPLICATION_USER=
+    - REPLICATION_PASS=
+    - REPLICATION_SSLMODE=
+  volumes:
+    - /srv/docker/postgresql:/var/lib/postgresql

entrypoint.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+set -e
+source ${PG_APP_HOME}/functions
+
+[[ ${DEBUG} == true ]] && set -x
+
+# allow arguments to be passed to postgres
+if [[ ${1:0:1} = '-' ]]; then
+  EXTRA_ARGS="$@"
+  set --
+elif [[ ${1} == postgres || ${1} == $(which postgres) ]]; then
+  EXTRA_ARGS="${@:2}"
+  set --
+fi
+
+# default behaviour is to launch postgres
+if [[ -z ${1} ]]; then
+  map_uidgid
+
+  create_datadir
+  create_certdir
+  create_logdir
+  create_rundir
+
+  initialize_database
+  configure_recovery
+  configure_ssl
+  trust_localnet
+
+  create_user
+  create_database
+  create_replication_user
+
+  echo "Starting PostgreSQL ${PG_VERSION}..."
+  exec start-stop-daemon --start --chuid ${PG_USER}:${PG_USER} \
+    --exec ${PG_BINDIR}/postgres -- -D ${PG_DATADIR} ${EXTRA_ARGS}
+else
+  exec "$@"
+fi
+

runtime/env-defaults

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+PG_SSL=${PG_SSL:-}
+
+PG_TRUST_LOCALNET=${PG_TRUST_LOCALNET:-$PSQL_TRUST_LOCALNET} # backward compatibility
+PG_TRUST_LOCALNET=${PG_TRUST_LOCALNET:-false}
+
+REPLICATION_MODE=${REPLICATION_MODE:-$PSQL_MODE} # backward compatibility
+REPLICATION_MODE=${REPLICATION_MODE:-}
+REPLICATION_USER=${REPLICATION_USER:-}
+REPLICATION_PASS=${REPLICATION_PASS:-}
+REPLICATION_HOST=${REPLICATION_HOST:-}
+REPLICATION_PORT=${REPLICATION_PORT:-5432}
+REPLICATION_SSLMODE=${REPLICATION_SSLMODE:-prefer}
+
+DB_NAME=${DB_NAME:-}
+DB_USER=${DB_USER:-}
+DB_PASS=${DB_PASS:-}
+
+DB_UNACCENT=${DB_UNACCENT:-false}

runtime/functions

@@ -0,0 +1,348 @@
+#!/bin/bash
+set -e
+source ${PG_APP_HOME}/env-defaults
+
+PG_CONF=${PG_DATADIR}/postgresql.conf
+PG_HBA_CONF=${PG_DATADIR}/pg_hba.conf
+PG_IDENT_CONF=${PG_DATADIR}/pg_ident.conf
+PG_RECOVERY_CONF=${PG_DATADIR}/recovery.conf
+
+## Execute command as PG_USER
+exec_as_postgres() {
+  sudo -HEu ${PG_USER} "$@"
+}
+
+map_uidgid() {
+  USERMAP_ORIG_UID=$(id -u ${PG_USER})
+  USERMAP_ORIG_GID=$(id -g ${PG_USER})
+  USERMAP_GID=${USERMAP_GID:-${USERMAP_UID:-$USERMAP_ORIG_GID}}
+  USERMAP_UID=${USERMAP_UID:-$USERMAP_ORIG_UID}
+  if [[ ${USERMAP_UID} != ${USERMAP_ORIG_UID} ]] || [[ ${USERMAP_GID} != ${USERMAP_ORIG_GID} ]]; then
+    echo "Adapting uid and gid for ${PG_USER}:${PG_USER} to $USERMAP_UID:$USERMAP_GID"
+    groupmod -g ${USERMAP_GID} ${PG_USER}
+    sed -i -e "s|:${USERMAP_ORIG_UID}:${USERMAP_GID}:|:${USERMAP_UID}:${USERMAP_GID}:|" /etc/passwd
+  fi
+}
+
+create_datadir() {
+  echo "Initializing datadir..."
+  mkdir -p ${PG_HOME}
+  if [[ -d ${PG_DATADIR} ]]; then
+    find ${PG_DATADIR} -type f -exec chmod 0600 {} \;
+    find ${PG_DATADIR} -type d -exec chmod 0700 {} \;
+  fi
+  chown -R ${PG_USER}:${PG_USER} ${PG_HOME}
+}
+
+create_certdir() {
+  echo "Initializing certdir..."
+  mkdir -p ${PG_CERTDIR}
+  [[ -f ${PG_CERTDIR}/server.crt ]] && chmod 0644 ${PG_CERTDIR}/server.crt
+  [[ -f ${PG_CERTDIR}/server.key ]] && chmod 0640 ${PG_CERTDIR}/server.key
+  chmod 0755 ${PG_CERTDIR}
+  chown -R root:${PG_USER} ${PG_CERTDIR}
+}
+
+create_logdir() {
+  echo "Initializing logdir..."
+  mkdir -p ${PG_LOGDIR}
+  chmod -R 1775 ${PG_LOGDIR}
+  chown -R root:${PG_USER} ${PG_LOGDIR}
+}
+
+create_rundir() {
+  echo "Initializing rundir..."
+  mkdir -p ${PG_RUNDIR} ${PG_RUNDIR}/${PG_VERSION}-main.pg_stat_tmp
+  chmod -R 0755 ${PG_RUNDIR}
+  chmod g+s ${PG_RUNDIR}
+  chown -R ${PG_USER}:${PG_USER} ${PG_RUNDIR}
+}
+
+set_postgresql_param() {
+  local key=${1}
+  local value=${2}
+  if [[ -n ${value} ]]; then
+    local current=$(exec_as_postgres sed -n -e "s/^\("${key}" = '\)\([^ ']*\)\(.*\)$/\2/p" ${PG_CONF})
+    if [[ "${current}" != "${value}" ]]; then
+      echo "‣ Setting postgresql.conf parameter: ${key} = '${value}'"
+      value="$(echo "${value}" | sed 's|[&]|\\&|g')"
+      exec_as_postgres sed -i "s|^[#]*[ ]*${key} = .*|${key} = '${value}'|" ${PG_CONF}
+    fi
+  fi
+}
+
+set_recovery_param() {
+  local key=${1}
+  local value=${2}
+  local hide=${3}
+  if [[ -n ${value} ]]; then
+    local current=$(exec_as_postgres sed -n -e "s/^\(.*\)\("${key}"=\)\([^ ']*\)\(.*\)$/\3/p" ${PG_RECOVERY_CONF})
+    if [[ "${current}" != "${value}" ]]; then
+      case ${hide} in
+        true)  echo "‣ Setting primary_conninfo parameter: ${key}" ;;
+        *) echo "‣ Setting primary_conninfo parameter: ${key} = '${value}'" ;;
+      esac
+      exec_as_postgres sed -i "s|${key}=[^ ']*|${key}=${value}|" ${PG_RECOVERY_CONF}
+    fi
+  fi
+}
+
+set_hba_param() {
+  local value=${1}
+  if ! grep -q "$(sed "s| | \\\+|g" <<< ${value})" ${PG_HBA_CONF}; then
+    echo "${value}" >> ${PG_HBA_CONF}
+  fi
+}
+
+configure_ssl() {
+  ## NOT SURE IF THIS IS A GOOD ALTERNATIVE TO ENABLE SSL SUPPORT BY DEFAULT ##
+  ## BECAUSE USERS WHO PULL A PREBUILT IMAGE WILL HAVE THE SAME CERTIFICATES ##
+  # if [[ ! -f ${PG_CERTDIR}/server.crt && ! -f ${PG_CERTDIR}/server.key ]]; then
+  #   if [[ -f /etc/ssl/certs/ssl-cert-snakeoil.pem && -f /etc/ssl/private/ssl-cert-snakeoil.key ]]; then
+  #     ln -sf /etc/ssl/certs/ssl-cert-snakeoil.pem ${PG_CERTDIR}/server.crt
+  #     ln -sf /etc/ssl/private/ssl-cert-snakeoil.key ${PG_CERTDIR}/server.key
+  #   fi
+  # fi
+
+  if [[ -f ${PG_CERTDIR}/server.crt && -f ${PG_CERTDIR}/server.key ]]; then
+    PG_SSL=${PG_SSL:-on}
+    set_postgresql_param "ssl_cert_file" "${PG_CERTDIR}/server.crt"
+    set_postgresql_param "ssl_key_file" "${PG_CERTDIR}/server.key"
+  fi
+  PG_SSL=${PG_SSL:-off}
+  set_postgresql_param "ssl" "${PG_SSL}"
+}
+
+configure_hot_standby() {
+  case ${REPLICATION_MODE} in
+    slave|snapshot|backup) ;;
+    *)
+      echo "Configuring hot standby..."
+      set_postgresql_param "wal_level" "hot_standby"
+      set_postgresql_param "max_wal_senders" "16"
+      set_postgresql_param "checkpoint_segments" "8"
+      set_postgresql_param "wal_keep_segments" "32"
+      set_postgresql_param "hot_standby" "on"
+      ;;
+  esac
+}
+
+initialize_database() {
+  if [[ ! -f ${PG_DATADIR}/PG_VERSION ]]; then
+    case ${REPLICATION_MODE} in
+      slave|snapshot|backup)
+        if [[ -z $REPLICATION_HOST ]]; then
+          echo "ERROR! Cannot continue without the REPLICATION_HOST. Exiting..."
+          exit 1
+        fi
+
+        if [[ -z $REPLICATION_USER ]]; then
+          echo "ERROR! Cannot continue without the REPLICATION_USER. Exiting..."
+          exit 1
+        fi
+
+        if [[ -z $REPLICATION_PASS ]]; then
+          echo "ERROR! Cannot continue without the REPLICATION_PASS. Exiting..."
+          exit 1
+        fi
+
+        echo -n "Waiting for $REPLICATION_HOST to accept connections (60s timeout)"
+        timeout=60
+        while ! ${PG_BINDIR}/pg_isready -h $REPLICATION_HOST -p $REPLICATION_PORT -t 1 >/dev/null 2>&1
+        do
+          timeout=$(expr $timeout - 1)
+          if [[ $timeout -eq 0 ]]; then
+            echo "Timeout! Exiting..."
+            exit 1
+          fi
+          echo -n "."
+          sleep 1
+        done
+        echo
+
+        case ${REPLICATION_MODE} in
+          slave)
+            echo "Replicating initial data from $REPLICATION_HOST..."
+            exec_as_postgres PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
+              -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -X stream -w >/dev/null
+            ;;
+          snapshot)
+            echo "Generating a snapshot data on $REPLICATION_HOST..."
+            exec_as_postgres PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
+              -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -X fetch -w >/dev/null
+            ;;
+          backup)
+            echo "Backing up data on $REPLICATION_HOST..."
+            exec_as_postgres PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
+              -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -X fetch -w >/dev/null
+            exit 0
+            ;;
+        esac
+        ;;
+      *)
+        echo "Initializing database..."
+        PG_OLD_VERSION=$(find ${PG_HOME}/[0-9].[0-9]/main -maxdepth 1 -name PG_VERSION 2>/dev/null | grep -v $PG_VERSION | sort -r | head -n1 | cut -d'/' -f5)
+        if [[ -n ${PG_OLD_VERSION} ]]; then
+          echo "‣ Migrating PostgreSQL ${PG_OLD_VERSION} data to ${PG_VERSION}..."
+
+          # protect the existing data from being altered by apt-get
+          mv ${PG_HOME}/${PG_OLD_VERSION} ${PG_HOME}/${PG_OLD_VERSION}.migrating
+
+          echo "‣ Installing PostgreSQL ${PG_OLD_VERSION}..."
+          if ! ( apt-get update &&  DEBIAN_FRONTEND=noninteractive apt-get install -y postgresql-${PG_OLD_VERSION} postgresql-client-${PG_OLD_VERSION} ) >/dev/null; then
+            echo "ERROR! Failed to install PostgreSQL ${PG_OLD_VERSION}. Exiting..."
+            # first move the old data back
+            rm -rf ${PG_HOME}/${PG_OLD_VERSION}
+            mv ${PG_HOME}/${PG_OLD_VERSION}.migrating ${PG_HOME}/${PG_OLD_VERSION}
+            exit 1
+          fi
+          rm -rf /var/lib/apt/lists/*
+
+          # we're ready to migrate, move back the old data and remove the trap
+          rm -rf ${PG_HOME}/${PG_OLD_VERSION}
+          mv ${PG_HOME}/${PG_OLD_VERSION}.migrating ${PG_HOME}/${PG_OLD_VERSION}
+        fi
+
+        if [[ -n $PG_PASSWORD ]]; then
+          echo "${PG_PASSWORD}" > /tmp/pwfile
+        fi
+
+        exec_as_postgres ${PG_BINDIR}/initdb --pgdata=${PG_DATADIR} \
+          --username=${PG_USER} --encoding=unicode --auth=trust ${PG_PASSWORD:+--pwfile=/tmp/pwfile} >/dev/null
+
+        if [[ -n ${PG_OLD_VERSION} ]]; then
+          PG_OLD_BINDIR=/usr/lib/postgresql/${PG_OLD_VERSION}/bin
+          PG_OLD_DATADIR=${PG_HOME}/${PG_OLD_VERSION}/main
+          PG_OLD_CONF=${PG_OLD_DATADIR}/postgresql.conf
+          PG_OLD_HBA_CONF=${PG_OLD_DATADIR}/pg_hba.conf
+          PG_OLD_IDENT_CONF=${PG_OLD_DATADIR}/pg_ident.conf
+
+          echo -n "‣ Migration in progress. Please be patient..."
+          exec_as_postgres ${PG_BINDIR}/pg_upgrade \
+            -b ${PG_OLD_BINDIR} -B ${PG_BINDIR} \
+            -d ${PG_OLD_DATADIR} -D ${PG_DATADIR} \
+            -o "-c config_file=${PG_OLD_CONF} --hba_file=${PG_OLD_HBA_CONF} --ident_file=${PG_OLD_IDENT_CONF}" \
+            -O "-c config_file=${PG_CONF} --hba_file=${PG_HBA_CONF} --ident_file=${PG_IDENT_CONF}" >/dev/null
+          echo
+        fi
+        ;;
+    esac
+
+    configure_hot_standby
+
+    # Change DSM from `posix' to `sysv' if we are inside an lx-brand container
+    if [[ $(uname -v) == "BrandZ virtual linux" ]]; then
+      set_postgresql_param "dynamic_shared_memory_type" "sysv"
+    fi
+  fi
+
+  # configure path to data_directory
+  set_postgresql_param "data_directory" "${PG_DATADIR}"
+
+  # configure logging
+  set_postgresql_param "log_directory" "${PG_LOGDIR}"
+  set_postgresql_param "log_filename" "postgresql-${PG_VERSION}-main.log"
+
+  # listen on all interfaces
+  set_postgresql_param "listen_addresses" "*"
+
+  # allow remote connections to postgresql database
+  set_hba_param "host all all 0.0.0.0/0 md5"
+}
+
+trust_localnet() {
+  if [[ ${PG_TRUST_LOCALNET} == true ]]; then
+    echo "Trusting connections from the local network..."
+    set_hba_param "host all all samenet trust"
+  fi
+}
+
+configure_recovery() {
+  if [[ ${REPLICATION_MODE} == slave ]]; then
+    echo "Configuring recovery..."
+    if [[ ! -f ${PG_RECOVERY_CONF} ]]; then
+      # initialize recovery.conf on the firstrun (slave only)
+      exec_as_postgres touch ${PG_RECOVERY_CONF}
+      ( echo "standby_mode = 'on'";
+        echo "primary_conninfo = 'host=${REPLICATION_HOST} port=${REPLICATION_PORT} user=${REPLICATION_USER} password=${REPLICATION_PASS} sslmode=${REPLICATION_SSLMODE}'";
+      ) > ${PG_RECOVERY_CONF}
+    else
+      set_recovery_param "host"      "${REPLICATION_HOST}"
+      set_recovery_param "port"      "${REPLICATION_PORT}"
+      set_recovery_param "user"      "${REPLICATION_USER}"
+      set_recovery_param "password"  "${REPLICATION_PASS}"    "true"
+      set_recovery_param "sslmode"   "${REPLICATION_SSLMODE}"
+    fi
+  else
+    # recovery.conf can only exist on a slave node, its existence otherwise causes problems
+    rm -rf ${PG_RECOVERY_CONF}
+  fi
+}
+
+create_user() {
+  if [[ -n ${DB_USER} ]]; then
+    case $REPLICATION_MODE in
+      slave|snapshot|backup)
+        echo "INFO! Database user cannot be created on a $REPLICATION_MODE node. Skipping..."
+        ;;
+      *)
+        if [[ -z ${DB_PASS} ]]; then
+          echo "ERROR! Please specify a password for DB_USER in DB_PASS. Exiting..."
+          exit 1
+        fi
+        echo "Creating database user: ${DB_USER}"
+        echo "CREATE ROLE \"${DB_USER}\" with LOGIN CREATEDB PASSWORD '${DB_PASS}';" | \
+          exec_as_postgres ${PG_BINDIR}/postgres --single -D ${PG_DATADIR} >/dev/null 2>&1
+        ;;
+    esac
+  fi
+}
+
+create_database() {
+  if [[ -n ${DB_NAME} ]]; then
+    case $REPLICATION_MODE in
+      slave|snapshot|backup)
+        echo "INFO! Database cannot be created on a $REPLICATION_MODE node. Skipping..."
+        ;;
+      *)
+        echo -n "Creating database(s): "
+        for database in $(awk -F',' '{for (i = 1 ; i <= NF ; i++) print $i}' <<< "${DB_NAME}"); do
+          echo -n "${database} "
+          echo "CREATE DATABASE \"${database}\";" | \
+            exec_as_postgres ${PG_BINDIR}/postgres --single -D ${PG_DATADIR} >/dev/null 2>&1
+
+          if [[ ${DB_UNACCENT} == true ]]; then
+            echo "CREATE EXTENSION IF NOT EXISTS unaccent;" | \
+              exec_as_postgres ${PG_BINDIR}/postgres --single ${database} -D ${PG_DATADIR} >/dev/null 2>&1
+          fi
+
+          if [[ -n ${DB_USER} ]]; then
+            echo "GRANT ALL PRIVILEGES ON DATABASE \"${database}\" to \"${DB_USER}\";" | \
+              exec_as_postgres ${PG_BINDIR}/postgres --single -D ${PG_DATADIR} >/dev/null 2>&1
+          fi
+        done
+        echo
+        ;;
+    esac
+  fi
+}
+
+create_replication_user() {
+  if [[ -n ${REPLICATION_USER} ]]; then
+    case $REPLICATION_MODE in
+      slave|snapshot|backup) ;; # replication user can only be created on the master
+      *)
+        if [[ -z ${REPLICATION_PASS} ]]; then
+          echo "ERROR! Please specify a password for REPLICATION_USER in REPLICATION_PASS. Exiting..."
+          exit 1
+        fi
+
+        echo "Creating replication user: ${REPLICATION_USER}"
+        echo "CREATE ROLE \"${REPLICATION_USER}\" WITH REPLICATION LOGIN ENCRYPTED PASSWORD '${REPLICATION_PASS}';" | \
+          exec_as_postgres ${PG_BINDIR}/postgres --single -D ${PG_DATADIR} >/dev/null 2>&1
+
+        set_hba_param "host replication ${REPLICATION_USER} 0.0.0.0/0 md5"
+        ;;
+    esac
+  fi
+}

start

@@ -1,49 +0,0 @@
-#!/bin/bash
-set -e
-
-PG_VERSION="9.1"
-PG_CONFDIR="/etc/postgresql/${PG_VERSION}/main"
-PG_BINDIR="/usr/lib/postgresql/${PG_VERSION}/bin"
-PG_DATADIR="/var/lib/postgresql/${PG_VERSION}/main"
-
-# fix permissions and ownership of /var/lib/postgresql
-chown -R postgres:postgres /var/lib/postgresql
-chmod 700 /var/lib/postgresql
-
-# disable ssl
-sed 's/ssl = true/#ssl = true/' -i ${PG_CONFDIR}/postgresql.conf
-
-# listen on all interfaces
-cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
-listen_addresses = '*'
-EOF
-
-# allow remote connections to postgresql database
-cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
-host    all             all             0.0.0.0/0               md5
-EOF
-
-# initialize PostgreSQL data directory
-if [ ! -d ${PG_DATADIR} ]; then
-  echo "Initializing database..."
-  PG_PASSWORD=$(pwgen -c -n -1 14)
-  echo "${PG_PASSWORD}" > /var/lib/postgresql/pwfile
-  sudo -u postgres -H "${PG_BINDIR}/initdb" \
-    --pgdata="${PG_DATADIR}" --pwfile=/var/lib/postgresql/pwfile \
-    --username=postgres --encoding=unicode --auth=trust >/dev/null
-fi
-
-if [ -f /var/lib/postgresql/pwfile ]; then
-  PG_PASSWORD=$(cat /var/lib/postgresql/pwfile)
-  echo "|------------------------------------------------------------------|"
-  echo "| PostgreSQL User: postgres, Password: ${PG_PASSWORD}              |"
-  echo "|                                                                  |"
-  echo "| To remove the PostgreSQL login credentials from the logs, please |"
-  echo "| make a note of password and then delete the file pwfile          |"
-  echo "| from the data store.                                             |"
-  echo "|------------------------------------------------------------------|"
-fi
-
-echo "Starting PostgreSQL server..."
-exec sudo -u postgres -H ${PG_BINDIR}/postgres \
-  -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf