From f3bf10222dd7a682a80ffcc2423ccaf410dff661 Mon Sep 17 00:00:00 2001 From: Tim Sutton Date: Mon, 18 Aug 2014 12:06:50 +0200 Subject: [PATCH 1/5] Enable cache in my fork --- 71-apt-cacher-ng | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/71-apt-cacher-ng b/71-apt-cacher-ng index b439cae..32a06d4 100644 --- a/71-apt-cacher-ng +++ b/71-apt-cacher-ng @@ -3,5 +3,5 @@ # use apt-cacher in your image build out (and the # Subsequent running container. -#Acquire::http { Proxy "http://192.168.2.9:3142"; }; +Acquire::http { Proxy "http://192.168.2.9:3142"; }; #Acquire::http { Proxy "http://192.168.1.13:3142"; }; From 5116a31255ba9ff62c3892e4b4691bc043fde553 Mon Sep 17 00:00:00 2001 From: Tim Sutton Date: Sat, 6 Dec 2014 11:33:36 +0700 Subject: [PATCH 2/5] Move permissions for ssl to be run as root --- 71-apt-cacher-ng | 3 ++- perms_wrapper.sh | 10 +++++++++- setup.sh | 8 -------- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/71-apt-cacher-ng b/71-apt-cacher-ng index 32a06d4..c2b91ac 100644 --- a/71-apt-cacher-ng +++ b/71-apt-cacher-ng @@ -3,5 +3,6 @@ # use apt-cacher in your image build out (and the # Subsequent running container. -Acquire::http { Proxy "http://192.168.2.9:3142"; }; +#Acquire::http { Proxy "http://192.168.2.9:3142"; }; +#Acquire::http { Proxy "http://192.168.0.131:3142"; }; #Acquire::http { Proxy "http://192.168.1.13:3142"; }; diff --git a/perms_wrapper.sh b/perms_wrapper.sh index c6ce165..89d9873 100644 --- a/perms_wrapper.sh +++ b/perms_wrapper.sh @@ -1,7 +1,15 @@ #!/bin/bash +# /etc/ssl/private can't be accessed from within container for some reason +# (@andrewgodwin says it's something AUFS related) - taken from https://github.com/orchardup/docker-postgresql/blob/master/Dockerfile +cp -r /etc/ssl /tmp/ssl-copy/ +chmod -R 0700 /etc/ssl +chown -R postgres /tmp/ssl-copy +rm -r /etc/ssl +mv /tmp/ssl-copy /etc/ssl + # needs to be done as root: chown -R postgres:postgres /var/lib/postgresql # everything else needs to be done as non-root (i.e. postgres) -sudo -u postgres /start-postgis.sh \ No newline at end of file +sudo -u postgres /start-postgis.sh diff --git a/setup.sh b/setup.sh index f2b3804..52ea0fd 100755 --- a/setup.sh +++ b/setup.sh @@ -3,14 +3,6 @@ # These tasks are run as root CONF="/etc/postgresql/9.3/main/postgresql.conf" -# /etc/ssl/private can't be accessed from within container for some reason -# (@andrewgodwin says it's something AUFS related) - taken from https://github.com/orchardup/docker-postgresql/blob/master/Dockerfile -cp -r /etc/ssl /tmp/ssl-copy/ -chmod -R 0700 /etc/ssl -chown -R postgres /tmp/ssl-copy -rm -r /etc/ssl -mv /tmp/ssl-copy /etc/ssl - # Restrict subnet to docker private network echo "host all all 172.17.0.0/16 md5" >> /etc/postgresql/9.3/main/pg_hba.conf # Listen on all ip addresses From 54e8d8313bd30980618a7e90c8430dcf00148e30 Mon Sep 17 00:00:00 2001 From: Tim Sutton Date: Sat, 6 Dec 2014 11:50:34 +0700 Subject: [PATCH 3/5] Added link to docker hub page in readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 7052ca1..71b3b82 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,8 @@ A simple docker container that runs PostGIS +Visit our page on the docker hub at: https://registry.hub.docker.com/u/kartoza/postgis/ + There are a number of other docker postgis containers out there. This one differentiates itself by: From b3e2747c5d82b4717c85353fbc50ec0d3e868a50 Mon Sep 17 00:00:00 2001 From: Tim Sutton Date: Sat, 6 Dec 2014 14:09:58 +0700 Subject: [PATCH 4/5] Dont use perms wrapper. Dont create users in dockerfile too. --- Dockerfile | 6 +----- perms_wrapper.sh | 15 -------------- start-postgis.sh | 51 ++++++++++++++++++++++++++++++------------------ 3 files changed, 33 insertions(+), 39 deletions(-) delete mode 100644 perms_wrapper.sh diff --git a/Dockerfile b/Dockerfile index 2c608ea..36cc172 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,7 +20,6 @@ RUN apt-get -y install ca-certificates rpl pwgen # Next line a workaround for https://github.com/dotcloud/docker/issues/963 RUN apt-get install -y postgresql-9.3-postgis-2.1 -RUN service postgresql start && /bin/su postgres -c "createuser -d -s -r -l docker" && /bin/su postgres -c "psql postgres -c \"ALTER USER docker WITH ENCRYPTED PASSWORD 'docker'\"" && service postgresql stop # Start with supervisor ADD postgres.conf /etc/supervisor/conf.d/postgres.conf @@ -38,7 +37,4 @@ RUN /setup.sh ADD start-postgis.sh /start-postgis.sh RUN chmod 0755 /start-postgis.sh -ADD perms_wrapper.sh /perms_wrapper.sh -RUN chmod 0755 /perms_wrapper.sh - -CMD /perms_wrapper.sh +CMD /start-postgis.sh diff --git a/perms_wrapper.sh b/perms_wrapper.sh deleted file mode 100644 index 89d9873..0000000 --- a/perms_wrapper.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -# /etc/ssl/private can't be accessed from within container for some reason -# (@andrewgodwin says it's something AUFS related) - taken from https://github.com/orchardup/docker-postgresql/blob/master/Dockerfile -cp -r /etc/ssl /tmp/ssl-copy/ -chmod -R 0700 /etc/ssl -chown -R postgres /tmp/ssl-copy -rm -r /etc/ssl -mv /tmp/ssl-copy /etc/ssl - -# needs to be done as root: -chown -R postgres:postgres /var/lib/postgresql - -# everything else needs to be done as non-root (i.e. postgres) -sudo -u postgres /start-postgis.sh diff --git a/start-postgis.sh b/start-postgis.sh index 82e3c0a..b97a5ed 100755 --- a/start-postgis.sh +++ b/start-postgis.sh @@ -8,15 +8,26 @@ POSTGRES="/usr/lib/postgresql/9.3/bin/postgres" INITDB="/usr/lib/postgresql/9.3/bin/initdb" SQLDIR="/usr/share/postgresql/9.3/contrib/postgis-2.1/" +# /etc/ssl/private can't be accessed from within container for some reason +# (@andrewgodwin says it's something AUFS related) - taken from https://github.com/orchardup/docker-postgresql/blob/master/Dockerfile +cp -r /etc/ssl /tmp/ssl-copy/ +chmod -R 0700 /etc/ssl +chown -R postgres /tmp/ssl-copy +rm -r /etc/ssl +mv /tmp/ssl-copy /etc/ssl + + # test if DATADIR is existent if [ ! -d $DATADIR ]; then echo "Creating Postgres data at $DATADIR" mkdir -p $DATADIR fi +# needs to be done as root: +chown -R postgres:postgres $DATADIR # Note that $USERNAME and $PASS below are optional paramters that can be passed # via docker run e.g. -#docker run --name="postgis" -e USERNAME=qgis -e PASS=qgis -d -v +#docker run --name="postgis" -e USERNAME=qgis -e PASS=qgis -d -v #/var/docker-data/postgres-dat:/var/lib/postgresql -t qgis/postgis:6 # If you dont specify a user/password in docker run, we will generate one @@ -30,33 +41,33 @@ if [ ! "$(ls -A $DATADIR)" ]; then # Initialise db echo "Initializing Postgres Database at $DATADIR" #chown -R postgres $DATADIR - $INITDB $DATADIR + su - postgres -c "$INITDB $DATADIR" fi # Make sure we have a user set up if [ -z "$USERNAME" ]; then USERNAME=docker -fi +fi if [ -z "$PASS" ]; then PASS=docker -fi +fi # redirect user/pass into a file so we can echo it into # docker logs when container starts # so that we can tell user their password echo "postgresql user: $USERNAME" > /tmp/PGPASSWORD.txt echo "postgresql password: $PASS" >> /tmp/PGPASSWORD.txt -$POSTGRES --single -D $DATADIR -c config_file=$CONF <<< "CREATE USER $USERNAME WITH SUPERUSER ENCRYPTED PASSWORD '$PASS';" +su - postgres -c "$POSTGRES --single -D $DATADIR -c config_file=$CONF <<< \"CREATE USER $USERNAME WITH SUPERUSER ENCRYPTED PASSWORD '$PASS';\"" trap "echo \"Sending SIGTERM to postgres\"; killall -s SIGTERM postgres" SIGTERM -$POSTGRES -D $DATADIR -c config_file=$CONF & +su - postgres -c "$POSTGRES -D $DATADIR -c config_file=$CONF &" # Wait for the db to start up before trying to use it.... sleep 10 -RESULT=`psql -l | grep postgis | wc -l` -if [[ $RESULT == '1' ]] +RESULT=`su - postgres -c "psql -l | grep postgis | wc -l"` +if [[ ${RESULT} == '1' ]] then echo 'Postgis Already There' else @@ -64,29 +75,31 @@ else # Note the dockerfile must have put the postgis.sql and spatialrefsys.sql scripts into /root/ # We use template0 since we want t different encoding to template1 echo "Creating template postgis" - createdb template_postgis -E UTF8 -T template0 + su - postgres -c "createdb template_postgis -E UTF8 -T template0" echo "Enabling template_postgis as a template" - psql template1 -c "UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template_postgis';" + CMD="UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template_postgis';" + su - postgres -c "$CMD" echo "Loading postgis.sql" - psql template_postgis -f $SQLDIR/postgis.sql + su - postgres -c "psql template_postgis -f $SQLDIR/postgis.sql" echo "Loading spatial_ref_sys.sql" - psql template_postgis -f $SQLDIR/spatial_ref_sys.sql + su - postgres -c "psql template_postgis -f $SQLDIR/spatial_ref_sys.sql" # Needed when importing old dumps using e.g ndims for constraints echo "Loading legacy sql" - psql template_postgis -f $SQLDIR/legacy_minimal.sql - psql template_postgis -f $SQLDIR/legacy_gist.sql + su - postgres -c "psql template_postgis -f $SQLDIR/legacy_minimal.sql" + su - postgres -c "psql template_postgis -f $SQLDIR/legacy_gist.sql" echo "Granting on geometry columns" - psql template_postgis -c 'GRANT ALL ON geometry_columns TO PUBLIC;' + su - postgres -c "psql template_postgis -c 'GRANT ALL ON geometry_columns TO PUBLIC;'" echo "Granting on geography columns" - psql template_postgis -c 'GRANT ALL ON geography_columns TO PUBLIC;' + su - postgres -c "psql template_postgis -c 'GRANT ALL ON geography_columns TO PUBLIC;'" echo "Granting on spatial ref sys" - psql template_postgis -c 'GRANT ALL ON spatial_ref_sys TO PUBLIC;' + su - postgres -c "psql template_postgis -c 'GRANT ALL ON spatial_ref_sys TO PUBLIC;'" # Create a default db called 'gis' that you can use to get up and running quickly # It will be owned by the docker db user - createdb -O docker -T template_postgis gis + su - postgres -c "createdb -O docker -T template_postgis gis" fi # This should show up in docker logs afterwards -psql -l +su - postgres -c "psql -l" wait $! +echo "Postgres process terminated" From b71947458a0d1ca24d2ecbf9321c32f39c4abd24 Mon Sep 17 00:00:00 2001 From: Tim Sutton Date: Sat, 6 Dec 2014 21:03:25 +0700 Subject: [PATCH 5/5] Fix for postgis not going into foreground after setup --- .gitignore | 2 ++ start-postgis.sh | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..89fced1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.idea +*.*~ diff --git a/start-postgis.sh b/start-postgis.sh index b97a5ed..469b768 100755 --- a/start-postgis.sh +++ b/start-postgis.sh @@ -101,5 +101,7 @@ fi # This should show up in docker logs afterwards su - postgres -c "psql -l" -wait $! -echo "Postgres process terminated" +PID=`cat /var/run/postgresql/9.3-main.pid` +kill -9 ${PID} +echo "Postgres initialisation process completed .... restarting in foreground" +su - postgres -c "$POSTGRES -D $DATADIR -c config_file=$CONF"