From b1c60d5eb9bc3a53a83416716c6ada07fc624f3d Mon Sep 17 00:00:00 2001 From: Tim Sutton Date: Fri, 9 May 2014 01:25:52 +0200 Subject: [PATCH] Updates for docker container --- 71-apt-cacher-ng | 3 ++- Dockerfile | 20 ++++++++++++++------ start-postgis.sh | 25 ++++++++++++++++++++++--- 3 files changed, 38 insertions(+), 10 deletions(-) diff --git a/71-apt-cacher-ng b/71-apt-cacher-ng index 8ca1a8a..c837065 100644 --- a/71-apt-cacher-ng +++ b/71-apt-cacher-ng @@ -3,4 +3,5 @@ # use apt-cacher in your image build out (and the # Subsequent running container. -Acquire::http { Proxy "http://192.168.1.14:3142"; }; +#Acquire::http { Proxy "http://192.168.2.3:3142"; }; +#Acquire::http { Proxy "http://192.168.1.13:3142"; }; diff --git a/Dockerfile b/Dockerfile index 9d356e1..06033b3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,20 +15,24 @@ ADD 71-apt-cacher-ng /etc/apt/apt.conf.d/71-apt-cacher-ng RUN echo "deb http://archive.ubuntu.com/ubuntu trusty main universe" > /etc/apt/sources.list RUN apt-get -y update # socat can be used to proxy an external port and make it look like it is local -RUN apt-get -y install ca-certificates socat openssh-server supervisor +RUN apt-get -y install ca-certificates socat openssh-server supervisor rpl pwgen RUN mkdir /var/run/sshd ADD sshd.conf /etc/supervisor/conf.d/sshd.conf - -RUN echo 'root:postgis' | chpasswd +# Ubuntu 14.04 by default only allows non pwd based root login +# We disable that but also create an .ssh dir so you can copy +# up your key. NOTE: This is not a particularly robust setup +# security wise and we recommend to NOT expose ssh as a public +# service. +RUN rpl "PermitRootLogin without-password" "PermitRootLogin yes" /etc/ssh/sshd_config +RUN mkdir /root/.ssh +RUN chmod o-rwx /root/.ssh #-------------Application Specific Stuff ---------------------------------------------------- # Next line a workaround for https://github.com/dotcloud/docker/issues/963 RUN apt-get install -y postgresql-9.3-postgis-2.1 RUN echo "host all all 0.0.0.0/0 md5" >> /etc/postgresql/9.3/main/pg_hba.conf -# Note: I dont think this is relevant anymore as start.sh sets up a user -# Please test and verify before removing though RUN service postgresql start && /bin/su postgres -c "createuser -d -s -r -l docker" && /bin/su postgres -c "psql postgres -c \"ALTER USER docker WITH ENCRYPTED PASSWORD 'docker'\"" && service postgresql stop # Listen on all ip addresses RUN echo "listen_addresses = '*'" >> /etc/postgresql/9.3/main/postgresql.conf @@ -51,4 +55,8 @@ RUN /setup.sh ADD start-postgis.sh /start-postgis.sh RUN chmod 0755 /start-postgis.sh -CMD supervisor -n +# Called on first run of docker - will run supervisor +ADD start.sh /start.sh +RUN chmod 0755 /start.sh + +CMD /start.sh diff --git a/start-postgis.sh b/start-postgis.sh index 6ee5ea1..35e0cd8 100644 --- a/start-postgis.sh +++ b/start-postgis.sh @@ -12,8 +12,13 @@ if [ ! -d $DATADIR ]; then mkdir -p $DATADIR fi -# Note that $USERNAME and $PASS below are passed via docker run e.g. -#docker run -cidfile=/home/timlinux/postgis-current-container.id -name=postgis -e USERNAME=qgis -e PASS=qgis -d -v /var/docker-data/postgres-dat:/var/lib/postgresql -t qgis/postgis:6 /start.sh +# Note that $USERNAME and $PASS below are optional paramters that can be passed +# via docker run e.g. +#docker run --name="postgis" -e USERNAME=qgis -e PASS=qgis -d -v +#/var/docker-data/postgres-dat:/var/lib/postgresql -t qgis/postgis:6 + +# If you dont specify a user/password in docker run, we will generate one +# here and create a user called 'docker' to go with it. # test if DATADIR has content @@ -21,9 +26,23 @@ if [ ! "$(ls -A $DATADIR)" ]; then echo "Initializing Postgres Database at $DATADIR" chown -R postgres $DATADIR su postgres sh -c "$INITDB $DATADIR" - su postgres sh -c "$POSTGRES --single -D $DATADIR -c config_file=$CONF" <<< "CREATE USER $USERNAME WITH SUPERUSER PASSWORD '$PASS';" fi +# Make sure we have a user set up +if [ -z "$USERNAME" ]; then + USERNAME=postgis +fi +if [ -z "$PASS" ]; then + PASS=postgis + #PASS=`pwgen -c -n -1 12` +fi +# redirect user/pass into a file so we can echo it into +# docker logs when container starts +# so that we can tell user their password +echo "postgresql user: $USERNAME" > /PGPASSWORD.txt +echo "postgresql password: $PASS" >> /PGPASSWORD.txt +su postgres sh -c "$POSTGRES --single -D $DATADIR -c config_file=$CONF" <<< "CREATE USER $USERNAME WITH SUPERUSER ENCRYPTED PASSWORD '$PASS';" + trap "echo \"Sending SIGTERM to postgres\"; killall -s SIGTERM postgres" SIGTERM su postgres sh -c "$POSTGRES -D $DATADIR -c config_file=$CONF" &