release 9.4-2

fix a few typos

Changelog.md

@@ -1,5 +1,8 @@
 # Changelog
 
+**9.4-2**
+- added replication options
+
 **9.4-1**
 - start: removed `pwfile` logic
 - init: added `USERMAP_*` configuration options

Dockerfile

@@ -1,20 +1,24 @@
-FROM sameersbn/ubuntu:14.04.20150613
+FROM sameersbn/ubuntu:14.04.20150712
 MAINTAINER sameer@damagehead.com
 
-ENV PG_VERSION 9.4
+ENV PG_VERSION=9.4 \
+    PG_USER=postgres \
+    PG_HOME="/var/lib/postgresql"
+
+ENV PG_CONFDIR="/etc/postgresql/${PG_VERSION}/main" \
+    PG_BINDIR="/usr/lib/postgresql/${PG_VERSION}/bin" \
+    PG_DATADIR="${PG_HOME}/${PG_VERSION}/main"
+
 RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
  && echo 'deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main' > /etc/apt/sources.list.d/pgdg.list \
  && apt-get update \
  && apt-get install -y postgresql-${PG_VERSION} postgresql-client-${PG_VERSION} postgresql-contrib-${PG_VERSION} \
- && rm -rf /var/lib/postgresql \
- && rm -rf /var/lib/apt/lists/* # 20150613
+ && rm -rf ${PG_HOME} \
+ && rm -rf /var/lib/apt/lists/*
 
-ADD start /start
+COPY start /start
 RUN chmod 755 /start
 
-EXPOSE 5432
-
-VOLUME ["/var/lib/postgresql"]
-VOLUME ["/run/postgresql"]
-
+EXPOSE 5432/tcp
+VOLUME ["${PG_HOME}", "/run/postgresql"]
 CMD ["/start"]

Makefile

@@ -2,3 +2,6 @@ all: build
 
 build:
 	@docker build --tag=${USER}/postgresql .
+
+release: build
+	@docker build --tag=${USER}/postgresql:$(shell cat VERSION) .

README.md

@@ -8,12 +8,12 @@
 - [Reporting Issues](#reporting-issues)
 - [Installation](#installation)
 - [Quick Start](#quick-start)
+- [Persistence](#persistence)
 - [Creating User and Database at Launch](#creating-user-and-database-at-launch)
-- [Configuration](#configuration)
-    - [Data Store](#data-store)
-- [Shell Access](#shell-access)
-- [Upgrading](#upgrading)
+- [Creating a Snapshot or Slave Database](#creating-a-snapshot-or-slave-database)
 - [Host UID / GID Mapping](#host-uid--gid-mapping)
+- [Upgrading](#upgrading)
+- [Shell Access](#shell-access)
 
 # Introduction
 
@@ -25,11 +25,11 @@ If you find this image useful here's how you can help:
 
 - Send a Pull Request with your awesome new features and bug fixes
 - Help new users with [Issues](https://github.com/sameersbn/docker-postgresql/issues) they may encounter
-- Send me a tip via [Bitcoin](https://www.coinbase.com/sameersbn) or using [Gratipay](https://gratipay.com/sameersbn/)
+- Support the development of this image with a [donation](http://www.damagehead.com/donate/)
 
 # Reporting Issues
 
-Docker is a relatively new project and is active being developed and tested by a thriving community of developers and testers and every release of docker features many enhancements and bugfixes.
+Docker is a relatively new project and is being actively developed and tested by a thriving community of developers and testers and every release of Docker features many enhancements and bugfixes.
 
 Given the nature of the development and release cycle it is very important that you have the latest version of docker installed because any issue that you encounter might have already been fixed with a newer docker release.
 
@@ -50,7 +50,7 @@ If using the latest docker version and/or disabling selinux does not fix the iss
 
 In your issue report please make sure you provide the following information:
 
-- The host ditribution and release version.
+- The host distribution and release version.
 - Output of the `docker version` command
 - Output of the `docker info` command
 - The `docker run` command you used to run the image (mask out the sensitive bits).
@@ -60,7 +60,7 @@ In your issue report please make sure you provide the following information:
 Pull the latest version of the image from the docker index. This is the recommended method of installation as it is easier to update image in the future. These builds are performed by the **Docker Trusted Build** service.
 
 ```bash
-docker pull sameersbn/postgresql:9.4-1
+docker pull sameersbn/postgresql:9.4-2
 ```
 
 Alternately you can build the image yourself.
@@ -76,7 +76,7 @@ docker build -t="$USER/postgresql" .
 Run the postgresql image
 
 ```bash
-docker run --name postgresql -d sameersbn/postgresql:9.4-1
+docker run --name postgresql -d sameersbn/postgresql:9.4-2
 ```
 
 The simplest way to login to the postgresql container as the administrative `postgres` user is to use the `docker exec` command to attach a new process to the running container and connect to the postgresql server over the unix socket.
@@ -85,67 +85,7 @@ The simplest way to login to the postgresql container as the administrative `pos
 docker exec -it postgresql sudo -u postgres psql
 ```
 
-# Creating User and Database at Launch
-
-The image allows you to create a user and database at launch time.
-
-To create a new user you should specify the `DB_USER` and `DB_PASS` variables. The following command will create a new user *dbuser* with the password *dbpass*.
-
-```bash
-docker run --name postgresql -d \
-  -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' \
-  sameersbn/postgresql:9.4-1
-```
-
-**NOTE**
-- If the password is not specified the user will not be created
-- If the user user already exists no changes will be made
-
-Similarly, you can also create a new database by specifying the database name in the `DB_NAME` variable.
-
-```bash
-docker run --name postgresql -d \
-  -e 'DB_NAME=dbname' sameersbn/postgresql:9.4-1
-```
-
-You may also specify a comma separated list of database names in the `DB_NAME` variable. The following command creates two new databases named *dbname1* and *dbname2 (p.s. this feature is only available in releases greater than 9.4-1)*
-
-```bash
-docker run --name postgresql -d \
--e 'DB_NAME=dbname1,dbname2' sameersbn/postgresql:latest
-```
-
-If the `DB_USER` and `DB_PASS` variables are also specified while creating the database, then the user is granted access to the database(s).
-
-For example,
-
-```bash
-docker run --name postgresql -d \
-  -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' -e 'DB_NAME=dbname' \
-  sameersbn/postgresql:9.4-1
-```
-
-, will create a user *dbuser* with the password *dbpass*. It will also create a database named *dbname* and the *dbuser* user will have full access to the *dbname* database.
-
-The `PSQL_TRUST_LOCALNET` environment variable can be used to configure postgres to trust connections on the same network.  This is handy for other containers to connect without authentication. To enable this behavior, set `PSQL_TRUST_LOCALNET` to `true`.
-
-For example,
-
-```bash
-docker run --name postgresql -d \
-  -e 'PSQL_TRUST_LOCALNET=true' \
-  sameersbn/postgresql:9.4-1
-```
-
-This has the effect of adding the following to the `pg_hba.conf` file:
-
-```
-host    all             all             samenet                 trust
-```
-
-# Configuration
-
-## Data Store
+# Persistence
 
 For data persistence a volume should be mounted at `/var/lib/postgresql`.
 
@@ -160,12 +100,98 @@ The updated run command looks like this.
 
 ```bash
 docker run --name postgresql -d \
-  -v /opt/postgresql/data:/var/lib/postgresql sameersbn/postgresql:9.4-1
+  -v /opt/postgresql/data:/var/lib/postgresql sameersbn/postgresql:9.4-2
 ```
 
 This will make sure that the data stored in the database is not lost when the image is stopped and started again.
 
-## Enable Unaccent (Search plain text with accent)
+# Creating User and Database at Launch
+
+The image allows you to create a user and database at launch time.
+
+To create a new user you should specify the `DB_USER` and `DB_PASS` variables. The following command will create a new user *dbuser* with the password *dbpass*.
+
+```bash
+docker run --name postgresql -d \
+  -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' \
+  sameersbn/postgresql:9.4-2
+```
+
+**NOTE**
+- If the password is not specified the user will not be created
+- If the user user already exists no changes will be made
+
+Similarly, you can also create a new database by specifying the database name in the `DB_NAME` variable.
+
+```bash
+docker run --name postgresql -d \
+  -e 'DB_NAME=dbname' sameersbn/postgresql:9.4-2
+```
+
+You may also specify a comma separated list of database names in the `DB_NAME` variable. The following command creates two new databases named *dbname1* and *dbname2* (p.s. this feature is only available in releases greater than 9.1-1).
+
+```bash
+docker run --name postgresql -d \
+  -e 'DB_NAME=dbname1,dbname2' \
+  sameersbn/postgresql:9.4-2
+```
+
+If the `DB_USER` and `DB_PASS` variables are also specified while creating the database, then the user is granted access to the database(s).
+
+For example,
+
+```bash
+docker run --name postgresql -d \
+  -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' -e 'DB_NAME=dbname' \
+  sameersbn/postgresql:9.4-2
+```
+
+will create a user *dbuser* with the password *dbpass*. It will also create a database named *dbname* and the *dbuser* user will have full access to the *dbname* database.
+
+The `PSQL_TRUST_LOCALNET` environment variable can be used to configure postgres to trust connections on the same network.  This is handy for other containers to connect without authentication. To enable this behavior, set `PSQL_TRUST_LOCALNET` to `true`.
+
+For example,
+
+```bash
+docker run --name postgresql -d \
+  -e 'PSQL_TRUST_LOCALNET=true' \
+  sameersbn/postgresql:9.4-2
+```
+
+This has the effect of adding the following to the `pg_hba.conf` file:
+
+```
+host    all             all             samenet                 trust
+```
+
+# Creating a Snapshot or Slave Database
+
+You may use the `PSQL_MODE` variable along with `REPLICATION_HOST`, `REPLICATION_PORT`, `REPLICATION_USER` and `REPLICATION_PASS` to create a snapshot of an existing database and enable stream replication.
+
+Your master database must support replication or super-user access for the credentials you specify. The `PSQL_MODE` variable should be set to `master`, for replication on your master node and `slave` or `snapshot` respectively for streaming replication or a point-in-time snapshot of a running instance.
+
+Create a master instance
+
+```bash
+docker run --name='psql-master' -it --rm \
+  -e 'PSQL_MODE=master' -e 'PSQL_TRUST_LOCALNET=true' \
+  -e 'REPLICATION_USER=replicator' -e 'REPLICATION_PASS=replicatorpass' \
+  -e 'DB_NAME=dbname' -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' \
+  sameersbn/postgresql:9.4-2
+```
+
+Create a streaming replication instance
+
+```bash
+docker run --name='psql-slave' -it --rm  \
+  --link psql-master:psql-master  \
+  -e 'PSQL_MODE=slave' -e 'PSQL_TRUST_LOCALNET=true' \
+  -e 'REPLICATION_HOST=psql-master' -e 'REPLICATION_PORT=5432' \
+  -e 'REPLICATION_USER=replicator' -e 'REPLICATION_PASS=replicatorpass' \
+  sameersbn/postgresql:9.4-2
+```
+
+# Enable Unaccent (Search plain text with accent)
 
 Unaccent is a text search dictionary that removes accents (diacritic signs) from lexemes. It's a filtering dictionary, which means its output is always passed to the next dictionary (if any), unlike the normal behavior of dictionaries. This allows accent-insensitive processing for full text search.
 
@@ -174,7 +200,42 @@ By default unaccent is configure to `false`
 ```bash
 docker run --name postgresql -d \
   -e 'DB_UNACCENT=true' \
-  sameersbn/postgresql:9.4-1
+  sameersbn/postgresql:9.4-2
+```
+
+# Host UID / GID Mapping
+
+Per default the container is configured to run postgres as user and group `postgres` with some unknown `uid` and `gid`. The host possibly uses these ids for different purposes leading to unfavorable effects. From the host it appears as if the mounted data volumes are owned by the host's user/group `[whatever id postgres has in the image]`.
+
+Also the container processes seem to be executed as the host's user/group `[whatever id postgres has in the image]`. The container can be configured to map the `uid` and `gid` of `postgres` to different ids on host by passing the environment variables `USERMAP_UID` and `USERMAP_GID`. The following command maps the ids to user and group `postgres` on the host.
+
+```bash
+docker run --name=postgresql -it --rm [options] \
+  --env="USERMAP_UID=$(id -u postgres)" --env="USERMAP_GID=$(id -g postgres)" \
+  sameersbn/postgresql:9.4-2
+```
+
+
+# Upgrading
+
+To upgrade to newer releases, simply follow this 3 step upgrade procedure.
+
+- **Step 1**: Stop the currently running image
+
+```bash
+docker stop postgresql
+```
+
+- **Step 2**: Update the docker image.
+
+```bash
+docker pull sameersbn/postgresql:9.4-2
+```
+
+- **Step 3**: Start the image
+
+```bash
+docker run --name postgresql -d [OPTIONS] sameersbn/postgresql:9.4-2
 ```
 
 # Shell Access
@@ -202,37 +263,3 @@ sudo docker-enter postgresql
 ```
 
 For more information refer https://github.com/jpetazzo/nsenter
-
-# Upgrading
-
-To upgrade to newer releases, simply follow this 3 step upgrade procedure.
-
-- **Step 1**: Stop the currently running image
-
-```bash
-docker stop postgresql
-```
-
-- **Step 2**: Update the docker image.
-
-```bash
-docker pull sameersbn/postgresql:9.4-1
-```
-
-- **Step 3**: Start the image
-
-```bash
-docker run --name postgresql -d [OPTIONS] sameersbn/postgresql:9.4-1
-```
-
-# Host UID / GID Mapping
-
-Per default the container is configured to run postgres as user and group `postgres` with some unknown `uid` and `gid`. The host possibly uses these ids for different purposes leading to unfavorable effects. From the host it appears as if the mounted data volumes are owned by the host's user/group `[whatever id postgres has in the image]`.
-
-Also the container processes seem to be executed as the host's user/group `[whatever id postgres has in the image]`. The container can be configured to map the `uid` and `gid` of `postgres` to different ids on host by passing the environment variables `USERMAP_UID` and `USERMAP_GID`. The following command maps the ids to user and group `postgres` on the host.
-
-```bash
-docker run --name=postgresql -it --rm [options] \
-  --env="USERMAP_UID=$(id -u postgres)" --env="USERMAP_GID=$(id -g postgres)" \
-  sameersbn/postgresql:9.4-1
-```

VERSION

@@ -1 +1 @@
-9.4
+9.4-2

start

@@ -1,54 +1,62 @@
 #!/bin/bash
 set -e
 
-PG_HOME="/var/lib/postgresql"
-PG_CONFDIR="/etc/postgresql/${PG_VERSION}/main"
-PG_BINDIR="/usr/lib/postgresql/${PG_VERSION}/bin"
-PG_DATADIR="${PG_HOME}/${PG_VERSION}/main"
-
-if [ -n "${USERMAP_UID}" ] || [ -n "${USERMAP_GID}" ]; then
-  if [ -n "${USERMAP_UID}" ] && [ -n "${USERMAP_GID}" ]; then
-    groupmod -g ${USERMAP_GID} postgres
-    usermod -u ${USERMAP_UID} -g ${USERMAP_GID} postgres
-  else
-    echo ""
-    echo "WARNING: "
-    echo "  Please specify USERMAP_UID AND USERMAP_GID or neither. Not changing user id..."
-    echo ""
-  fi
-fi
-
 # set this env variable to true to enable a line in the
 # pg_hba.conf file to trust samenet.  this can be used to connect
 # from other containers on the same host without authentication
-PSQL_TRUST_LOCALNET=${PSQL_TRUST_LOCALNET:false}
+PSQL_TRUST_LOCALNET=${PSQL_TRUST_LOCALNET:-false}
 
 DB_NAME=${DB_NAME:-}
 DB_USER=${DB_USER:-}
 DB_PASS=${DB_PASS:-}
 DB_UNACCENT=${DB_UNACCENT:false}
 
+# by default postgresql will start up as a standalone instance.
+# set this environment variable to master, slave or snapshot to use replication features.
+# "snapshot" will create a point in time backup of a master instance.
+PSQL_MODE=${PSQL_MODE:-standalone}
+
+REPLICATION_USER=${REPLICATION_USER:-}
+REPLICATION_PASS=${REPLICATION_PASS:-}
+REPLICATION_HOST=${REPLICATION_HOST:-}
+REPLICATION_PORT=${REPLICATION_PORT:-5432}
+
+# set this env variable to "require" to enable encryption and "verify-full" for verification.
+PSQL_SSLMODE=${PSQL_SSLMODE:-disable}
+
+## Adapt uid and gid for ${PG_USER}:${PG_USER}
+USERMAP_ORIG_UID=$(id -u ${PG_USER})
+USERMAP_ORIG_GID=$(id -g ${PG_USER})
+USERMAP_GID=${USERMAP_GID:-${USERMAP_UID:-$USERMAP_ORIG_GID}}
+USERMAP_UID=${USERMAP_UID:-$USERMAP_ORIG_UID}
+if [[ ${USERMAP_UID} != ${USERMAP_ORIG_UID} ]] || [[ ${USERMAP_GID} != ${USERMAP_ORIG_GID} ]]; then
+  echo "Adapting uid and gid for ${PG_USER}:${PG_USER} to $USERMAP_UID:$USERMAP_GID"
+  groupmod -g ${USERMAP_GID} ${PG_USER}
+  sed -i -e "s/:${USERMAP_ORIG_UID}:${USERMAP_GID}:/:${USERMAP_UID}:${USERMAP_GID}:/" /etc/passwd
+fi
+
 # fix ownership of ${PG_CONFDIR} (may be necessary if USERMAP_* was set)
-chown -R postgres:postgres ${PG_CONFDIR}
+chown -R ${PG_USER}:${PG_USER} ${PG_CONFDIR}
 
 # fix permissions and ownership of ${PG_HOME}
 mkdir -p -m 0700 ${PG_HOME}
-chown -R postgres:postgres ${PG_HOME}
+chown -R ${PG_USER}:${PG_USER} ${PG_HOME}
 
 # fix permissions and ownership of /run/postgresql
 mkdir -p -m 0755 /run/postgresql /run/postgresql/${PG_VERSION}-main.pg_stat_tmp
-chown -R postgres:postgres /run/postgresql
+chown -R ${PG_USER}:${PG_USER} /run/postgresql
 chmod g+s /run/postgresql
 
-# disable ssl
-sed 's/ssl = true/#ssl = true/' -i ${PG_CONFDIR}/postgresql.conf
+if [[ ${PSQL_SSLMODE} == disable ]]; then
+  sed 's/ssl = true/#ssl = true/' -i ${PG_CONFDIR}/postgresql.conf
+fi
 
 # listen on all interfaces
 cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
 listen_addresses = '*'
 EOF
 
-if [ "${PSQL_TRUST_LOCALNET}" == "true" ]; then
+if [[ ${PSQL_TRUST_LOCALNET} == true ]]; then
   echo "Enabling trust samenet in pg_hba.conf..."
   cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
 host    all             all             samenet                 trust
@@ -60,19 +68,69 @@ cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
 host    all             all             0.0.0.0/0               md5
 EOF
 
+# allow replication connections to the database
+if [[ -n ${REPLICATION_USER} ]]; then
+  if [[ ${PSQL_SSLMODE} == disable ]]; then
+    cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
+host    replication     $REPLICATION_USER       0.0.0.0/0               md5
+EOF
+  else
+    cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
+hostssl replication     $REPLICATION_USER       0.0.0.0/0               md5
+EOF
+  fi
+fi
+
+if [[ ${PSQL_MODE} == master ]]; then
+  if [[ -n ${REPLICATION_USER} ]]; then
+    echo "Supporting hot standby..."
+    cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
+wal_level = hot_standby
+max_wal_senders = 3
+checkpoint_segments = 8
+wal_keep_segments = 8
+EOF
+  fi
+fi
+
 cd ${PG_HOME}
 
 # initialize PostgreSQL data directory
-if [ ! -d ${PG_DATADIR} ]; then
-  # check if we need to perform data migration
-  PG_OLD_VERSION=$(find ${PG_HOME}/[0-9].[0-9]/main -maxdepth 1 -name PG_VERSION 2>/dev/null | sort -r | head -n1 | cut -d'/' -f5)
+if [[ ! -d ${PG_DATADIR} ]]; then
+  if [[ ${PSQL_MODE} == slave || ${PSQL_MODE} == snapshot ]]; then
+    echo "Replicating database..."
+    if [[ ${PSQL_MODE} == snapshot ]]; then
+      sudo -Hu ${PG_USER} \
+        PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
+        -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -w -x -v -P
+    elif [[ ${PSQL_MODE} == slave ]]; then
+      # Setup streaming replication.
+      sudo -Hu ${PG_USER} \
+        PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
+        -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -w -v -P
+      echo "Setting up hot standby configuration..."
+      cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
+hot_standby = on
+EOF
+      sudo -Hu ${PG_USER} touch ${PG_DATADIR}/recovery.conf
+      cat >> ${PG_DATADIR}/recovery.conf <<EOF
+standby_mode = 'on'
+primary_conninfo = 'host=${REPLICATION_HOST} port=${REPLICATION_PORT} user=${REPLICATION_USER} password=${REPLICATION_PASS} sslmode=${PSQL_SSLMODE}'
+trigger_file = '/tmp/postgresql.trigger'
+EOF
+    fi
 
-  echo "Initializing database..."
-  sudo -u postgres -H "${PG_BINDIR}/initdb" --pgdata="${PG_DATADIR}" \
-    --username=postgres --encoding=unicode --auth=trust >/dev/null
+  else
+    # check if we need to perform data migration
+    PG_OLD_VERSION=$(find ${PG_HOME}/[0-9].[0-9]/main -maxdepth 1 -name PG_VERSION 2>/dev/null | sort -r | head -n1 | cut -d'/' -f5)
+
+    echo "Initializing database..."
+    sudo -Hu ${PG_USER} ${PG_BINDIR}/initdb --pgdata=${PG_DATADIR} \
+      --username=${PG_USER} --encoding=unicode --auth=trust >/dev/null
+  fi
 fi
 
-if [ -n "${PG_OLD_VERSION}" ]; then
+if [[ -n ${PG_OLD_VERSION} ]]; then
   echo "Migrating postgresql ${PG_OLD_VERSION} data..."
   PG_OLD_CONFDIR="/etc/postgresql/${PG_OLD_VERSION}/main"
   PG_OLD_BINDIR="/usr/lib/postgresql/${PG_OLD_VERSION}/bin"
@@ -90,51 +148,69 @@ if [ -n "${PG_OLD_VERSION}" ]; then
 
   # migrate ${PG_OLD_VERSION} data
   echo "Migration in progress. This could take a while, please be patient..."
-  sudo -u postgres -H ${PG_BINDIR}/pg_upgrade \
+  sudo -Hu ${PG_USER} ${PG_BINDIR}/pg_upgrade \
     -b ${PG_OLD_BINDIR} -B ${PG_BINDIR} \
     -d ${PG_OLD_DATADIR} -D ${PG_DATADIR} \
     -o "-c config_file=${PG_OLD_CONFDIR}/postgresql.conf" \
     -O "-c config_file=${PG_CONFDIR}/postgresql.conf" >/dev/null
 fi
 
-if [ -n "${DB_USER}" ]; then
-  if [ -z "${DB_PASS}" ]; then
-    echo ""
-    echo "WARNING: "
-    echo "  Please specify a password for \"${DB_USER}\". Skipping user creation..."
-    echo ""
-    DB_USER=
-  else
-    echo "Creating user \"${DB_USER}\"..."
-    echo "CREATE ROLE ${DB_USER} with LOGIN CREATEDB PASSWORD '${DB_PASS}';" |
-      sudo -u postgres -H ${PG_BINDIR}/postgres --single \
-        -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+# Hot standby (slave and snapshot) servers can ignore the following code.
+if [[ ${PSQL_MODE} == standalone || ${PSQL_MODE} == master ]]; then
+  if [[ -n ${REPLICATION_USER} ]]; then
+    if [[ -z ${REPLICATION_PASS} ]]; then
+      echo ""
+      echo "WARNING: "
+      echo "  Please specify a password for replication user \"${REPLICATION_USER}\". Skipping user creation..."
+      echo ""
+      DB_USER=
+    else
+      echo "Creating user \"${REPLICATION_USER}\"..."
+      echo "CREATE ROLE ${REPLICATION_USER} WITH REPLICATION LOGIN ENCRYPTED PASSWORD '${REPLICATION_PASS}';" |
+        sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+    fi
+  fi
+
+  if [[ -n ${DB_USER} ]]; then
+    if [[ -z ${DB_PASS} ]]; then
+      echo ""
+      echo "WARNING: "
+      echo "  Please specify a password for \"${DB_USER}\". Skipping user creation..."
+      echo ""
+      DB_USER=
+    else
+      echo "Creating user \"${DB_USER}\"..."
+      echo "CREATE ROLE ${DB_USER} with LOGIN CREATEDB PASSWORD '${DB_PASS}';" |
+        sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+    fi
+  fi
+
+  if [[ -n ${DB_NAME} ]]; then
+    for db in $(awk -F',' '{for (i = 1 ; i <= NF ; i++) print $i}' <<< "${DB_NAME}"); do
+      echo "Creating database \"${db}\"..."
+      echo "CREATE DATABASE ${db};" | \
+        sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+
+      if [[ ${DB_UNACCENT} == true ]]; then
+        echo "Installing unaccent extension..."
+        echo "CREATE EXTENSION IF NOT EXISTS unaccent;" | \
+          sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single ${db} \
+            -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+      fi
+
+      if [[ -n ${DB_USER} ]]; then
+        echo "Granting access to database \"${db}\" for user \"${DB_USER}\"..."
+        echo "GRANT ALL PRIVILEGES ON DATABASE ${db} to ${DB_USER};" |
+          sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
+            -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+      fi
+    done
   fi
 fi
 
-if [ -n "${DB_NAME}" ]; then
-  for db in $(awk -F',' '{for (i = 1 ; i <= NF ; i++) print $i}' <<< "${DB_NAME}"); do
-    echo "Creating database \"${db}\"..."
-    echo "CREATE DATABASE ${db};" | \
-      sudo -u postgres -H ${PG_BINDIR}/postgres --single \
-        -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
-
-    if [ "${DB_UNACCENT}" == "true" ]; then
-      echo "Installing unaccent extension..."
-      echo "CREATE EXTENSION IF NOT EXISTS unaccent;" | \
-        sudo -u postgres -H ${PG_BINDIR}/postgres --single ${db} \
-          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
-    fi
-
-    if [ -n "${DB_USER}" ]; then
-      echo "Granting access to database \"${db}\" for user \"${DB_USER}\"..."
-      echo "GRANT ALL PRIVILEGES ON DATABASE ${db} to ${DB_USER};" |
-        sudo -u postgres -H ${PG_BINDIR}/postgres --single \
-          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
-    fi
-  done
-fi
-
 echo "Starting PostgreSQL server..."
-exec gosu postgres ${PG_BINDIR}/postgres \
+exec start-stop-daemon --start --chuid ${PG_USER}:${PG_USER} --exec ${PG_BINDIR}/postgres -- \
   -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf