postgres9.4

83f92307 · kalvin · 20e73553 · 83f92307 · 83f92307 · 83f92307
Commit 83f92307 authored Apr 19, 2018 by kalvin
5 changed files
--- a/baseimg/tools/postgres9.4/Dockerfile
+++ b/baseimg/tools/postgres9.4/Dockerfile
+# Pull base image
+FROM 192.168.4.36/baseimg/centos:201803291115
+# Postgresql version
+ENV PG_VERSION 9.4
+ENV PGVERSION 94
+# Set the environment variables
+ENV HOME /var/lib/pgsql
+ENV PGDATA /var/lib/pgsql/9.4/data
+# Install postgresql and run InitDB
+RUN rpm -vih https://download.postgresql.org/pub/repos/yum/$PG_VERSION/redhat/rhel-7-x86_64/pgdg-centos$PGVERSION-$PG_VERSION-2.noarch.rpm && \
+    yum update -y && \
+    yum install -y sudo \
+    pwgen \
+    postgresql$PGVERSION \
+    postgresql$PGVERSION-server \
+    postgresql$PGVERSION-contrib && \
+    yum clean all
+# Copy
+COPY data/postgresql-setup /usr/pgsql-$PG_VERSION/bin/postgresql$PGVERSION-setup
+# Working directory
+WORKDIR /var/lib/pgsql
+# Run initdb
+RUN /usr/pgsql-$PG_VERSION/bin/postgresql$PGVERSION-setup initdb
+# Copy config file
+COPY data/postgresql.conf /var/lib/pgsql/$PG_VERSION/data/postgresql.conf
+COPY data/pg_hba.conf /var/lib/pgsql/$PG_VERSION/data/pg_hba.conf
+COPY data/postgresql.sh /usr/local/bin/postgresql.sh
+# Change own user
+RUN chown -R postgres:postgres /var/lib/pgsql/$PG_VERSION/data/* && \
+    usermod -G wheel postgres && \
+    sed -i 's/.*requiretty$/#Defaults requiretty/' /etc/sudoers && \
+    chmod +x /usr/local/bin/postgresql.sh
+# Set volume
+VOLUME ["/var/lib/pgsql"]
+# Set username
+USER postgres
+# Run PostgreSQL Server
+CMD ["/bin/bash", "/usr/local/bin/postgresql.sh"]
+# Expose ports.
+EXPOSE 5432
\ No newline at end of file
--- a/baseimg/tools/postgres9.4/data/pg_hba.conf
+++ b/baseimg/tools/postgres9.4/data/pg_hba.conf
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# Refer to the "Client Authentication" section in the PostgreSQL
+# documentation for a complete description of this file.  A short
+# synopsis follows.
+#
+# This file controls: which hosts are allowed to connect, how clients
+# are authenticated, which PostgreSQL user names they can use, which
+# databases they can access.  Records take one of these forms:
+#
+# local      DATABASE  USER  METHOD  [OPTIONS]
+# host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+# hostssl    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+# hostnossl  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+#
+# (The uppercase items must be replaced by actual values.)
+#
+# The first field is the connection type: "local" is a Unix-domain
+# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
+# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
+# plain TCP/IP socket.
+#
+# DATABASE can be "all", "sameuser", "samerole", "replication", a
+# database name, or a comma-separated list thereof. The "all"
+# keyword does not match "replication". Access to replication
+# must be enabled in a separate record (see example below).
+#
+# USER can be "all", a user name, a group name prefixed with "+", or a
+# comma-separated list thereof.  In both the DATABASE and USER fields
+# you can also write a file name prefixed with "@" to include names
+# from a separate file.
+#
+# ADDRESS specifies the set of hosts the record matches.  It can be a
+# host name, or it is made up of an IP address and a CIDR mask that is
+# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
+# specifies the number of significant bits in the mask.  A host name
+# that starts with a dot (.) matches a suffix of the actual host name.
+# Alternatively, you can write an IP address and netmask in separate
+# columns to specify the set of hosts.  Instead of a CIDR-address, you
+# can write "samehost" to match any of the server's own IP addresses,
+# or "samenet" to match any address in any subnet that the server is
+# directly connected to.
+#
+# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
+# "ident", "peer", "pam", "ldap", "radius" or "cert".  Note that
+# "password" sends passwords in clear text; "md5" is preferred since
+# it sends encrypted passwords.
+#
+# OPTIONS are a set of options for the authentication in the format
+# NAME=VALUE.  The available options depend on the different
+# authentication methods -- refer to the "Client Authentication"
+# section in the documentation for a list of which options are
+# available for which authentication methods.
+#
+# Database and user names containing spaces, commas, quotes and other
+# special characters must be quoted.  Quoting one of the keywords
+# "all", "sameuser", "samerole" or "replication" makes the name lose
+# its special character, and just match a database or username with
+# that name.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal.  If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect.  You can
+# use "pg_ctl reload" to do that.
+# Put your actual configuration here
+# ----------------------------------
+#
+# If you want to allow non-local connections, you need to add more
+# "host" records.  In that case you will also need to make PostgreSQL
+# listen on a non-local interface via the listen_addresses
+# configuration parameter, or via the -i or -h command line switches.
+# TYPE  DATABASE        USER            ADDRESS                 METHOD
+local   all             all                                     trust
+host    all             all             127.0.0.1/32            trust
+host    all             all             ::1/128                 trust
--- a/baseimg/tools/postgres9.4/data/postgresql-setup
+++ b/baseimg/tools/postgres9.4/data/postgresql-setup
+#!/bin/sh
+#
+# postgresql-setup	Initialization and upgrade operations for PostgreSQL
+# PGVERSION is the full package version, e.g., 9.4.0
+# Note: the specfile inserts the correct value during package build
+PGVERSION=9.4.8
+# PGMAJORVERSION is major version, e.g., 9.4 (this should match PG_VERSION)
+PGMAJORVERSION=`echo "$PGVERSION" | sed 's/^\([0-9]*\.[0-9]*\).*$/\1/'`
+# PGENGINE is the directory containing the postmaster executable
+# Note: the specfile inserts the correct value during package build
+PGENGINE=/usr/pgsql-$PGMAJORVERSION/bin
+# The second parameter is the new database version, i.e. $PGMAJORVERSION in this case.
+# Use  "postgresql-$PGMAJORVERSION" service, if not specified.
+SERVICE_NAME="$2"
+if [ x"$SERVICE_NAME" = x ]
+then
+    SERVICE_NAME=postgresql-$PGMAJORVERSION
+fi
+# note that these options are useful at least for help2man processing
+case "$1" in
+    --version)
+	echo "postgresql-setup $PGVERSION"
+        exit 0
+        ;;
+esac
+# this parsing technique fails for PGDATA pathnames containing spaces,
+# but there's not much I can do about it given systemctl's output format...
+PGDATA=/var/lib/pgsql/$PGMAJORVERSION/data/
+# Log file for initdb
+PGLOG=/var/lib/pgsql/$PGMAJORVERSION/initdb.log
+export PGDATA
+SU=su
+script_result=0
+# code shared between initdb and upgrade actions
+perform_initdb(){
+    if [ ! -e "$PGDATA" ]; then
+        mkdir "$PGDATA" || return 1
+        chown postgres:postgres "$PGDATA"
+        chmod go-rwx "$PGDATA"
+    fi
+    # Clean up SELinux tagging for PGDATA
+    [ -x /sbin/restorecon ] && /sbin/restorecon "$PGDATA"
+    # Create the initdb log file if needed
+    if [ ! -e "$PGLOG" -a ! -h "$PGLOG" ]; then
+        touch "$PGLOG" || return 1
+        chown postgres:postgres "$PGLOG"
+        chmod go-rwx "$PGLOG"
+        [ -x /sbin/restorecon ] && /sbin/restorecon "$PGLOG"
+    fi
+    # Initialize the database
+    initdbcmd="$PGENGINE/initdb --pgdata='$PGDATA' --auth='ident'"
+    initdbcmd+=" $PGSETUP_INITDB_OPTIONS"
+    $SU -l postgres -c "$initdbcmd" >> "$PGLOG" 2>&1 < /dev/null
+    # Create directory for postmaster log files
+    mkdir "$PGDATA/pg_log"
+    chown postgres:postgres "$PGDATA/pg_log"
+    chmod go-rwx "$PGDATA/pg_log"
+    [ -x /sbin/restorecon ] && /sbin/restorecon "$PGDATA/pg_log"
+    if [ -f "$PGDATA/PG_VERSION" ]; then
+        return 0
+    fi
+    return 1
+}
+initdb(){
+    if [ -f "$PGDATA/PG_VERSION" ]; then
+        echo $"Data directory is not empty!"
+        echo
+        script_result=1
+    else
+        echo -n $"Initializing database ... "
+        if perform_initdb; then
+            echo $"OK"
+        else
+            echo $"failed, see $PGLOG"
+            script_result=1
+        fi
+        echo
+    fi
+}
+# See how we were called.
+case "$1" in
+    initdb)
+        initdb
+        ;;
+    *)
+        echo >&2 "$USAGE_STRING"
+        exit 2
+esac
+exit $script_result
--- a/baseimg/tools/postgres9.4/data/postgresql.conf
+++ b/baseimg/tools/postgres9.4/data/postgresql.conf
--- a/baseimg/tools/postgres9.4/data/postgresql.sh
+++ b/baseimg/tools/postgres9.4/data/postgresql.sh
+#!/bin/bash
+#Version
+PG_VERSION="9.4"
+#Settings
+DB_NAME=${DB_NAME:-}
+DB_USER=${DB_USER:-}
+DB_PASS=${DB_PASS:-}
+PG_PORT=5432
+PG_CONFDIR="/var/lib/pgsql/$PG_VERSION/data"
+PG_CTL="/usr/pgsql-$PG_VERSION/bin/pg_ctl"
+PG_USER="postgres"
+PSQL="/bin/psql"
+create_dbuser() {
+  ## Extract from https://github.com/CentOS/CentOS-Dockerfiles/blob/master/postgres/centos7/
+  ## and modified by me
+  ##
+  ## Check to see if we have pre-defined credentials to use
+  if [ -n "${DB_USER}" ]; then
+    # run postgresql server
+    cd /var/lib/pgsql && sudo -u $PG_USER bash -c "$PG_CTL -D $PG_CONFDIR -o \"-c listen_addresses='*'\" -w start"
+    # generate password
+    if [ -z "${DB_PASS}" ]; then
+      echo "WARNING: "
+      echo "No password specified for \"${DB_USER}\". Generating one"
+      DB_PASS=$(pwgen -c -n -1 12)
+      echo "Password for \"${DB_USER}\" created as: \"${DB_PASS}\""
+    fi
+    # create user
+    echo "Creating user \"${DB_USER}\"..."
+    $PSQL -U $PG_USER -c "CREATE ROLE ${DB_USER} with CREATEROLE login superuser PASSWORD '${DB_PASS}';"
+    # if the user is already created set authentication method to md5
+    sudo -u $PG_USER bash -c "echo \"host    all             all             0.0.0.0/0               md5\" >> $PG_CONFDIR/pg_hba.conf"
+  else
+    # the user is not created set authentication method to trust
+    sudo -u $PG_USER bash -c "echo \"host    all             all             0.0.0.0/0               trust\" >> $PG_CONFDIR/pg_hba.conf"
+  fi
+  if [ -n "${DB_NAME}" ]; then
+    # create database
+    echo "Creating database \"${DB_NAME}\"..."
+    echo "CREATE DATABASE ${DB_NAME};"
+    $PSQL -U $PG_USER -c "CREATE DATABASE ${DB_NAME}"
+    # grant permission
+    if [ -n "${DB_USER}" ]; then
+      echo "Granting access to database \"${DB_NAME}\" for user \"${DB_USER}\"..."
+      $PSQL -U $PG_USER -c "GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} to ${DB_USER};"
+    fi
+    # stop postgresql server
+    sudo -u $PG_USER bash -c "$PG_CTL -D $PG_CONFDIR -m fast -w stop"   
+  fi
+}
+postgresql_server () {
+  /usr/pgsql-$PG_VERSION/bin/postgres -D /var/lib/pgsql/$PG_VERSION/data -p $PG_PORT
+}
+####
+####
+create_dbuser
+echo "Starting PostgreSQL $PG_VERSION server..."
+postgresql_server