kopia lustrzana https://github.com/kartoza/docker-postgis
Woohoo simple setup of container (less suing to postgres) and run container as user postgres and support for ssl now works out the box
Tim Sutton
rodzic
e594cb19b8
commit
b00bc91a07
|
|
@ -25,9 +25,8 @@ RUN service postgresql start && /bin/su postgres -c "createuser -d -s -r -l dock
|
|||
# Start with supervisor
|
||||
ADD postgres.conf /etc/supervisor/conf.d/postgres.conf
|
||||
|
||||
# Open port 5432 and 22 so linked containers can see them
|
||||
# Open port 5432 so linked containers can see them
|
||||
EXPOSE 5432
|
||||
EXPOSE 22
|
||||
|
||||
# Run any additional tasks here that are too tedious to put in
|
||||
# this dockerfile directly.
|
||||
|
|
@ -39,4 +38,5 @@ RUN /setup.sh
|
|||
ADD start-postgis.sh /start-postgis.sh
|
||||
RUN chmod 0755 /start-postgis.sh
|
||||
|
||||
USER postgres
|
||||
CMD /start-postgis.sh
|
||||
|
|
|
|||
|
|
@ -1 +1,29 @@
|
|||
# Add any additional setup tasks here
|
||||
|
||||
# These tasks are run as root
|
||||
CONF="/etc/postgresql/9.3/main/postgresql.conf"
|
||||
|
||||
# /etc/ssl/private can't be accessed from within container for some reason
|
||||
# (@andrewgodwin says it's something AUFS related) - taken from https://github.com/orchardup/docker-postgresql/blob/master/Dockerfile
|
||||
mkdir -p /etc/ssl/private-copy
|
||||
mv /etc/ssl/private/* /etc/ssl/private-copy/
|
||||
rm -r /etc/ssl/private
|
||||
mv /etc/ssl/private-copy /etc/ssl/private
|
||||
chmod -R 0700 /etc/ssl/private
|
||||
chown -R postgres /etc/ssl/private
|
||||
|
||||
# Restrict subnet to docker private network
|
||||
echo "host all all 172.17.0.0/16 md5" >> /etc/postgresql/9.3/main/pg_hba.conf
|
||||
# Listen on all ip addresses
|
||||
echo "listen_addresses = '*'" >> /etc/postgresql/9.3/main/postgresql.conf
|
||||
echo "port = 5432" >> /etc/postgresql/9.3/main/postgresql.conf
|
||||
|
||||
# Enable ssl
|
||||
|
||||
echo "ssl = true" >> $CONF
|
||||
#echo "ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH' " >> $CONF
|
||||
#echo "ssl_renegotiation_limit = 512MB " >> $CONF
|
||||
echo "ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'" >> $CONF
|
||||
echo "ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'" >> $CONF
|
||||
#echo "ssl_ca_file = '' # (change requires restart)" >> $CONF
|
||||
#echo "ssl_crl_file = ''" >> $CONF
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
# This script will run as the postgres user due to the Dockerfile USER directive
|
||||
|
||||
DATADIR="/var/lib/postgresql/9.3/main"
|
||||
CONF="/etc/postgresql/9.3/main/postgresql.conf"
|
||||
POSTGRES="/usr/lib/postgresql/9.3/bin/postgres"
|
||||
|
|
@ -25,37 +27,10 @@ fi
|
|||
if [ ! "$(ls -A $DATADIR)" ]; then
|
||||
|
||||
# No content yet - first time pg is being run!
|
||||
|
||||
|
||||
# /etc/ssl/private can't be accessed from within container for some reason
|
||||
# (@andrewgodwin says it's something AUFS related) - taken from https://github.com/orchardup/docker-postgresql/blob/master/Dockerfile
|
||||
mkdir /etc/ssl/private-copy
|
||||
mv /etc/ssl/private/* /etc/ssl/private-copy/
|
||||
rm -r /etc/ssl/private
|
||||
mv /etc/ssl/private-copy /etc/ssl/private
|
||||
chmod -R 0700 /etc/ssl/private
|
||||
chown -R postgres /etc/ssl/private
|
||||
|
||||
echo "host all all 172.17.0.0/16 md5" >> /etc/postgresql/9.3/main/pg_hba.conf
|
||||
# Listen on all ip addresses
|
||||
echo "listen_addresses = '*'" >> /etc/postgresql/9.3/main/postgresql.conf
|
||||
echo "port = 5432" >> /etc/postgresql/9.3/main/postgresql.conf
|
||||
|
||||
# Enable ssl
|
||||
|
||||
echo "ssl = true" >> $CONF
|
||||
#echo "ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH' " >> $CONF
|
||||
#echo "ssl_renegotiation_limit = 512MB " >> $CONF
|
||||
echo "ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'" >> $CONF
|
||||
echo "ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'" >> $CONF
|
||||
#echo "ssl_ca_file = '' # (change requires restart)" >> $CONF
|
||||
#echo "ssl_crl_file = ''" >> $CONF
|
||||
|
||||
# Initialise db
|
||||
|
||||
echo "Initializing Postgres Database at $DATADIR"
|
||||
chown -R postgres $DATADIR
|
||||
su postgres sh -c "$INITDB $DATADIR"
|
||||
#chown -R postgres $DATADIR
|
||||
$INITDB $DATADIR
|
||||
fi
|
||||
|
||||
# Make sure we have a user set up
|
||||
|
|
@ -69,19 +44,19 @@ fi
|
|||
# redirect user/pass into a file so we can echo it into
|
||||
# docker logs when container starts
|
||||
# so that we can tell user their password
|
||||
echo "postgresql user: $USERNAME" > /PGPASSWORD.txt
|
||||
echo "postgresql password: $PASS" >> /PGPASSWORD.txt
|
||||
su postgres sh -c "$POSTGRES --single -D $DATADIR -c config_file=$CONF" <<< "CREATE USER $USERNAME WITH SUPERUSER ENCRYPTED PASSWORD '$PASS';"
|
||||
echo "postgresql user: $USERNAME" > /tmp/PGPASSWORD.txt
|
||||
echo "postgresql password: $PASS" >> /tmp/PGPASSWORD.txt
|
||||
$POSTGRES --single -D $DATADIR -c config_file=$CONF" <<< "CREATE USER $USERNAME WITH SUPERUSER ENCRYPTED PASSWORD '$PASS';
|
||||
|
||||
trap "echo \"Sending SIGTERM to postgres\"; killall -s SIGTERM postgres" SIGTERM
|
||||
|
||||
su postgres sh -c "$POSTGRES -D $DATADIR -c config_file=$CONF" &
|
||||
$POSTGRES -D $DATADIR -c config_file=$CONF &
|
||||
|
||||
# Wait for the db to start up before trying to use it....
|
||||
|
||||
sleep 10
|
||||
|
||||
RESULT=`su postgres sh -c "psql -l" | grep postgis | wc -l`
|
||||
RESULT=`psql -l | grep postgis | wc -l`
|
||||
if [[ $RESULT == '1' ]]
|
||||
then
|
||||
echo 'Postgis Already There'
|
||||
|
|
@ -90,27 +65,25 @@ else
|
|||
# Note the dockerfile must have put the postgis.sql and spatialrefsys.sql scripts into /root/
|
||||
# We use template0 since we want t different encoding to template1
|
||||
echo "Creating template postgis"
|
||||
su postgres sh -c "createdb template_postgis -E UTF8 -T template0"
|
||||
set -x
|
||||
createdb template_postgis -E UTF8 -T template0
|
||||
echo "Enabling template_postgis as a template"
|
||||
su postgres sh -c "psql template0 -c 'UPDATE pg_database SET datistemplate = TRUE WHERE datname = \'template_postgis\';'"
|
||||
psql template1 -c "UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template_postgis';"
|
||||
echo "Loading postgis.sql"
|
||||
su postgres sh -c "psql template_postgis -f $SQLDIR/postgis.sql"
|
||||
set +x
|
||||
psql template_postgis -f $SQLDIR/postgis.sql
|
||||
echo "Loading spatial_ref_sys.sql"
|
||||
su postgres sh -c "psql template_postgis -f $SQLDIR/spatial_ref_sys.sql"
|
||||
psql template_postgis -f $SQLDIR/spatial_ref_sys.sql
|
||||
|
||||
# Needed when importing old dumps using e.g ndims for constraints
|
||||
echo "Loading legacy sql"
|
||||
su postgres sh -c "psql template_postgis -f $SQLDIR/legacy_minimal.sql"
|
||||
psql template_postgis -f $SQLDIR/legacy_minimal.sql
|
||||
echo "Granting on geometry columns"
|
||||
su postgres sh -c "psql template_postgis -c 'GRANT ALL ON geometry_columns TO PUBLIC;'"
|
||||
psql template_postgis -c 'GRANT ALL ON geometry_columns TO PUBLIC;'
|
||||
echo "Granting on geography columns"
|
||||
su postgres sh -c "psql template_postgis -c 'GRANT ALL ON geography_columns TO PUBLIC;'"
|
||||
psql template_postgis -c 'GRANT ALL ON geography_columns TO PUBLIC;'
|
||||
echo "Granting on spatial ref sys"
|
||||
su postgres sh -c "psql template_postgis -c 'GRANT ALL ON spatial_ref_sys TO PUBLIC;'"
|
||||
psql template_postgis -c 'GRANT ALL ON spatial_ref_sys TO PUBLIC;'
|
||||
# This should show up in docker logs afterwards
|
||||
fi
|
||||
su postgres sh -c "psql -l"
|
||||
psql -l
|
||||
|
||||
wait $!
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue