release 9.4-1

Fix installation unaccent extension - specify databases

.dockerignore

@@ -1,4 +1,7 @@
 .git
+circle.yml
+LICENSE
 VERSION
 README.md
 Changelog.md
+Makefile

Changelog.md

@@ -1,5 +1,10 @@
 # Changelog
 
+**9.4-1**
+- start: removed `pwfile` logic
+- init: added `USERMAP_*` configuration options
+- base image update to fix SSL vulnerability
+
 **9.4**
 - postgresql: upgrade to 9.4
 

Dockerfile

@@ -1,13 +1,13 @@
-FROM sameersbn/ubuntu:14.04.20150120
+FROM sameersbn/ubuntu:14.04.20150613
 MAINTAINER sameer@damagehead.com
 
 ENV PG_VERSION 9.4
 RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
  && echo 'deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main' > /etc/apt/sources.list.d/pgdg.list \
  && apt-get update \
- && apt-get install -y postgresql-${PG_VERSION} postgresql-client-${PG_VERSION} pwgen \
+ && apt-get install -y postgresql-${PG_VERSION} postgresql-client-${PG_VERSION} postgresql-contrib-${PG_VERSION} \
  && rm -rf /var/lib/postgresql \
- && rm -rf /var/lib/apt/lists/* # 20141001
+ && rm -rf /var/lib/apt/lists/* # 20150613
 
 ADD start /start
 RUN chmod 755 /start

README.md

@@ -1,3 +1,5 @@
+[![Circle CI](https://circleci.com/gh/sameersbn/docker-postgresql.svg?style=svg)](https://circleci.com/gh/sameersbn/docker-postgresql)
+
 # Table of Contents
 
 - [Introduction](#introduction)
@@ -6,12 +8,12 @@
 - [Reporting Issues](#reporting-issues)
 - [Installation](#installation)
 - [Quick Start](#quick-start)
-- [Creating User and Database at Launch](creating-user-and-database-at-launch)
+- [Creating User and Database at Launch](#creating-user-and-database-at-launch)
 - [Configuration](#configuration)
     - [Data Store](#data-store)
-    - [Securing the server](#securing-the-server)
 - [Shell Access](#shell-access)
 - [Upgrading](#upgrading)
+- [Host UID / GID Mapping](#host-uid--gid-mapping)
 
 # Introduction
 
@@ -58,7 +60,7 @@ In your issue report please make sure you provide the following information:
 Pull the latest version of the image from the docker index. This is the recommended method of installation as it is easier to update image in the future. These builds are performed by the **Docker Trusted Build** service.
 
 ```bash
-docker pull sameersbn/postgresql:9.4
+docker pull sameersbn/postgresql:9.4-1
 ```
 
 Alternately you can build the image yourself.
@@ -74,38 +76,13 @@ docker build -t="$USER/postgresql" .
 Run the postgresql image
 
 ```bash
-docker run --name postgresql -d sameersbn/postgresql:9.4
+docker run --name postgresql -d sameersbn/postgresql:9.4-1
 ```
 
-The simplest way to login to the postgresql container as the administrative `postgres` user is to use the `--volumes-from` docker option to connect to the postgresql server over the unix socket.
+The simplest way to login to the postgresql container as the administrative `postgres` user is to use the `docker exec` command to attach a new process to the running container and connect to the postgresql server over the unix socket.
 
 ```bash
-docker run -it --rm --volumes-from=postgresql \
-  sameersbn/postgresql:9.4 sudo -u postgres -H psql
-```
-
-Alternately you can fetch the password set for the `postgres` user from the container logs.
-
-```bash
-docker logs postgresql
-```
-
-In the output you will notice the following lines with the password:
-
-```bash
-|------------------------------------------------------------------|
-| PostgreSQL User: postgres, Password: xxxxxxxxxxxxxx              |
-|                                                                  |
-| To remove the PostgreSQL login credentials from the logs, please |
-| make a note of password and then delete the file pwfile          |
-| from the data store.                                             |
-|------------------------------------------------------------------|
-```
-
-To test if the postgresql server is working properly, try connecting to the server.
-
-```bash
-psql -U postgres -h $(docker inspect --format {{.NetworkSettings.IPAddress}} postgresql)
+docker exec -it postgresql sudo -u postgres psql
 ```
 
 # Creating User and Database at Launch
@@ -117,7 +94,7 @@ To create a new user you should specify the `DB_USER` and `DB_PASS` variables. T
 ```bash
 docker run --name postgresql -d \
   -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' \
-  sameersbn/postgresql:9.4
+  sameersbn/postgresql:9.4-1
 ```
 
 **NOTE**
@@ -128,10 +105,10 @@ Similarly, you can also create a new database by specifying the database name in
 
 ```bash
 docker run --name postgresql -d \
-  -e 'DB_NAME=dbname' sameersbn/postgresql:9.4
+  -e 'DB_NAME=dbname' sameersbn/postgresql:9.4-1
 ```
 
-You may also specify a comma separated list of database names in the `DB_NAME` variable. The following command creates two new databases named *dbname1* and *dbname2 (p.s. this feature is only available in releases greater than 9.4)*
+You may also specify a comma separated list of database names in the `DB_NAME` variable. The following command creates two new databases named *dbname1* and *dbname2 (p.s. this feature is only available in releases greater than 9.4-1)*
 
 ```bash
 docker run --name postgresql -d \
@@ -145,11 +122,27 @@ For example,
 ```bash
 docker run --name postgresql -d \
   -e 'DB_USER=dbuser' -e 'DB_PASS=dbpass' -e 'DB_NAME=dbname' \
-  sameersbn/postgresql:9.4
+  sameersbn/postgresql:9.4-1
 ```
 
 , will create a user *dbuser* with the password *dbpass*. It will also create a database named *dbname* and the *dbuser* user will have full access to the *dbname* database.
 
+The `PSQL_TRUST_LOCALNET` environment variable can be used to configure postgres to trust connections on the same network.  This is handy for other containers to connect without authentication. To enable this behavior, set `PSQL_TRUST_LOCALNET` to `true`.
+
+For example,
+
+```bash
+docker run --name postgresql -d \
+  -e 'PSQL_TRUST_LOCALNET=true' \
+  sameersbn/postgresql:9.4-1
+```
+
+This has the effect of adding the following to the `pg_hba.conf` file:
+
+```
+host    all             all             samenet                 trust
+```
+
 # Configuration
 
 ## Data Store
@@ -167,27 +160,21 @@ The updated run command looks like this.
 
 ```bash
 docker run --name postgresql -d \
-  -v /opt/postgresql/data:/var/lib/postgresql sameersbn/postgresql:9.4
+  -v /opt/postgresql/data:/var/lib/postgresql sameersbn/postgresql:9.4-1
 ```
 
 This will make sure that the data stored in the database is not lost when the image is stopped and started again.
 
-## Securing the server
+## Enable Unaccent (Search plain text with accent)
 
-By default a randomly generated password is assigned for the postgres user. The password is stored in a file named `pwfile` in the data store and is printed in the logs.
+Unaccent is a text search dictionary that removes accents (diacritic signs) from lexemes. It's a filtering dictionary, which means its output is always passed to the next dictionary (if any), unlike the normal behavior of dictionaries. This allows accent-insensitive processing for full text search.
 
-If you dont want this password to be displayed in the logs, then please note down the password listed in `/opt/postgresql/data/pwfile` and then delete the file.
+By default unaccent is configure to `false`
 
 ```bash
-cat /opt/postgresql/data/pwfile
-rm /opt/postgresql/data/pwfile
-```
-
-Alternately, you can change the password of the postgres user
-
-```bash
-psql -U postgres -h $(docker inspect --format {{.NetworkSettings.IPAddress}} postgresql)
-\password postgres
+docker run --name postgresql -d \
+  -e 'DB_UNACCENT=true' \
+  sameersbn/postgresql:9.4-1
 ```
 
 # Shell Access
@@ -229,11 +216,23 @@ docker stop postgresql
 - **Step 2**: Update the docker image.
 
 ```bash
-docker pull sameersbn/postgresql:9.4
+docker pull sameersbn/postgresql:9.4-1
 ```
 
 - **Step 3**: Start the image
 
 ```bash
-docker run --name postgresql -d [OPTIONS] sameersbn/postgresql:9.4
+docker run --name postgresql -d [OPTIONS] sameersbn/postgresql:9.4-1
+```
+
+# Host UID / GID Mapping
+
+Per default the container is configured to run postgres as user and group `postgres` with some unknown `uid` and `gid`. The host possibly uses these ids for different purposes leading to unfavorable effects. From the host it appears as if the mounted data volumes are owned by the host's user/group `[whatever id postgres has in the image]`.
+
+Also the container processes seem to be executed as the host's user/group `[whatever id postgres has in the image]`. The container can be configured to map the `uid` and `gid` of `postgres` to different ids on host by passing the environment variables `USERMAP_UID` and `USERMAP_GID`. The following command maps the ids to user and group `postgres` on the host.
+
+```bash
+docker run --name=postgresql -it --rm [options] \
+  --env="USERMAP_UID=$(id -u postgres)" --env="USERMAP_GID=$(id -g postgres)" \
+  sameersbn/postgresql:9.4-1
 ```

circle.yml

@@ -0,0 +1,15 @@
+machine:
+  services:
+    - docker
+dependencies:
+  cache_directories:
+    - "~/docker-postgresql"
+  override:
+    - docker info
+    - if [[ -e ~/docker-postgresql/image.tar ]]; then docker load --input ~/docker-postgresql/image.tar; fi
+    - docker build -t sameersbn/postgresql .
+    - mkdir -p ~/docker-postgresql; docker save --output ~/docker-postgresql/image.tar sameersbn/postgresql
+test:
+  override:
+    - docker run -d --name=postgresql sameersbn/postgresql; sleep 10
+    - docker run -it --volumes-from=postgresql sameersbn/postgresql sudo -u postgres -H psql -c "\conninfo"

start

@@ -6,9 +6,30 @@ PG_CONFDIR="/etc/postgresql/${PG_VERSION}/main"
 PG_BINDIR="/usr/lib/postgresql/${PG_VERSION}/bin"
 PG_DATADIR="${PG_HOME}/${PG_VERSION}/main"
 
+if [ -n "${USERMAP_UID}" ] || [ -n "${USERMAP_GID}" ]; then
+  if [ -n "${USERMAP_UID}" ] && [ -n "${USERMAP_GID}" ]; then
+    groupmod -g ${USERMAP_GID} postgres
+    usermod -u ${USERMAP_UID} -g ${USERMAP_GID} postgres
+  else
+    echo ""
+    echo "WARNING: "
+    echo "  Please specify USERMAP_UID AND USERMAP_GID or neither. Not changing user id..."
+    echo ""
+  fi
+fi
+
+# set this env variable to true to enable a line in the
+# pg_hba.conf file to trust samenet.  this can be used to connect
+# from other containers on the same host without authentication
+PSQL_TRUST_LOCALNET=${PSQL_TRUST_LOCALNET:false}
+
 DB_NAME=${DB_NAME:-}
 DB_USER=${DB_USER:-}
 DB_PASS=${DB_PASS:-}
+DB_UNACCENT=${DB_UNACCENT:false}
+
+# fix ownership of ${PG_CONFDIR} (may be necessary if USERMAP_* was set)
+chown -R postgres:postgres ${PG_CONFDIR}
 
 # fix permissions and ownership of ${PG_HOME}
 mkdir -p -m 0700 ${PG_HOME}
@@ -27,6 +48,13 @@ cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
 listen_addresses = '*'
 EOF
 
+if [ "${PSQL_TRUST_LOCALNET}" == "true" ]; then
+  echo "Enabling trust samenet in pg_hba.conf..."
+  cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
+host    all             all             samenet                 trust
+EOF
+fi
+
 # allow remote connections to postgresql database
 cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
 host    all             all             0.0.0.0/0               md5
@@ -37,16 +65,10 @@ cd ${PG_HOME}
 # initialize PostgreSQL data directory
 if [ ! -d ${PG_DATADIR} ]; then
   # check if we need to perform data migration
-  PG_OLD_VERSION=$(find ${PG_HOME}/[0-9].[0-9]/main -maxdepth 1 -name PG_VERSION | sort -r | head -n1 | cut -d'/' -f5)
-
-  if [ ! -f "${PG_HOME}/pwfile" ]; then
-    PG_PASSWORD=$(pwgen -c -n -1 14)
-    echo "${PG_PASSWORD}" > ${PG_HOME}/pwfile
-  fi
+  PG_OLD_VERSION=$(find ${PG_HOME}/[0-9].[0-9]/main -maxdepth 1 -name PG_VERSION 2>/dev/null | sort -r | head -n1 | cut -d'/' -f5)
 
   echo "Initializing database..."
-  sudo -u postgres -H "${PG_BINDIR}/initdb" \
-    --pgdata="${PG_DATADIR}" --pwfile=${PG_HOME}/pwfile \
+  sudo -u postgres -H "${PG_BINDIR}/initdb" --pgdata="${PG_DATADIR}" \
     --username=postgres --encoding=unicode --auth=trust >/dev/null
 fi
 
@@ -75,17 +97,6 @@ if [ -n "${PG_OLD_VERSION}" ]; then
     -O "-c config_file=${PG_CONFDIR}/postgresql.conf" >/dev/null
 fi
 
-if [ -f ${PG_HOME}/pwfile ]; then
-  PG_PASSWORD=$(cat ${PG_HOME}/pwfile)
-  echo "|------------------------------------------------------------------|"
-  echo "| PostgreSQL User: postgres, Password: ${PG_PASSWORD}              |"
-  echo "|                                                                  |"
-  echo "| To remove the PostgreSQL login credentials from the logs, please |"
-  echo "| make a note of password and then delete the file pwfile          |"
-  echo "| from the data store.                                             |"
-  echo "|------------------------------------------------------------------|"
-fi
-
 if [ -n "${DB_USER}" ]; then
   if [ -z "${DB_PASS}" ]; then
     echo ""
@@ -97,7 +108,7 @@ if [ -n "${DB_USER}" ]; then
     echo "Creating user \"${DB_USER}\"..."
     echo "CREATE ROLE ${DB_USER} with LOGIN CREATEDB PASSWORD '${DB_PASS}';" |
       sudo -u postgres -H ${PG_BINDIR}/postgres --single \
-        -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null 2>&1
+        -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
   fi
 fi
 
@@ -106,17 +117,24 @@ if [ -n "${DB_NAME}" ]; then
     echo "Creating database \"${db}\"..."
     echo "CREATE DATABASE ${db};" | \
       sudo -u postgres -H ${PG_BINDIR}/postgres --single \
-        -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null 2>&1
+        -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+
+    if [ "${DB_UNACCENT}" == "true" ]; then
+      echo "Installing unaccent extension..."
+      echo "CREATE EXTENSION IF NOT EXISTS unaccent;" | \
+        sudo -u postgres -H ${PG_BINDIR}/postgres --single ${db} \
+          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
+    fi
 
     if [ -n "${DB_USER}" ]; then
       echo "Granting access to database \"${db}\" for user \"${DB_USER}\"..."
       echo "GRANT ALL PRIVILEGES ON DATABASE ${db} to ${DB_USER};" |
         sudo -u postgres -H ${PG_BINDIR}/postgres --single \
-          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null 2>&1
+          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
     fi
   done
 fi
 
 echo "Starting PostgreSQL server..."
-exec sudo -u postgres -H ${PG_BINDIR}/postgres \
+exec gosu postgres ${PG_BINDIR}/postgres \
   -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf