mirror
/
docker-postgis
kopia lustrzana https://github.com/kartoza/docker-postgis
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

run container as none root (#403) 

* add option to run as none root and update tests
pull/417/head
mazano 2023-02-01 06:42:32 +02:00 zatwierdzone przez GitHub
rodzic 63b52ffd9b
commit 9f8f979b6e
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 4AEE18F83AFDEB23
24 zmienionych plików z 967 dodań i 107 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

10
Dockerfile
Wyświetl plik

@ -27,7 +27,9 @@ RUN set -eux \
&& dpkg-divert --local --rename --add /sbin/initctl
RUN apt-get -y update; apt-get -y install build-essential autoconf libxml2-dev zlib1g-dev netcat gdal-bin \
figlet toilet
figlet toilet gosu; \
# verify that the binary works
gosu nobody true
# Generating locales takes a long time. Utilize caching by runnig it by itself
# early in the build process.
@ -144,9 +146,9 @@ RUN chmod +x *.sh
RUN set -eux \
&& /scripts/setup.sh;rm /scripts/.pass_*
RUN echo 'figlet -t "Kartoza Docker PostGIS"' >> ~/.bashrc
VOLUME /var/lib/postgresql
ENTRYPOINT /scripts/docker-entrypoint.sh
ENTRYPOINT ["/bin/bash", "/scripts/docker-entrypoint.sh"]
##############################################################################
@ -159,7 +161,7 @@ COPY ./scenario_tests/utils/requirements.txt /lib/utils/requirements.txt
RUN set -eux \
&& export DEBIAN_FRONTEND=noninteractive \
&& apt-get update \
&& apt-get -y --no-install-recommends install python3-pip \
&& apt-get -y --no-install-recommends install python3-pip procps \
&& apt-get -y --purge autoremove \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

19
README.md
Wyświetl plik

@ -25,6 +25,7 @@
- [Lockfile](#lockfile)
- [Docker secrets](#docker-secrets)
- [Running the container](#running-the-container)
- [Rootless mode](#rootless-mode)
- [Using the terminal](#using-the-terminal)
- [Convenience docker-compose.yml](#convenience-docker-composeyml)
- [Connect via psql](#connect-via-psql)
@ -431,6 +432,24 @@ Currently, `POSTGRES_PASS`, `POSTGRES_USER`, `POSTGRES_DB`, `SSL_CERT_FILE`,
## Running the container
## Rootless mode
You can run the container in rootless mode. This can be achieved by setting the env variable
`RUN_AS_ROOT=false`. By default, this setting is set to `true` to allow the container to run as root for backward
compatibility with older images.
With `RUN_AS_ROOT=false` you can additionally set the following environment variables to enable you
to pass user id and group id into the container.
```bash
POSTGRES_UID=1000
POSTGRES_GID=1000
USER=postgresuser
GROUP_NAME=postgresusers
```
If you do not pass the UID and GID, the container will use the defaults specified in the container.
### Using the terminal
To create a running container do:

4
docker-compose.yml
Wyświetl plik

@ -19,12 +19,14 @@ services:
- ALLOW_IP_RANGE=0.0.0.0/0
# Add extensions you need to be enabled by default in the DB. Default are the five specified below
- POSTGRES_MULTIPLE_EXTENSIONS=postgis,hstore,postgis_topology,postgis_raster,pgrouting
- RUN_AS_ROOT=true
ports:
- "5432"
restart: on-failure
healthcheck:
test: "PGPASSWORD=docker pg_isready -h 127.0.0.1 -U docker -d gis"
dbbackups:
image: kartoza/pg-backup:15-3.3
hostname: pg-backups
@ -39,4 +41,4 @@ services:
restart: on-failure
depends_on:
db:
condition: service_healthy
condition: service_healthy

55
scenario_tests/collations/docker-compose.yml
Wyświetl plik

@ -4,6 +4,8 @@ version: '2.1'
volumes:
pg-data-dir:
new-pg-data-dir:
pg-data-dir-gs:
new-pg-data-dir-gs:
services:
pg:
@ -21,6 +23,7 @@ services:
ALLOW_IP_RANGE: '0.0.0.0/0'
TEST_CLASS: test_collation.TestCollationDefault
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: true
ports:
- "7777:5432"
healthcheck:
@ -47,6 +50,7 @@ services:
ALLOW_IP_RANGE: '0.0.0.0/0'
TEST_CLASS: test_collation.TestCollationInitialization
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: true
ports:
- "7776:5432"
healthcheck:
@ -54,3 +58,54 @@ services:
timeout: 30s
retries: 3
test: "pg_isready"
pg-gosu:
image: 'kartoza/postgis:${TAG:-manual-build}'
restart: 'always'
# You can optionally mount to volume, to play with the persistence and
# observe how the node will behave after restarts.
volumes:
- pg-data-dir-gs:/var/lib/postgresql
- ./tests:/tests
- ../utils:/lib/utils
environment:
DEFAULT_COLLATION: ${DEFAULT_COLLATION:-id_ID.utf8}
DEFAULT_CTYPE: ${DEFAULT_COLLATION:-id_ID.utf8}
ALLOW_IP_RANGE: '0.0.0.0/0'
TEST_CLASS: test_collation.TestCollationDefault
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: false
ports:
- "7778:5432"
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"
pg-new-gosu:
image: 'kartoza/postgis:${TAG:-manual-build}'
restart: 'always'
# You can optionally mount to volume, to play with the persistence and
# observe how the node will behave after restarts.
volumes:
- new-pg-data-dir-gs:/opt/data/postgis
- ./tests:/tests
- ../utils:/lib/utils
hostname: 'pg-new-gosu'
environment:
RECREATE_DATADIR: "True"
PGDATA: /opt/data/postgis
DEFAULT_COLLATION: ${DEFAULT_COLLATION:-id_ID.utf8}
DEFAULT_CTYPE: ${DEFAULT_COLLATION:-id_ID.utf8}
ALLOW_IP_RANGE: '0.0.0.0/0'
TEST_CLASS: test_collation.TestCollationInitialization
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: true
ports:
- "7779:5432"
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"

18
scenario_tests/collations/test.sh
Wyświetl plik

@ -6,26 +6,32 @@ set -e
source ../test-env.sh
# Run service
docker-compose up -d
if [[ $(dpkg -l | grep "docker-compose") > /dev/null ]];then
VERSION='docker-compose'
else
VERSION='docker compose'
fi
${VERSION} up -d
if [[ -n "${PRINT_TEST_LOGS}" ]]; then
docker-compose logs -f &
${VERSION} logs -f &
fi
sleep 30
services=("pg" "pg-new")
services=("pg" "pg-new" "pg-gosu" "pg-new-gosu")
for service in "${services[@]}"; do
# Execute tests
until docker-compose exec -T $service pg_isready; do
until ${VERSION} exec -T $service pg_isready; do
sleep 30
echo "Wait service to be ready"
done;
echo "Execute test for $service"
docker-compose exec -T $service /bin/bash /tests/test.sh
${VERSION} exec -T $service /bin/bash /tests/test.sh
done
docker-compose down -v
${VERSION} down -v

151
scenario_tests/datadir_init/docker-compose-gs.yml 100644
Wyświetl plik

@ -0,0 +1,151 @@
version: '2.1'
volumes:
default-pg-data-dir:
new-pg-data-dir:
new-pg-data-dir-2:
new-pg-data-dir-3:
recreate-pg-data-dir:
init-waldir:
services:
pg-default:
image: 'kartoza/postgis:${TAG:-manual-build}'
volumes:
# By default persisted volumes should be in /var/lib/postgresql
- default-pg-data-dir:/var/lib/postgresql
- ./tests:/tests
- ../utils:/lib/utils
environment:
# Default usage, no datadir location defined
TEST_CLASS: TestDefault
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: false
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"
pg-new:
image: 'kartoza/postgis:${TAG:-manual-build}'
volumes:
# Mount to new locations where there are no initial data
- new-pg-data-dir:/opt/mypostgis/data
- ./tests:/tests
- ../utils:/lib/utils
environment:
# Tell the new location
TEST_CLASS: TestNew
DATADIR: /opt/mypostgis/data
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: false
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"
pg-recreate:
image: 'kartoza/postgis:${TAG:-manual-build}'
volumes:
- recreate-pg-data-dir:/var/lib/postgresql
- ./tests:/tests
- ../utils:/lib/utils
environment:
# Tell that you are going to perform cluster reinitialization
TEST_CLASS: TestRecreate
RECREATE_DATADIR: "True"
DEFAULT_ENCODING: ${DEFAULT_ENCODING:-UTF-8}
DEFAULT_COLLATION: ${DEFAULT_COLLATION:-id_ID.utf8}
DEFAULT_CTYPE: ${DEFAULT_COLLATION:-id_ID.utf8}
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: false
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"
pg-custom-waldir-wrong:
image: 'kartoza/postgis:${TAG:-manual-build}'
volumes:
# Mount to a locations where there are initial data
- new-pg-data-dir-2:/opt/mypostgis/data
# Specify different waldir location
- init-waldir:/opt/mypostgis/data/waldir
- ./tests:/tests
- ../utils:/lib/utils
environment:
TEST_CLASS: TestCustomWALdir
DATADIR: /opt/mypostgis/data
POSTGRES_INITDB_WALDIR: /opt/mypostgis/data/waldir
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: false
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"
pg-custom-waldir-correct:
image: 'kartoza/postgis:${TAG:-manual-build}'
volumes:
# Mount to new locations where there are no initial data
- new-pg-data-dir-3:/opt/mypostgis/data
# Specify different waldir location
- init-waldir:/opt/mypostgis/waldir
- ./tests:/tests
- ../utils:/lib/utils
environment:
TEST_CLASS: TestCustomWALdir
DATADIR: /opt/mypostgis/data
POSTGRES_INITDB_WALDIR: /opt/mypostgis/waldir
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: false
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"
pg-custom-waldir-not-match-1:
image: 'kartoza/postgis:${TAG:-manual-build}'
volumes:
# Mount to a locations where there are initial data
- new-pg-data-dir-3:/opt/mypostgis/data
# Specify different waldir location
- init-waldir:/opt/mypostgis/waldir
- ./tests:/tests
- ../utils:/lib/utils
environment:
TEST_CLASS: TestCustomWALdirNotMatch
DATADIR: /opt/mypostgis/data
POSTGRES_INITDB_WALDIR: /opt/waldir
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: false
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"
pg-custom-waldir-not-match-2:
image: 'kartoza/postgis:${TAG:-manual-build}'
volumes:
# Mount to a locations where there are initial data
- new-pg-data-dir-2:/opt/mypostgis/data
# Specify different waldir location
- init-waldir:/opt/waldir
- ./tests:/tests
- ../utils:/lib/utils
environment:
TEST_CLASS: TestCustomWALdirNotMatch
DATADIR: /opt/mypostgis/data
POSTGRES_INITDB_WALDIR: /opt/waldir
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: false
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"

3
scenario_tests/datadir_init/docker-compose.yml
Wyświetl plik

@ -140,4 +140,5 @@ services:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"
test: "pg_isready"

54
scenario_tests/datadir_init/test.sh
Wyświetl plik

@ -5,30 +5,66 @@ set -e
source ../test-env.sh
# Run service
docker-compose up -d pg-default pg-new pg-recreate
if [[ -n "${PRINT_TEST_LOGS}" ]]; then
docker-compose logs -f &
if [[ $(dpkg -l | grep "docker-compose") > /dev/null ]];then
VERSION='docker-compose'
else
VERSION='docker compose'
fi
sleep 60
# Run service for root user
${VERSION} up -d pg-default pg-new pg-recreate
if [[ -n "${PRINT_TEST_LOGS}" ]]; then
${VERSION} logs -f &
fi
sleep 30
services=("pg-default" "pg-new" "pg-recreate")
for service in "${services[@]}"; do
# Execute tests
until docker-compose exec -T $service pg_isready; do
until ${VERSION} exec -T $service pg_isready; do
sleep 5
echo "Wait service to be ready"
done;
echo "Execute test for $service"
docker-compose exec -T $service /bin/bash /tests/test.sh
${VERSION} exec -T $service /bin/bash /tests/test.sh
done
# special meta test to check the setup
bash ./test_custom_waldir.sh
docker-compose down -v
${VERSION} down -v
# Run service for none root user
${VERSION} -f docker-compose-gs.yml up -d pg-default pg-new pg-recreate
if [[ -n "${PRINT_TEST_LOGS}" ]]; then
${VERSION} -f docker-compose-gs.yml logs -f &
fi
sleep 30
services=("pg-default" "pg-new" "pg-recreate")
for service in "${services[@]}"; do
# Execute tests
until ${VERSION} -f docker-compose-gs.yml exec -T $service pg_isready; do
sleep 5
echo "Wait service to be ready"
done;
echo "Execute test for $service"
${VERSION} -f docker-compose-gs.yml exec -T $service /bin/bash /tests/test.sh
done
# special meta test to check the setup
#bash ./test_custom_waldir_gs.sh
${VERSION} -f docker-compose-gs.yml down -v

52
scenario_tests/datadir_init/test_custom_waldir.sh
Wyświetl plik

@ -5,19 +5,25 @@ set -e
source ../test-env.sh
if [[ $(dpkg -l | grep "docker-compose") > /dev/null ]];then
VERSION='docker-compose'
else
VERSION='docker compose'
fi
# This test is special
# It is used to check the meta level of the setup.
# Print logs
if [[ -n "${PRINT_TEST_LOGS}" ]]; then
docker-compose logs -f &
${VERSION} logs -f &
fi
# Recreate containers with the same setup as pg-new and pg-default
# Try to make sure that container recreation is successful
echo "### Checking Container Recreation"
docker-compose down
docker-compose up -d pg-default pg-new pg-recreate
${VERSION} down
${VERSION} up -d pg-default pg-new pg-recreate
sleep 60
@ -26,12 +32,12 @@ services=("pg-default" "pg-new" "pg-recreate")
for service in "${services[@]}"; do
# Execute tests
until docker-compose exec -T $service pg_isready; do
until ${VERSION} exec -T $service pg_isready; do
sleep 5
echo "Wait service to be ready"
done;
echo "Execute test for $service"
docker-compose exec -T $service /bin/bash /tests/test.sh
${VERSION} exec -T $service /bin/bash /tests/test.sh
done
@ -39,72 +45,72 @@ done
# is prevented
echo "### Checking Error Message on nested pg_wal location"
service="pg-custom-waldir-wrong"
docker-compose up -d pg-custom-waldir-wrong
${VERSION} up -d pg-custom-waldir-wrong
sleep 60
# Loop until we found error message
while true; do
if [[ -n "$(docker-compose logs $service | grep 'Error')" && \
-n "$(docker-compose logs $service | grep 'POSTGRES_INITDB_WALDIR should not be set to be inside DATADIR or PGDATA.')" ]]; then
if [[ -n "$(${VERSION} logs $service | grep 'Error')" && \
-n "$(${VERSION} logs $service | grep 'POSTGRES_INITDB_WALDIR should not be set to be inside DATADIR or PGDATA.')" ]]; then
break
fi
sleep 5
done;
docker-compose down
${VERSION} down
# Check that the correct custom initdb waldir works, twice after container restart.
echo "### Checking custom POSTGRES_INITDB_WALDIR should work"
service="pg-custom-waldir-correct"
for ((i=1;i<=2;i++)); do
echo "attempt $i"
docker-compose up -d $service
${VERSION} up -d $service
sleep 60
until docker-compose exec -T $service pg_isready; do
until ${VERSION} exec -T $service pg_isready; do
sleep 5
echo "Wait service to be ready"
done;
echo "Execute test for $service"
docker-compose exec -T $service /bin/bash /tests/test.sh
docker-compose down
${VERSION} exec -T $service /bin/bash /tests/test.sh
${VERSION} down
done
# Check that if the variable POSTGRES_INITBD_WALDIR doesn't match with pg_wal symlink,
# then give warning, but proceeds if the the mount is still correct
echo "### Checking raise warning if custom POSTGRES_INITDB_WALDIR does not match"
service="pg-custom-waldir-not-match-1"
docker-compose up -d $service
${VERSION} up -d $service
sleep 60
# Loop until we found warning message
while true; do
if [[ -n "$(docker-compose logs $service | grep 'Warning')" && \
-n "$(docker-compose logs $service | grep 'POSTGRES_INITDB_WALDIR is not the same as what pg_wal is pointing to.')" ]]; then
if [[ -n "$(${VERSION} logs $service | grep 'Warning')" && \
-n "$(${VERSION} logs $service | grep 'POSTGRES_INITDB_WALDIR is not the same as what pg_wal is pointing to.')" ]]; then
break
fi
sleep 5
done;
until docker-compose exec -T $service pg_isready; do
until ${VERSION} exec -T $service pg_isready; do
sleep 5
echo "Wait service to be ready"
done;
echo "Execute test for $service"
docker-compose exec -T $service /bin/bash /tests/test.sh
docker-compose down
${VERSION} exec -T $service /bin/bash /tests/test.sh
${VERSION} down
# Check that if the pg_wal is empty, then something is wrong and we should exit
echo "### Checking Error and Exit if pg_wal is empty"
service="pg-custom-waldir-not-match-2"
docker-compose up -d $service
${VERSION} up -d $service
sleep 60
# Loop until we found warning message
warning_text="Can't proceed because \"/opt/mypostgis/data/pg_wal\" directory is empty."
while true; do
if [[ -n "$(docker-compose logs $service | grep 'Error')" && \
-n "$(docker-compose logs $service | grep "$warning_text")" ]]; then
if [[ -n "$(${VERSION} logs $service | grep 'Error')" && \
-n "$(${VERSION} logs $service | grep "$warning_text")" ]]; then
break
fi
sleep 5
done;
docker-compose down -v
${VERSION} down -v

116
scenario_tests/datadir_init/test_custom_waldir_gs.sh 100644
Wyświetl plik

@ -0,0 +1,116 @@
#!/usr/bin/env bash
# exit immediately if test fails
set -e
source ../test-env.sh
if [[ $(dpkg -l | grep "docker-compose") > /dev/null ]];then
VERSION='docker-compose'
else
VERSION='docker compose'
fi
# This test is special
# It is used to check the meta level of the setup.
# Print logs
if [[ -n "${PRINT_TEST_LOGS}" ]]; then
${VERSION} -f docker-compose-gs.yml logs -f &
fi
# Recreate containers with the same setup as pg-new and pg-default
# Try to make sure that container recreation is successful
echo "### Checking Container Recreation"
${VERSION} -f docker-compose-gs.yml down
${VERSION} -f docker-compose-gs.yml up -d pg-default pg-new pg-recreate
sleep 60
services=("pg-default" "pg-new" "pg-recreate")
for service in "${services[@]}"; do
# Execute tests
until ${VERSION} -f docker-compose-gs.yml exec -T $service pg_isready; do
sleep 5
echo "Wait service to be ready"
done;
echo "Execute test for $service"
${VERSION} -f docker-compose-gs.yml exec -T $service /bin/bash /tests/test.sh
done
# Check the wrong setup must have warned that nested custom pg_wal location
# is prevented
echo "### Checking Error Message on nested pg_wal location"
service="pg-custom-waldir-wrong"
${VERSION} -f docker-compose-gs.yml up -d pg-custom-waldir-wrong
sleep 60
# Loop until we found error message
while true; do
if [[ -n "$(${VERSION} -f docker-compose-gs.yml logs $service | grep 'Error')" && \
-n "$(${VERSION} -f docker-compose-gs.yml logs $service | grep 'POSTGRES_INITDB_WALDIR should not be set to be inside DATADIR or PGDATA.')" ]]; then
break
fi
sleep 5
done;
${VERSION} -f docker-compose-gs.yml down
# Check that the correct custom initdb waldir works, twice after container restart.
echo "### Checking custom POSTGRES_INITDB_WALDIR should work"
service="pg-custom-waldir-correct"
for ((i=1;i<=2;i++)); do
echo "attempt $i"
${VERSION} -f docker-compose-gs.yml up -d $service
sleep 60
until ${VERSION} -f docker-compose-gs.yml exec -T $service pg_isready; do
sleep 5
echo "Wait service to be ready"
done;
echo "Execute test for $service"
${VERSION} -f docker-compose-gs.yml exec -T $service /bin/bash /tests/test.sh
${VERSION} -f docker-compose-gs.yml down
done
# Check that if the variable POSTGRES_INITBD_WALDIR doesn't match with pg_wal symlink,
# then give warning, but proceeds if the the mount is still correct
echo "### Checking raise warning if custom POSTGRES_INITDB_WALDIR does not match"
service="pg-custom-waldir-not-match-1"
${VERSION} -f docker-compose-gs.yml up -d $service
sleep 60
# Loop until we found warning message
while true; do
if [[ -n "$(${VERSION} -f docker-compose-gs.yml logs $service | grep 'Warning')" && \
-n "$(${VERSION} -f docker-compose-gs.yml logs $service | grep 'POSTGRES_INITDB_WALDIR is not the same as what pg_wal is pointing to.')" ]]; then
break
fi
sleep 5
done;
until ${VERSION} -f docker-compose-gs.yml exec -T $service pg_isready; do
sleep 5
echo "Wait service to be ready"
done;
echo "Execute test for $service"
${VERSION} -f docker-compose-gs.yml exec -T $service /bin/bash /tests/test.sh
${VERSION} -f docker-compose-gs.yml down
# Check that if the pg_wal is empty, then something is wrong and we should exit
echo "### Checking Error and Exit if pg_wal is empty"
service="pg-custom-waldir-not-match-2"
${VERSION} -f docker-compose-gs.yml up -d $service
sleep 60
# Loop until we found warning message
warning_text="Can't proceed because \"/opt/mypostgis/data/pg_wal\" directory is empty."
while true; do
if [[ -n "$(${VERSION} -f docker-compose-gs.yml logs $service | grep 'Error')" && \
-n "$(${VERSION} -f docker-compose-gs.yml logs $service | grep "$warning_text")" ]]; then
break
fi
sleep 5
done;
${VERSION} -f docker-compose-gs.yml down -v

45
scenario_tests/extensions/docker-compose.yml
Wyświetl plik

@ -14,6 +14,7 @@ services:
ALLOW_IP_RANGE: '0.0.0.0/0'
TEST_CLASS: test_extensions.TestExtensions
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: true
ports:
- "7777:5432"
healthcheck:
@ -35,6 +36,7 @@ services:
TEST_CLASS: test_extensions.TestExtensions
POSTGRES_MULTIPLE_EXTENSIONS: postgis,pgcrypto:1.3
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: true
ports:
- "7776:5432"
healthcheck:
@ -42,3 +44,46 @@ services:
timeout: 30s
retries: 3
test: "pg_isready"
pg-gosu:
image: 'kartoza/postgis:${TAG:-manual-build}'
restart: 'always'
# You can optionally mount to volume, to play with the persistence and
# observe how the node will behave after restarts.
volumes:
- ./tests:/tests
- ../utils:/lib/utils
environment:
ALLOW_IP_RANGE: '0.0.0.0/0'
TEST_CLASS: test_extensions.TestExtensions
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: false
ports:
- "7778:5432"
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"
pg-two-extensions-gosu:
image: 'kartoza/postgis:${TAG:-manual-build}'
restart: 'always'
# You can optionally mount to volume, to play with the persistence and
# observe how the node will behave after restarts.
volumes:
- ./tests:/tests
- ../utils:/lib/utils
environment:
ALLOW_IP_RANGE: '0.0.0.0/0'
TEST_CLASS: test_extensions.TestExtensions
POSTGRES_MULTIPLE_EXTENSIONS: postgis,pgcrypto:1.3
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: false
ports:
- "7779:5432"
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"

19
scenario_tests/extensions/test.sh
Wyświetl plik

@ -5,27 +5,34 @@ set -e
source ../test-env.sh
if [[ $(dpkg -l | grep "docker-compose") > /dev/null ]];then
VERSION='docker-compose'
else
VERSION='docker compose'
fi
# Run service
docker-compose up -d
${VERSION} up -d
if [[ -n "${PRINT_TEST_LOGS}" ]]; then
docker-compose logs -f &
${VERSION} logs -f &
fi
sleep 30
services=("pg" "pg-two-extensions")
services=("pg" "pg-two-extensions" "pg-gosu" "pg-two-extensions-gosu")
for service in "${services[@]}"; do
# Execute tests
until docker-compose exec -T $service pg_isready; do
until ${VERSION} exec -T $service pg_isready; do
sleep 30
echo "Wait service to be ready"
done;
echo "Execute test for $service"
docker-compose exec -T $service /bin/bash /tests/test.sh
${VERSION} exec -T $service /bin/bash /tests/test.sh
done
docker-compose down -v
${VERSION} down -v

63
scenario_tests/init_scripts/docker-compose.yml
Wyświetl plik

@ -3,6 +3,9 @@ volumes:
default-pg-data-dir-md5:
new-pg-data-dir:
default-pg-data-dir-scram:
default-pg-data-dir-md5-gs:
new-pg-data-dir-gs:
default-pg-data-dir-scram-gs:
services:
pg-default-md5:
@ -16,6 +19,7 @@ services:
environment:
POSTGRES_PASS: 'docker'
PASSWORD_AUTHENTICATION: md5
RUN_AS_ROOT: true
healthcheck:
interval: 60s
timeout: 30s
@ -27,13 +31,14 @@ services:
volumes:
# Mount to new locations where there are no initial data
- new-pg-data-dir:/opt/mypostgis/data
- ./tests/init.sql:/docker-entrypoint-initdb.d/init.sql
- ./tests/init.sh:/docker-entrypoint-initdb.d/init.sh
- ./tests:/tests
- ../utils:/lib/utils
environment:
DATADIR: /opt/mypostgis/data
POSTGRES_PASS: 'docker'
PASSWORD_AUTHENTICATION: md5
RUN_AS_ROOT: true
healthcheck:
interval: 60s
timeout: 30s
@ -50,6 +55,62 @@ services:
- ../utils:/lib/utils
environment:
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: true
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"
# Gosu settings
pg-default-md5-gosu:
image: 'kartoza/postgis:${TAG:-manual-build}'
volumes:
# By default persisted volumes should be in /var/lib/postgresql
- default-pg-data-dir-md5-gs:/var/lib/postgresql
- ./tests/init.sql:/docker-entrypoint-initdb.d/init.sql
- ./tests:/tests
- ../utils:/lib/utils
environment:
POSTGRES_PASS: 'docker'
PASSWORD_AUTHENTICATION: md5
RUN_AS_ROOT: false
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"
pg-new-md5-gosu:
image: 'kartoza/postgis:${TAG:-manual-build}'
volumes:
# Mount to new locations where there are no initial data
- new-pg-data-dir-gs:/opt/mypostgis/data
- ./tests/init.sh:/docker-entrypoint-initdb.d/init.sh
- ./tests:/tests
- ../utils:/lib/utils
environment:
DATADIR: /opt/mypostgis/data
POSTGRES_PASS: 'docker'
PASSWORD_AUTHENTICATION: md5
RUN_AS_ROOT: false
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"
pg-default-scram-gosu:
image: 'kartoza/postgis:${TAG:-manual-build}'
volumes:
# By default persisted volumes should be in /var/lib/postgresql
- default-pg-data-dir-scram-gs:/var/lib/postgresql
- ./tests/init.sql:/docker-entrypoint-initdb.d/init.sql
- ./tests:/tests
- ../utils:/lib/utils
environment:
POSTGRES_PASS: 'docker'
RUN_AS_ROOT: false
healthcheck:
interval: 60s
timeout: 30s

19
scenario_tests/init_scripts/test.sh
Wyświetl plik

@ -5,28 +5,35 @@ set -e
source ../test-env.sh
if [[ $(dpkg -l | grep "docker-compose") > /dev/null ]];then
VERSION='docker-compose'
else
VERSION='docker compose'
fi
# Run service
docker compose up -d pg-default-md5 pg-new-md5 pg-default-scram
${VERSION} up -d pg-default-md5 pg-new-md5 pg-default-scram pg-default-md5-gosu pg-new-md5-gosu pg-default-scram-gosu
if [[ -n "${PRINT_TEST_LOGS}" ]]; then
docker compose logs -f &
${VERSION} logs -f &
fi
sleep 60
services=("pg-default-md5" "pg-new-md5" "pg-default-scram")
services=("pg-default-md5" "pg-new-md5" "pg-default-scram" "pg-default-md5-gosu" "pg-new-md5-gosu" "pg-default-scram-gosu")
for service in "${services[@]}"; do
# Execute tests
until docker compose exec -T $service pg_isready; do
until ${VERSION} exec -T $service pg_isready; do
sleep 5
echo "Wait service to be ready"
done;
echo "Execute test for $service"
docker compose exec -T $service /bin/bash /tests/test.sh
${VERSION} exec -T $service /bin/bash /tests/test.sh
done
docker compose down -v
${VERSION} down -v

63
scenario_tests/logical_replication/docker-compose-gs.yml 100644
Wyświetl plik

@ -0,0 +1,63 @@
version: '2.1'
volumes:
pg-publisher-data-dir:
pg-subscriber-data-dir:
services:
pg-publisher:
image: 'kartoza/postgis:${TAG:-manual-build}'
restart: 'always'
# You can optionally mount to volume, to play with the persistence and
# observe how the node will behave after restarts.
volumes:
- pg-publisher-data-dir:/var/lib/postgresql
- ./tests:/tests
- ../utils:/lib/utils
environment:
ALLOW_IP_RANGE: '0.0.0.0/0'
POSTGRES_PASS: 'docker'
REPLICATION_USER: 'replicator'
REPLICATION_PASS: 'replicator'
REPLICATION: 'true'
WAL_LEVEL: 'logical'
RUN_AS_ROOT: false
ports:
- "7777:5432"
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"
pg-subscriber:
image: 'kartoza/postgis:${TAG:-manual-build}'
restart: 'always'
# You can optionally mount to volume, but we're not able to scale it
# in that case.
# The node will always destroy its database and copy from master at
# runtime
volumes:
- pg-subscriber-data-dir:/var/lib/postgresql
- ./tests:/tests
- ../utils:/lib/utils
environment:
ALLOW_IP_RANGE: '0.0.0.0/0'
WAL_LEVEL: 'logical'
POSTGRES_PASS: 'docker'
REPLICATION_USER: 'replicator'
REPLICATION_PASS: 'replicator'
REPLICATION: 'true'
RUN_AS_ROOT: false
depends_on:
- pg-publisher
# You can expose the port to observe it in your local machine
# For this sample, it was disabled by default to allow scaling test
ports:
- "7776:5432"
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"

2
scenario_tests/logical_replication/docker-compose.yml
Wyświetl plik

@ -22,6 +22,7 @@ services:
REPLICATION_PASS: 'replicator'
REPLICATION: 'true'
WAL_LEVEL: 'logical'
RUN_AS_ROOT: true
ports:
- "7777:5432"
healthcheck:
@ -48,6 +49,7 @@ services:
REPLICATION_USER: 'replicator'
REPLICATION_PASS: 'replicator'
REPLICATION: 'true'
RUN_AS_ROOT: true
depends_on:
- pg-publisher
# You can expose the port to observe it in your local machine

50
scenario_tests/logical_replication/test.sh
Wyświetl plik

@ -4,30 +4,64 @@
set -e
source ../test-env.sh
if [[ $(dpkg -l | grep "docker-compose") > /dev/null ]];then
VERSION='docker-compose'
else
VERSION='docker compose'
fi
# Run service
docker-compose up -d
# Run service as root
${VERSION} up -d
if [[ -n "${PRINT_TEST_LOGS}" ]]; then
docker-compose logs -f &
${VERSION} logs -f &
fi
sleep 60
# Preparing publisher cluster
until docker-compose exec -T pg-publisher pg_isready; do
until ${VERSION} exec -T pg-publisher pg_isready; do
sleep 1
done;
# Execute tests
docker-compose exec -T pg-publisher /bin/bash /tests/test_publisher.sh
${VERSION} exec -T pg-publisher /bin/bash /tests/test_publisher.sh
# Preparing node cluster
until docker-compose exec -T pg-subscriber pg_isready; do
until ${VERSION} exec -T pg-subscriber pg_isready; do
sleep 1
done;
# Execute tests
docker-compose exec -T pg-subscriber /bin/bash /tests/test_subscriber.sh
${VERSION} exec -T pg-subscriber /bin/bash /tests/test_subscriber.sh
docker-compose down -v
${VERSION} down -v
# Run the service as none root
${VERSION} -f docker-compose-gs.yml up -d
if [[ -n "${PRINT_TEST_LOGS}" ]]; then
${VERSION} -f docker-compose-gs.yml logs -f &
fi
sleep 60
# Preparing publisher cluster
until ${VERSION} -f docker-compose-gs.yml exec -T pg-publisher pg_isready; do
sleep 1
done;
# Execute tests
${VERSION} -f docker-compose-gs.yml exec -T pg-publisher /bin/bash /tests/test_publisher.sh
# Preparing node cluster
until ${VERSION} -f docker-compose-gs.yml exec -T pg-subscriber pg_isready; do
sleep 1
done;
# Execute tests
${VERSION} -f docker-compose-gs.yml exec -T pg-subscriber /bin/bash /tests/test_subscriber.sh
${VERSION} down -v

106
scenario_tests/streaming_replication/docker-compose-gs.yml 100644
Wyświetl plik

@ -0,0 +1,106 @@
version: '2.1'
volumes:
pg-master-data-dir:
pg-node-data-dir:
services:
pg-master:
image: 'kartoza/postgis:${TAG:-manual-build}'
restart: 'always'
# You can optionally mount to volume, to play with the persistence and
# observe how the node will behave after restarts.
volumes:
- pg-master-data-dir:/var/lib/postgresql
- ./tests:/tests
- ../utils:/lib/utils
environment:
# ALLOW_IP_RANGE option is used to specify additionals allowed domains
# in pg_hba.
# This range should allow nodes to connect to master
ALLOW_IP_RANGE: '0.0.0.0/0'
# We can specify optional credentials
POSTGRES_PASS: 'docker'
REPLICATION_USER: 'replicator'
REPLICATION_PASS: 'replicator'
REPLICATION: 'true'
RUN_AS_ROOT: false
# Setup master replication variables
#PG_MAX_WAL_SENDERS: 8
#PG_WAL_KEEP_SEGMENTS: 100
# You can expose the port to observe it in your local machine
ports:
- "7777:5432"
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"
pg-node:
image: 'kartoza/postgis:${TAG:-manual-build}'
restart: 'always'
# You can optionally mount to volume, but we're not able to scale it
# in that case.
# The node will always destroy its database and copy from master at
# runtime
volumes:
- pg-node-data-dir:/var/lib/postgresql
- ./tests:/tests
- ../utils:/lib/utils
environment:
# ALLOW_IP_RANGE option is used to specify additionals allowed domains
# in pg_hba.
# Not really needed in nodes for the replication, but optionally can
# be put when nodes are needed to be a failover server when master
# is down. The IP Range are generally needed if other services wants to
# connect to this node
ALLOW_IP_RANGE: '0.0.0.0/0'
# REPLICATE_FROM options accepts domain-name or IP address
# with this in mind, you can also put docker service name, because it
# will be resolved as host name.
POSTGRES_PASS: 'docker'
REPLICATE_FROM: 'pg-master'
REPLICATION: 'true'
RUN_AS_ROOT: false
# REPLICATE_PORT will default to 5432 if not specified.
# REPLICATE_PORT: '5432'
# In the case where you need to replicate from outside service,
# you can put the server address and port here, as long as the target
# where configured as master, and replicable.
# REPLICATE_FROM: '192.168.1.8'
# REPLICATE_PORT: '7777'
# DESTROY_DATABASE_ON_RESTART will default to True if not specified.
# If specified other than True, it will prevent node from destroying
# database on restart
DESTROY_DATABASE_ON_RESTART: 'True'
# PROMOTE_MASTER Default empty.
# If specified with any value, then it will convert current node into
# a writable state. Useful if master is down and the current node needs
# to be promoted until manual recovery.
# PROMOTE_MASTER: 'True'
# For now we don't support different credentials for replication
# so we use the same credentials as master's superuser, or anything that
# have replication role.
REPLICATION_USER: 'replicator'
REPLICATION_PASS: 'replicator'
depends_on:
pg-master:
condition: service_healthy
# You can expose the port to observe it in your local machine
# For this sample, it was disabled by default to allow scaling test
ports:
- "7776:5432"
healthcheck:
interval: 60s
timeout: 30s
retries: 3
test: "pg_isready"

2
scenario_tests/streaming_replication/docker-compose.yml
Wyświetl plik

@ -26,6 +26,7 @@ services:
REPLICATION_USER: 'replicator'
REPLICATION_PASS: 'replicator'
REPLICATION: 'true'
RUN_AS_ROOT: true
# Setup master replication variables
#PG_MAX_WAL_SENDERS: 8
#PG_WAL_KEEP_SEGMENTS: 100
@ -65,6 +66,7 @@ services:
POSTGRES_PASS: 'docker'
REPLICATE_FROM: 'pg-master'
REPLICATION: 'true'
RUN_AS_ROOT: true
# REPLICATE_PORT will default to 5432 if not specified.
# REPLICATE_PORT: '5432'

50
scenario_tests/streaming_replication/test.sh
Wyświetl plik

@ -5,29 +5,63 @@ set -e
source ../test-env.sh
# Run service
docker-compose up -d
if [[ $(dpkg -l | grep "docker-compose") > /dev/null ]];then
VERSION='docker-compose'
else
VERSION='docker compose'
fi
# Run service as root user
${VERSION} up -d
if [[ -n "${PRINT_TEST_LOGS}" ]]; then
docker-compose logs -f &
${VERSION} logs -f &
fi
sleep 30
# Preparing master cluster
until docker-compose exec -T pg-master pg_isready; do
until ${VERSION} exec -T pg-master pg_isready; do
sleep 30
done;
# Execute tests
docker-compose exec -T pg-master /bin/bash /tests/test_master.sh
${VERSION} exec -T pg-master /bin/bash /tests/test_master.sh
# Preparing node cluster
until docker-compose exec -T pg-node pg_isready; do
until ${VERSION} exec -T pg-node pg_isready; do
sleep 30
done;
# Execute tests
docker-compose exec -T pg-node /bin/bash /tests/test_node.sh
${VERSION} exec -T pg-node /bin/bash /tests/test_node.sh
docker-compose down -v
${VERSION} down -v
# Run service as none root
${VERSION} -f docker-compose-gs.yml up -d
if [[ -n "${PRINT_TEST_LOGS}" ]]; then
${VERSION} -f docker-compose-gs.yml logs -f &
fi
sleep 30
# Preparing master cluster
until ${VERSION} -f docker-compose-gs.yml exec -T pg-master pg_isready; do
sleep 30
done;
# Execute tests
${VERSION} -f docker-compose-gs.yml exec -T pg-master /bin/bash /tests/test_master.sh
# Preparing node cluster
until ${VERSION} -f docker-compose-gs.yml exec -T pg-node pg_isready; do
sleep 30
done;
# Execute tests
${VERSION} -f docker-compose-gs.yml exec -T pg-node /bin/bash /tests/test_node.sh
${VERSION} -f docker-compose-gs.yml down -v

68
scripts/docker-entrypoint.sh
Wyświetl plik

@ -17,6 +17,36 @@ source /scripts/setup-pg_hba.sh
# Function to add figlet
figlet -t "Kartoza Docker PostGIS"
# Gosu preparations
if [[ ${RUN_AS_ROOT} =~ [Ff][Aa][Ll][Ss][Ee] ]];then
USER_ID=${POSTGRES_UID:-1000}
GROUP_ID=${POSTGRES_GID:-1000}
USER_NAME=${USER:-postgresuser}
DB_GROUP_NAME=${GROUP_NAME:-postgresusers}
export USER_NAME=${USER_NAME}
export DB_GROUP_NAME=${DB_GROUP_NAME}
# Add group
if [ ! $(getent group "${DB_GROUP_NAME}") ]; then
groupadd -r "${DB_GROUP_NAME}" -g ${GROUP_ID}
fi
# Add user to system
if id "${USER_NAME}" &>/dev/null; then
echo ' skipping user creation'
else
useradd -l -m -d /home/"${USER_NAME}"/ -u "${USER_ID}" --gid "${GROUP_ID}" -s /bin/bash -G "${DB_GROUP_NAME}" "${USER_NAME}"
fi
if [[ "${REPLICATION}" =~ [Tt][Rr][Uu][Ee] ]] ; then
echo "/home/"${USER_NAME}"/.pgpass" > /tmp/pg_subs.txt
envsubst < /tmp/pg_subs.txt > /tmp/pass_command.txt
PGPASSFILE=$(cat /tmp/pass_command.txt)
rm /tmp/pg_subs.txt /tmp/pass_command.txt
fi
fi
if [[ -f /scripts/.pass_20.txt ]]; then
USER_CREDENTIAL_PASS=$(cat /scripts/.pass_20.txt)
@ -33,31 +63,55 @@ fi
if [[ -z "$REPLICATE_FROM" ]]; then
# This means this is a master instance. We check that database exists
echo "Setup master database"
echo -e "[Entrypoint] Setup master database \033[0m"
source /scripts/setup-database.sh
entry_point_script
kill_postgres
else
# This means this is a slave/replication instance.
echo "Setup slave database"
echo -e "[Entrypoint] Setup replicant database \033[0m"
create_dir ${WAL_ARCHIVE}
if [[ ${RUN_AS_ROOT} =~ [Ff][Aa][Ll][Ss][Ee] ]];then
non_root_permission "${USER_NAME}" "${DB_GROUP_NAME}"
else
chown -R postgres:postgres ${DATADIR} ${WAL_ARCHIVE}
chmod -R 750 ${DATADIR} ${WAL_ARCHIVE}
fi
source /scripts/setup-replication.sh
fi
# If no arguments passed to entrypoint, then run postgres by default
if [[ $# -eq 0 ]];
then
if [[ $# -eq 0 ]];then
if [[ ${RUN_AS_ROOT} =~ [Tt][Rr][Uu][Ee] ]];then
echo -e "[Entrypoint] \e[1;31m Postgres initialisation process completed .... restarting in foreground \033[0m"
non_root_permission postgres postgres
su - postgres -c "$SETVARS $POSTGRES -D $DATADIR -c config_file=$CONF"
else
echo -e "[Entrypoint] \e[1;31m Postgres initialisation process completed .... restarting in foreground with gosu \033[0m"
non_root_permission "${USER_NAME}" "${DB_GROUP_NAME}"
exec gosu $USER_NAME bash -c "$SETVARS $POSTGRES -D $DATADIR -c config_file=$CONF"
fi
fi
# If arguments passed, run postgres with these arguments
# This will make sure entrypoint will always be executed
if [[ "${1:0:1}" = '-' ]]; then
# append postgres into the arguments
set -- postgres "$@"
if [[ ${RUN_AS_ROOT} =~ [Tt][Rr][Uu][Ee] ]];then
set -- postgres "$@"
else
set -- gosu $USER_NAME "$@"
fi
fi
exec su - "$@"
echo "The actual command running is "$@""
if [[ ${RUN_AS_ROOT} =~ [Tt][Rr][Uu][Ee] ]];then
exec su - "$@"
else
exec gosu $USER_NAME - "$@"
fi

69
scripts/env-data.sh
Wyświetl plik

@ -355,6 +355,10 @@ if [ -z "${TIMESCALE_TUNING_PARAMS}" ]; then
TIMESCALE_TUNING_PARAMS=
fi
if [ -z "${RUN_AS_ROOT}" ]; then
RUN_AS_ROOT=true
fi
# Compatibility with official postgres variable
# Official postgres variable gets priority
if [ -n "${POSTGRES_PASSWORD}" ]; then
@ -454,23 +458,34 @@ function entry_point_script {
function configure_replication_permissions {
echo "Setup data permissions"
echo "----------------------"
chown -R postgres:postgres $(getent passwd postgres | cut -d: -f6)
su - postgres -c "echo \"${REPLICATE_FROM}:${REPLICATE_PORT}:*:${REPLICATION_USER}:${REPLICATION_PASS}\" > ~/.pgpass"
su - postgres -c "chmod 0600 ~/.pgpass"
if [[ ${RUN_AS_ROOT} =~ [Ff][Aa][Ll][Ss][Ee] ]];then
echo -e "[Entrypoint] \e[1;31m Setup data permissions for replication as a normal user \033[0m"
chown -R "${USER_NAME}":"${DB_GROUP_NAME}" $(getent passwd postgres | cut -d: -f6)
echo "${REPLICATE_FROM}:${REPLICATE_PORT}:*:${REPLICATION_USER}:${REPLICATION_PASS}" > /home/"${USER_NAME}"/.pgpass
chmod 600 /home/"${USER_NAME}"/.pgpass
chown -R "${USER_NAME}":"${DB_GROUP_NAME}" /home/"${USER_NAME}"/.pgpass
non_root_permission "${USER_NAME}" "${DB_GROUP_NAME}"
else
chown -R postgres:postgres ${DATADIR} ${WAL_ARCHIVE}
chmod -R 750 ${DATADIR} ${WAL_ARCHIVE}
echo -e "[Entrypoint] \e[1;31m Setup data permissions for replication as root user \033[0m"
chown -R postgres:postgres $(getent passwd postgres | cut -d: -f6)
su - postgres -c "echo \"${REPLICATE_FROM}:${REPLICATE_PORT}:*:${REPLICATION_USER}:${REPLICATION_PASS}\" > ~/.pgpass"
su - postgres -c "chmod 0600 ~/.pgpass"
fi
}
function streaming_replication {
until su - postgres -c "${PG_BASEBACKUP} -X stream -h ${REPLICATE_FROM} -p ${REPLICATE_PORT} -D ${DATADIR} -U ${REPLICATION_USER} -R -vP -w --label=gis_pg_custer"
do
echo "Waiting for master to connect..."
sleep 1s
if [[ "$(ls -A ${DATADIR})" ]]; then
echo "Need empty folder. Cleaning directory..."
rm -rf ${DATADIR}/*
fi
done
until ${START_COMMAND} "${PG_BASEBACKUP} -X stream -h ${REPLICATE_FROM} -p ${REPLICATE_PORT} -D ${DATADIR} -U ${REPLICATION_USER} -R -vP -w --label=gis_pg_custer"
do
echo -e "[Entrypoint] \e[1;31m Waiting for master to connect... \033[0m"
sleep 1s
if [[ "$(ls -A ${DATADIR})" ]]; then
echo -e "[Entrypoint] \e[1;31m Need empty folder. Cleaning directory... \033[0m"
rm -rf ${DATADIR}/*
fi
done
}
@ -512,4 +527,28 @@ function extension_install() {
fi
fi
}
}
function directory_checker() {
DATA_PATH=$1
if [ -d $DATA_PATH ];then
chown -R ${USER}:${GROUP} ${DATA_PATH}
fi
}
function non_root_permission() {
USER="$1"
GROUP="$2"
path_envs=("${DATADIR}" "${WAL_ARCHIVE}" "${SCRIPTS_LOCKFILE_DIR}" "${CONF_LOCKFILE_DIR}" "${EXTRA_CONF_DIR}" "${SSL_DIR}" "${POSTGRES_INITDB_WALDIR}")
for dir_names in "${path_envs[@]}";do
if [ ! -z "${dir_names}" ];then
directory_checker "${dir_names}"
fi
done
services=("/usr/lib/postgresql/" "/etc/" "/var/run/" "/var/lib/" "/usr/bin" "/tmp" "/scripts")
for paths in "${services[@]}"; do
directory_checker $paths
done
chmod -R 750 ${DATADIR} ${WAL_ARCHIVE}
}

7
scripts/setup-database.sh
Wyświetl plik

@ -2,6 +2,9 @@
source /scripts/env-data.sh
INITDB_WALDIR_FLAG=""
# Check POSTGRES_INITDB_WALDIR value
@ -30,6 +33,9 @@ EOF
INITDB_WALDIR_FLAG="--waldir ${POSTGRES_INITDB_WALDIR}"
fi
create_dir "${WAL_ARCHIVE}"
non_root_permission postgres postgres
# test if DATADIR has content
# Do initialization if DATADIR directory is empty, or RECREATE_DATADIR is true
if [[ -z "$(ls -A ${DATADIR} 2> /dev/null)" || "${RECREATE_DATADIR}" =~ [Tt][Rr][Uu][Ee] ]]; then
@ -70,7 +76,6 @@ fi;
# Set proper permissions
# needs to be done as root:
create_dir "${WAL_ARCHIVE}"
chown -R postgres:postgres ${DATADIR} ${WAL_ARCHIVE}
chmod -R 750 ${DATADIR} ${WAL_ARCHIVE}

29
scripts/setup-replication.sh
Wyświetl plik

@ -6,37 +6,44 @@ source /scripts/env-data.sh
# Adapted from https://github.com/DanielDent/docker-postgres-replication
# To set up replication
if [[ ${RUN_AS_ROOT} =~ [Ff][Aa][Ll][Ss][Ee] ]];then
echo "gosu ${USER_NAME}:${DB_GROUP_NAME} bash -c" > /tmp/gosu_subs.txt
envsubst < /tmp/gosu_subs.txt > /tmp/gosu_command.txt
START_COMMAND=$(cat /tmp/gosu_command.txt)
rm /tmp/gosu_subs.txt /tmp/gosu_command.txt
else
START_COMMAND='su - postgres -c'
fi
create_dir ${WAL_ARCHIVE}
chown -R postgres:postgres ${DATADIR} ${WAL_ARCHIVE}
chmod -R 750 ${DATADIR} ${WAL_ARCHIVE}
if [[ "$WAL_LEVEL" == 'replica' && "${REPLICATION}" =~ [Tt][Rr][Uu][Ee] ]]; then
# No content yet - but this is a slave database
if [ -z "${REPLICATE_FROM}" ]; then
echo "You have not set REPLICATE_FROM variable."
echo "Specify the master address/hostname in REPLICATE_FROM and REPLICATE_PORT variable."
exit 1
fi
until su - postgres -c "pg_isready -h ${REPLICATE_FROM} -p ${REPLICATE_PORT}"
until ${START_COMMAND} "/usr/bin/pg_isready -h ${REPLICATE_FROM} -p ${REPLICATE_PORT}"
do
echo "Waiting for master to ping..."
echo -e "[Entrypoint] \e[1;31m Waiting for master to ping... \033[0m"
sleep 1s
done
if [[ "$DESTROY_DATABASE_ON_RESTART" =~ [Tt][Rr][Uu][Ee] ]]; then
echo "Get initial database from master"
echo -e "[Entrypoint] \e[1;31m Get initial database from master \033[0m"
configure_replication_permissions
if [ -f "${DATADIR}/backup_label.old" ]; then
echo "PG Basebackup already exists so proceed to start the DB"
echo -e "[Entrypoint] \e[1;31m PG Basebackup already exists so proceed to start the DB \033[0m"
else
streaming_replication
fi
fi
# Promote to master if desired
if [[ ! -z "${PROMOTE_MASTER}" ]]; then
su - postgres -c "${NODE_PROMOTION} promote -D ${DATADIR}"
fi
# Promote to master if desired
if [[ ! -z "${PROMOTE_MASTER}" ]]; then
${START_COMMAND} "${NODE_PROMOTION} promote -D ${DATADIR}"
fi
fi