├── VERSION ├── .dockerignore ├── Makefile ├── circle.yml ├── docker-compose.yml ├── runtime ├── env-defaults └── functions ├── entrypoint.sh ├── LICENSE ├── Dockerfile ├── README.md └── Changelog.md /VERSION: -------------------------------------------------------------------------------- 1 | 9.6-8 2 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | .git 2 | circle.yml 3 | LICENSE 4 | VERSION 5 | README.md 6 | Changelog.md 7 | Makefile 8 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | all: build 2 | 3 | build: 4 | @docker build --tag=rsyuzyov/postgresql . 5 | 6 | release: build 7 | @docker build --tag=rsyuzyov/postgresql:$(shell cat VERSION) . 8 | -------------------------------------------------------------------------------- /circle.yml: -------------------------------------------------------------------------------- 1 | machine: 2 | services: 3 | - docker 4 | 5 | dependencies: 6 | override: 7 | - docker info 8 | 9 | test: 10 | override: 11 | - docker build -t sameersbn/postgresql . 12 | - docker run -d --name=postgresql sameersbn/postgresql; sleep 10 13 | - docker run -it --volumes-from=postgresql sameersbn/postgresql sudo -u postgres -H psql -c "\conninfo" 14 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | PostgreSQL: 2 | restart: always 3 | image: rsyuzyov/postgresql:9.6-8 4 | ports: 5 | - "5432:5432" 6 | environment: 7 | - DEBUG=false 8 | 9 | - DB_USER= 10 | - DB_PASS= 11 | - DB_NAME= 12 | - DB_TEMPLATE= 13 | 14 | - DB_EXTENSION= 15 | 16 | - REPLICATION_MODE= 17 | - REPLICATION_USER= 18 | - REPLICATION_PASS= 19 | - REPLICATION_SSLMODE= 20 | volumes: 21 | - /srv/docker/postgresql:/var/lib/postgresql 22 | -------------------------------------------------------------------------------- /runtime/env-defaults: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PG_SSL=${PG_SSL:-} 4 | 5 | PG_TRUST_LOCALNET=${PG_TRUST_LOCALNET:-$PSQL_TRUST_LOCALNET} # backward compatibility 6 | PG_TRUST_LOCALNET=${PG_TRUST_LOCALNET:-false} 7 | 8 | REPLICATION_MODE=${REPLICATION_MODE:-$PSQL_MODE} # backward compatibility 9 | REPLICATION_MODE=${REPLICATION_MODE:-} 10 | REPLICATION_USER=${REPLICATION_USER:-} 11 | REPLICATION_PASS=${REPLICATION_PASS:-} 12 | REPLICATION_HOST=${REPLICATION_HOST:-} 13 | REPLICATION_PORT=${REPLICATION_PORT:-5432} 14 | REPLICATION_SSLMODE=${REPLICATION_SSLMODE:-prefer} 15 | 16 | DB_NAME=${DB_NAME:-} 17 | DB_USER=${DB_USER:-} 18 | DB_PASS=${DB_PASS:-} 19 | DB_TEMPLATE=${DB_TEMPLATE:-template1} 20 | 21 | DB_EXTENSION=${DB_EXTENSION:-} 22 | -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | source ${PG_APP_HOME}/functions 4 | 5 | [[ ${DEBUG} == true ]] && set -x 6 | 7 | # allow arguments to be passed to postgres 8 | if [[ ${1:0:1} = '-' ]]; then 9 | EXTRA_ARGS="$@" 10 | set -- 11 | elif [[ ${1} == postgres || ${1} == $(which postgres) ]]; then 12 | EXTRA_ARGS="${@:2}" 13 | set -- 14 | fi 15 | 16 | # default behaviour is to launch postgres 17 | if [[ -z ${1} ]]; then 18 | map_uidgid 19 | 20 | create_datadir 21 | create_certdir 22 | create_logdir 23 | create_rundir 24 | 25 | set_resolvconf_perms 26 | 27 | configure_postgresql 28 | 29 | echo "Starting PostgreSQL ${PG_VERSION}..." 30 | exec start-stop-daemon --start --chuid ${PG_USER}:${PG_USER} \ 31 | --exec ${PG_BINDIR}/postgres -- -D ${PG_DATADIR} ${EXTRA_ARGS} 32 | else 33 | exec "$@" 34 | fi 35 | 36 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Sameer Naik 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:xenial 2 | MAINTAINER rsyuzyov@gmail.com 3 | 4 | ENV PG_APP_HOME="/etc/docker-postgresql"\ 5 | PG_VERSION=9.6 \ 6 | PG_USER=postgres \ 7 | PG_HOME=/var/lib/postgresql \ 8 | PG_RUNDIR=/run/postgresql \ 9 | PG_LOGDIR=/var/log/postgresql \ 10 | PG_CERTDIR=/etc/postgresql/certs 11 | 12 | ENV PG_BINDIR=/usr/lib/postgresql/${PG_VERSION}/bin \ 13 | PG_DATADIR=${PG_HOME}/${PG_VERSION}/main 14 | 15 | RUN apt-get update && apt-get install -y sudo locales wget \ 16 | && localedef -i ru_RU -c -f UTF-8 -A /usr/share/locale/locale.alias ru_RU.UTF-8 \ 17 | && update-locale LANG=ru_RU.UTF-8 18 | 19 | ENV LANG ru_RU.UTF-8 20 | 21 | RUN wget --quiet -O - http://1c.postgrespro.ru/keys/GPG-KEY-POSTGRESPRO-1C | apt-key add - \ 22 | && echo 'deb http://1c.postgrespro.ru/archive/2018_03_02/deb/ xenial main' > /etc/apt/sources.list.d/postgrespro-1c.list \ 23 | && apt-get update \ 24 | && DEBIAN_FRONTEND=noninteractive apt-get install -y acl \ 25 | postgresql-pro-1c-${PG_VERSION} postgresql-client-pro-1c-${PG_VERSION} postgresql-contrib-pro-1c-${PG_VERSION} \ 26 | && ln -sf ${PG_DATADIR}/postgresql.conf /etc/postgresql/${PG_VERSION}/main/postgresql.conf \ 27 | && ln -sf ${PG_DATADIR}/pg_hba.conf /etc/postgresql/${PG_VERSION}/main/pg_hba.conf \ 28 | && ln -sf ${PG_DATADIR}/pg_ident.conf /etc/postgresql/${PG_VERSION}/main/pg_ident.conf \ 29 | && rm -rf ${PG_HOME} \ 30 | && rm -rf /var/lib/apt/lists/* 31 | 32 | COPY runtime/ ${PG_APP_HOME}/ 33 | COPY entrypoint.sh /sbin/entrypoint.sh 34 | RUN chmod 755 /sbin/entrypoint.sh 35 | 36 | EXPOSE 5432/tcp 37 | VOLUME ["${PG_HOME}", "${PG_RUNDIR}"] 38 | WORKDIR ${PG_HOME} 39 | ENTRYPOINT ["/sbin/entrypoint.sh"] 40 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Dockerfile для сборки PostgreSQL, адаптированного для 1С. 2 | https://hub.docker.com/r/rsyuzyov/docker-postgresql-pro-1c/ 3 | 4 | Версия PG: 9.6.8 (для 1С 8.3.9 и выше) 5 | 6 | Сделано на основе замечательных [sameersbn/docker-postgresql](https://github.com/sameersbn/docker-postgresql) 7 | и [Postgres Professional](https://postgrespro.ru/products/1c_build) 8 | 9 | Отличия от родительского проекта: 10 | - базовый образ ubuntu заменен с trusty на xenial 11 | - локаль ru_RU.UTF-8 12 | - PG берется из 1c.postgrespro.ru 13 | 14 | # Использование 15 | Под linux (bash): 16 | ```bash 17 | docker volume create --name pg-data 18 | docker volume create --name pg-run 19 | docker run --name postgresql --restart always \ 20 | -v pg-data:/var/lib/postgresql -v pg-run:/run/postgresql \ 21 | --net host \ 22 | -d rsyuzyov/docker-postgresql-pro-1c 23 | ``` 24 | 25 | Под windows (powershell): 26 | ```bash 27 | docker volume create --name pg-data 28 | docker volume create --name pg-run 29 | docker run --name postgresql --restart always ` 30 | -v pg-data:/var/lib/postgresql -v pg-run:/run/postgresql ` 31 | --net host ` 32 | -d rsyuzyov/docker-postgresql-pro-1c 33 | ``` 34 | 35 | Подключение: 36 | - сервер: сервер или ip, на котором запущен Docker 37 | - порт: 5432 38 | - пользователь: postgres 39 | - пароль: пустой 40 | 41 | # Дополнительно 42 | При использовании `--net host` по скорости работы практически не отличается от варианта установки на хост. 43 | 44 | # Ссылки 45 | Подробное описание, а также инструкции на все случаи жизни смотрим в [sameersbn/docker-postgresql](https://github.com/sameersbn/docker-postgresql) 46 | 47 | В учебных целях, в том числе для ознакомления с инструментарием управления и обслуживания postgres очень рекомендуется посмотреть [сюда](https://github.com/VanessaDockers/pgsteroids). 48 | 49 | Другие докер-файлы PostgreSQL для 1С: 50 | - https://github.com/temrdm/1c-postgres 51 | - https://github.com/winsento/1c-postgres 52 | 53 | Докер-файлы сервера 1С: 54 | - https://github.com/temrdm/1c_server 55 | - https://github.com/andruccho/1c_server 56 | 57 | -------------------------------------------------------------------------------- /Changelog.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | **9.6-2-1C** 4 | - postgresql: change to 9.6.2 from Postgres Professional 5 | - locale: change to ru_RU.UTF-8 6 | - baseimage: change to ubuntu/xenial 7 | 8 | **9.6** 9 | - postgresql: upgrade to 9.6 10 | - upgrade baseimage to sameersbn/ubuntu:14.04.20170110 11 | 12 | **9.5** 13 | - postgresql: upgrade to 9.5 14 | 15 | **9.4-17** 16 | - added `DB_EXTENSION` configuration parameter 17 | 18 | **9.4-12** 19 | - removed use of single-user mode 20 | - added `DB_TEMPLATE` variable to specify the database template 21 | 22 | **9.4-11** 23 | - added `PG_PASSWORD` variable to specify password for `postgres` user 24 | 25 | **9.4-9** 26 | - complete rewrite 27 | - `PSQL_TRUST_LOCALNET` config parameter renamed to `PG_TRUST_LOCALNET` 28 | - `PSQL_MODE` config parameter renamed to `REPLICATION_MODE` 29 | - `PSQL_SSLMODE` config parameter renamed to `REPLICATION_SSLMODE` 30 | - defined `/etc/postgresql/certs` as the mountpoint to install SSL key and certificate 31 | - added `PG_SSL` parameter to enable/disable SSL support 32 | - `DB_LOCALE` config parameter renamed to `PG_LOCALE` 33 | - complete rewrite of the README 34 | - add support for creating backups using `pg_basebackup` 35 | - removed `PG_LOCALE` option (doesn't work!) 36 | - added `DEBUG` option to enable bash debugging 37 | 38 | **9.4-2** 39 | - added replication options 40 | 41 | **9.4-1** 42 | - start: removed `pwfile` logic 43 | - init: added `USERMAP_*` configuration options 44 | - base image update to fix SSL vulnerability 45 | 46 | **9.4** 47 | - postgresql: upgrade to 9.4 48 | 49 | **9.1-2** 50 | - use the official postgresql apt repo 51 | - feature: automatic data migration on upgrade 52 | 53 | **9.1-1** 54 | - upgrade to sameersbn/ubuntu:20141001, fixes shellshock 55 | - support creation of users and databases at launch (`docker run`) 56 | - mount volume at `/var/run/postgresql` allowing the postgresql unix socket to be exposed 57 | 58 | **9.1** 59 | - optimized image size by removing `/var/lib/apt/lists/*`. 60 | - update to the sameersbn/ubuntu:12.04.20140818 baseimage 61 | - removed use of supervisord 62 | -------------------------------------------------------------------------------- /runtime/functions: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | source ${PG_APP_HOME}/env-defaults 4 | 5 | PG_CONF=${PG_DATADIR}/postgresql.conf 6 | PG_HBA_CONF=${PG_DATADIR}/pg_hba.conf 7 | PG_IDENT_CONF=${PG_DATADIR}/pg_ident.conf 8 | PG_RECOVERY_CONF=${PG_DATADIR}/recovery.conf 9 | 10 | ## Execute command as PG_USER 11 | exec_as_postgres() { 12 | sudo -HEu ${PG_USER} "$@" 13 | } 14 | 15 | map_uidgid() { 16 | USERMAP_ORIG_UID=$(id -u ${PG_USER}) 17 | USERMAP_ORIG_GID=$(id -g ${PG_USER}) 18 | USERMAP_GID=${USERMAP_GID:-${USERMAP_UID:-$USERMAP_ORIG_GID}} 19 | USERMAP_UID=${USERMAP_UID:-$USERMAP_ORIG_UID} 20 | if [[ ${USERMAP_UID} != ${USERMAP_ORIG_UID} ]] || [[ ${USERMAP_GID} != ${USERMAP_ORIG_GID} ]]; then 21 | echo "Adapting uid and gid for ${PG_USER}:${PG_USER} to $USERMAP_UID:$USERMAP_GID" 22 | groupmod -o -g ${USERMAP_GID} ${PG_USER} 23 | sed -i -e "s|:${USERMAP_ORIG_UID}:${USERMAP_GID}:|:${USERMAP_UID}:${USERMAP_GID}:|" /etc/passwd 24 | fi 25 | } 26 | 27 | create_datadir() { 28 | echo "Initializing datadir..." 29 | mkdir -p ${PG_HOME} 30 | if [[ -d ${PG_DATADIR} ]]; then 31 | find ${PG_DATADIR} -type f -exec chmod 0600 {} \; 32 | find ${PG_DATADIR} -type d -exec chmod 0700 {} \; 33 | fi 34 | chown -R ${PG_USER}:${PG_USER} ${PG_HOME} 35 | } 36 | 37 | create_certdir() { 38 | echo "Initializing certdir..." 39 | mkdir -p ${PG_CERTDIR} 40 | [[ -f ${PG_CERTDIR}/server.crt ]] && chmod 0644 ${PG_CERTDIR}/server.crt 41 | [[ -f ${PG_CERTDIR}/server.key ]] && chmod 0640 ${PG_CERTDIR}/server.key 42 | chmod 0755 ${PG_CERTDIR} 43 | chown -R root:${PG_USER} ${PG_CERTDIR} 44 | } 45 | 46 | create_logdir() { 47 | echo "Initializing logdir..." 48 | mkdir -p ${PG_LOGDIR} 49 | chmod -R 1775 ${PG_LOGDIR} 50 | chown -R root:${PG_USER} ${PG_LOGDIR} 51 | } 52 | 53 | create_rundir() { 54 | echo "Initializing rundir..." 55 | mkdir -p ${PG_RUNDIR} ${PG_RUNDIR}/${PG_VERSION}-main.pg_stat_tmp 56 | chmod -R 0755 ${PG_RUNDIR} 57 | chmod g+s ${PG_RUNDIR} 58 | chown -R ${PG_USER}:${PG_USER} ${PG_RUNDIR} 59 | } 60 | 61 | set_postgresql_param() { 62 | local key=${1} 63 | local value=${2} 64 | local verbosity=${3:-verbose} 65 | 66 | if [[ -n ${value} ]]; then 67 | local current=$(exec_as_postgres sed -n -e "s/^\(${key} = '\)\([^ ']*\)\(.*\)$/\2/p" ${PG_CONF}) 68 | if [[ "${current}" != "${value}" ]]; then 69 | if [[ ${verbosity} == verbose ]]; then 70 | echo "‣ Setting postgresql.conf parameter: ${key} = '${value}'" 71 | fi 72 | value="$(echo "${value}" | sed 's|[&]|\\&|g')" 73 | exec_as_postgres sed -i "s|^[#]*[ ]*${key} = .*|${key} = '${value}'|" ${PG_CONF} 74 | fi 75 | fi 76 | } 77 | 78 | set_recovery_param() { 79 | local key=${1} 80 | local value=${2} 81 | local hide=${3} 82 | if [[ -n ${value} ]]; then 83 | local current=$(exec_as_postgres sed -n -e "s/^\(.*\)\(${key}=\)\([^ ']*\)\(.*\)$/\3/p" ${PG_RECOVERY_CONF}) 84 | if [[ "${current}" != "${value}" ]]; then 85 | case ${hide} in 86 | true) echo "‣ Setting primary_conninfo parameter: ${key}" ;; 87 | *) echo "‣ Setting primary_conninfo parameter: ${key} = '${value}'" ;; 88 | esac 89 | exec_as_postgres sed -i "s|${key}=[^ ']*|${key}=${value}|" ${PG_RECOVERY_CONF} 90 | fi 91 | fi 92 | } 93 | 94 | set_hba_param() { 95 | local value=${1} 96 | if ! grep -q "$(sed "s| | \\\+|g" <<< ${value})" ${PG_HBA_CONF}; then 97 | echo "${value}" >> ${PG_HBA_CONF} 98 | fi 99 | } 100 | 101 | configure_ssl() { 102 | ## NOT SURE IF THIS IS A GOOD ALTERNATIVE TO ENABLE SSL SUPPORT BY DEFAULT ## 103 | ## BECAUSE USERS WHO PULL A PREBUILT IMAGE WILL HAVE THE SAME CERTIFICATES ## 104 | # if [[ ! -f ${PG_CERTDIR}/server.crt && ! -f ${PG_CERTDIR}/server.key ]]; then 105 | # if [[ -f /etc/ssl/certs/ssl-cert-snakeoil.pem && -f /etc/ssl/private/ssl-cert-snakeoil.key ]]; then 106 | # ln -sf /etc/ssl/certs/ssl-cert-snakeoil.pem ${PG_CERTDIR}/server.crt 107 | # ln -sf /etc/ssl/private/ssl-cert-snakeoil.key ${PG_CERTDIR}/server.key 108 | # fi 109 | # fi 110 | 111 | if [[ -f ${PG_CERTDIR}/server.crt && -f ${PG_CERTDIR}/server.key ]]; then 112 | PG_SSL=${PG_SSL:-on} 113 | set_postgresql_param "ssl_cert_file" "${PG_CERTDIR}/server.crt" 114 | set_postgresql_param "ssl_key_file" "${PG_CERTDIR}/server.key" 115 | fi 116 | PG_SSL=${PG_SSL:-off} 117 | set_postgresql_param "ssl" "${PG_SSL}" 118 | } 119 | 120 | configure_hot_standby() { 121 | case ${REPLICATION_MODE} in 122 | slave|snapshot|backup) ;; 123 | *) 124 | echo "Configuring hot standby..." 125 | set_postgresql_param "wal_level" "hot_standby" 126 | set_postgresql_param "max_wal_senders" "16" 127 | set_postgresql_param "checkpoint_segments" "8" 128 | set_postgresql_param "wal_keep_segments" "32" 129 | set_postgresql_param "hot_standby" "on" 130 | ;; 131 | esac 132 | } 133 | 134 | initialize_database() { 135 | if [[ ! -f ${PG_DATADIR}/PG_VERSION ]]; then 136 | case ${REPLICATION_MODE} in 137 | slave|snapshot|backup) 138 | if [[ -z $REPLICATION_HOST ]]; then 139 | echo "ERROR! Cannot continue without the REPLICATION_HOST. Exiting..." 140 | exit 1 141 | fi 142 | 143 | if [[ -z $REPLICATION_USER ]]; then 144 | echo "ERROR! Cannot continue without the REPLICATION_USER. Exiting..." 145 | exit 1 146 | fi 147 | 148 | if [[ -z $REPLICATION_PASS ]]; then 149 | echo "ERROR! Cannot continue without the REPLICATION_PASS. Exiting..." 150 | exit 1 151 | fi 152 | 153 | echo -n "Waiting for $REPLICATION_HOST to accept connections (60s timeout)" 154 | timeout=60 155 | while ! ${PG_BINDIR}/pg_isready -h $REPLICATION_HOST -p $REPLICATION_PORT -t 1 >/dev/null 2>&1 156 | do 157 | timeout=$(expr $timeout - 1) 158 | if [[ $timeout -eq 0 ]]; then 159 | echo "Timeout! Exiting..." 160 | exit 1 161 | fi 162 | echo -n "." 163 | sleep 1 164 | done 165 | echo 166 | 167 | case ${REPLICATION_MODE} in 168 | slave) 169 | echo "Replicating initial data from $REPLICATION_HOST..." 170 | exec_as_postgres PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \ 171 | -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -X stream -w >/dev/null 172 | ;; 173 | snapshot) 174 | echo "Generating a snapshot data on $REPLICATION_HOST..." 175 | exec_as_postgres PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \ 176 | -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -X fetch -w >/dev/null 177 | ;; 178 | backup) 179 | echo "Backing up data on $REPLICATION_HOST..." 180 | exec_as_postgres PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \ 181 | -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -X fetch -w >/dev/null 182 | exit 0 183 | ;; 184 | esac 185 | ;; 186 | *) 187 | echo "Initializing database..." 188 | PG_OLD_VERSION=$(find ${PG_HOME}/[0-9].[0-9]/main -maxdepth 1 -name PG_VERSION 2>/dev/null | grep -v $PG_VERSION | sort -r | head -n1 | cut -d'/' -f5) 189 | if [[ -n ${PG_OLD_VERSION} ]]; then 190 | echo "‣ Migrating PostgreSQL ${PG_OLD_VERSION} data to ${PG_VERSION}..." 191 | 192 | # protect the existing data from being altered by apt-get 193 | mv ${PG_HOME}/${PG_OLD_VERSION} ${PG_HOME}/${PG_OLD_VERSION}.migrating 194 | 195 | echo "‣ Installing PostgreSQL ${PG_OLD_VERSION}..." 196 | if ! ( apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y postgresql-${PG_OLD_VERSION} postgresql-client-${PG_OLD_VERSION} ) >/dev/null; then 197 | echo "ERROR! Failed to install PostgreSQL ${PG_OLD_VERSION}. Exiting..." 198 | # first move the old data back 199 | rm -rf ${PG_HOME}/${PG_OLD_VERSION} 200 | mv ${PG_HOME}/${PG_OLD_VERSION}.migrating ${PG_HOME}/${PG_OLD_VERSION} 201 | exit 1 202 | fi 203 | rm -rf /var/lib/apt/lists/* 204 | 205 | # we're ready to migrate, move back the old data and remove the trap 206 | rm -rf ${PG_HOME}/${PG_OLD_VERSION} 207 | mv ${PG_HOME}/${PG_OLD_VERSION}.migrating ${PG_HOME}/${PG_OLD_VERSION} 208 | fi 209 | 210 | if [[ -n $PG_PASSWORD ]]; then 211 | echo "${PG_PASSWORD}" > /tmp/pwfile 212 | fi 213 | 214 | exec_as_postgres ${PG_BINDIR}/initdb --pgdata=${PG_DATADIR} \ 215 | --username=${PG_USER} --encoding=unicode --auth=trust ${PG_PASSWORD:+--pwfile=/tmp/pwfile} >/dev/null 216 | 217 | if [[ -n ${PG_OLD_VERSION} ]]; then 218 | PG_OLD_BINDIR=/usr/lib/postgresql/${PG_OLD_VERSION}/bin 219 | PG_OLD_DATADIR=${PG_HOME}/${PG_OLD_VERSION}/main 220 | PG_OLD_CONF=${PG_OLD_DATADIR}/postgresql.conf 221 | PG_OLD_HBA_CONF=${PG_OLD_DATADIR}/pg_hba.conf 222 | PG_OLD_IDENT_CONF=${PG_OLD_DATADIR}/pg_ident.conf 223 | 224 | echo -n "‣ Migration in progress. Please be patient..." 225 | exec_as_postgres ${PG_BINDIR}/pg_upgrade \ 226 | -b ${PG_OLD_BINDIR} -B ${PG_BINDIR} \ 227 | -d ${PG_OLD_DATADIR} -D ${PG_DATADIR} \ 228 | -o "-c config_file=${PG_OLD_CONF} --hba_file=${PG_OLD_HBA_CONF} --ident_file=${PG_OLD_IDENT_CONF}" \ 229 | -O "-c config_file=${PG_CONF} --hba_file=${PG_HBA_CONF} --ident_file=${PG_IDENT_CONF}" >/dev/null 230 | echo 231 | fi 232 | ;; 233 | esac 234 | 235 | configure_hot_standby 236 | 237 | # Change DSM from `posix' to `sysv' if we are inside an lx-brand container 238 | if [[ $(uname -v) == "BrandZ virtual linux" ]]; then 239 | set_postgresql_param "dynamic_shared_memory_type" "sysv" 240 | fi 241 | fi 242 | 243 | # configure path to data_directory 244 | set_postgresql_param "data_directory" "${PG_DATADIR}" 245 | 246 | # configure logging 247 | set_postgresql_param "log_directory" "${PG_LOGDIR}" 248 | set_postgresql_param "log_filename" "postgresql-${PG_VERSION}-main.log" 249 | 250 | # trust connections from local network 251 | if [[ ${PG_TRUST_LOCALNET} == true ]]; then 252 | echo "Trusting connections from the local network..." 253 | set_hba_param "host all all samenet trust" 254 | fi 255 | 256 | # allow remote connections to postgresql database 257 | set_hba_param "host all all 0.0.0.0/0 md5" 258 | } 259 | 260 | set_resolvconf_perms() { 261 | echo "Setting resolv.conf ACLs..." 262 | setfacl -m user:${PG_USER}:r /etc/resolv.conf || true 263 | } 264 | 265 | configure_recovery() { 266 | if [[ ${REPLICATION_MODE} == slave ]]; then 267 | echo "Configuring recovery..." 268 | if [[ ! -f ${PG_RECOVERY_CONF} ]]; then 269 | # initialize recovery.conf on the firstrun (slave only) 270 | exec_as_postgres touch ${PG_RECOVERY_CONF} 271 | ( echo "standby_mode = 'on'"; 272 | echo "primary_conninfo = 'host=${REPLICATION_HOST} port=${REPLICATION_PORT} user=${REPLICATION_USER} password=${REPLICATION_PASS} sslmode=${REPLICATION_SSLMODE}'"; 273 | ) > ${PG_RECOVERY_CONF} 274 | else 275 | set_recovery_param "host" "${REPLICATION_HOST}" 276 | set_recovery_param "port" "${REPLICATION_PORT}" 277 | set_recovery_param "user" "${REPLICATION_USER}" 278 | set_recovery_param "password" "${REPLICATION_PASS}" "true" 279 | set_recovery_param "sslmode" "${REPLICATION_SSLMODE}" 280 | fi 281 | else 282 | # recovery.conf can only exist on a slave node, its existence otherwise causes problems 283 | rm -rf ${PG_RECOVERY_CONF} 284 | fi 285 | } 286 | 287 | create_user() { 288 | if [[ -n ${DB_USER} ]]; then 289 | case $REPLICATION_MODE in 290 | slave|snapshot|backup) 291 | echo "INFO! Database user cannot be created on a $REPLICATION_MODE node. Skipping..." 292 | ;; 293 | *) 294 | if [[ -z ${DB_PASS} ]]; then 295 | echo "ERROR! Please specify a password for DB_USER in DB_PASS. Exiting..." 296 | exit 1 297 | fi 298 | echo "Creating database user: ${DB_USER}" 299 | if [[ -z $(psql -U ${PG_USER} -Atc "SELECT 1 FROM pg_catalog.pg_user WHERE usename = '${DB_USER}'";) ]]; then 300 | psql -U ${PG_USER} -c "CREATE ROLE \"${DB_USER}\" with LOGIN CREATEDB PASSWORD '${DB_PASS}';" >/dev/null 301 | fi 302 | ;; 303 | esac 304 | fi 305 | } 306 | 307 | load_extensions() { 308 | local database=${1?missing argument} 309 | 310 | if [[ ${DB_UNACCENT} == true ]]; then 311 | echo 312 | echo "WARNING: " 313 | echo " The DB_UNACCENT option will be deprecated in favour of DB_EXTENSION soon." 314 | echo " Please migrate to using DB_EXTENSION" 315 | echo 316 | echo "‣ Loading unaccent extension..." 317 | psql -U ${PG_USER} -d ${database} -c "CREATE EXTENSION IF NOT EXISTS unaccent;" >/dev/null 2>&1 318 | fi 319 | 320 | for extension in $(awk -F',' '{for (i = 1 ; i <= NF ; i++) print $i}' <<< "${DB_EXTENSION}"); do 321 | echo "‣ Loading ${extension} extension..." 322 | psql -U ${PG_USER} -d ${database} -c "CREATE EXTENSION IF NOT EXISTS ${extension};" >/dev/null 2>&1 323 | done 324 | } 325 | 326 | create_database() { 327 | if [[ -n ${DB_NAME} ]]; then 328 | case $REPLICATION_MODE in 329 | slave|snapshot|backup) 330 | echo "INFO! Database cannot be created on a $REPLICATION_MODE node. Skipping..." 331 | ;; 332 | *) 333 | for database in $(awk -F',' '{for (i = 1 ; i <= NF ; i++) print $i}' <<< "${DB_NAME}"); do 334 | echo "Creating database: ${database}..." 335 | if [[ -z $(psql -U ${PG_USER} -Atc "SELECT 1 FROM pg_catalog.pg_database WHERE datname = '${database}'";) ]]; then 336 | psql -U ${PG_USER} -c "CREATE DATABASE \"${database}\" WITH TEMPLATE = \"${DB_TEMPLATE}\";" >/dev/null 337 | fi 338 | 339 | load_extensions ${database} 340 | 341 | if [[ -n ${DB_USER} ]]; then 342 | echo "‣ Granting access to ${DB_USER} user..." 343 | psql -U ${PG_USER} -c "GRANT ALL PRIVILEGES ON DATABASE \"${database}\" to \"${DB_USER}\";" >/dev/null 344 | fi 345 | done 346 | ;; 347 | esac 348 | fi 349 | } 350 | 351 | create_replication_user() { 352 | if [[ -n ${REPLICATION_USER} ]]; then 353 | case $REPLICATION_MODE in 354 | slave|snapshot|backup) ;; # replication user can only be created on the master 355 | *) 356 | if [[ -z ${REPLICATION_PASS} ]]; then 357 | echo "ERROR! Please specify a password for REPLICATION_USER in REPLICATION_PASS. Exiting..." 358 | exit 1 359 | fi 360 | 361 | echo "Creating replication user: ${REPLICATION_USER}" 362 | if [[ -z $(psql -U ${PG_USER} -Atc "SELECT 1 FROM pg_catalog.pg_user WHERE usename = '${REPLICATION_USER}'";) ]]; then 363 | psql -U ${PG_USER} -c "CREATE ROLE \"${REPLICATION_USER}\" WITH REPLICATION LOGIN ENCRYPTED PASSWORD '${REPLICATION_PASS}';" >/dev/null 364 | fi 365 | 366 | set_hba_param "host replication ${REPLICATION_USER} 0.0.0.0/0 md5" 367 | ;; 368 | esac 369 | fi 370 | } 371 | 372 | configure_postgresql() { 373 | initialize_database 374 | configure_recovery 375 | configure_ssl 376 | 377 | # start postgres server internally for the creation of users and databases 378 | rm -rf ${PG_DATADIR}/postmaster.pid 379 | set_postgresql_param "listen_addresses" "127.0.0.1" quiet 380 | exec_as_postgres ${PG_BINDIR}/pg_ctl -D ${PG_DATADIR} -w start >/dev/null 381 | 382 | create_user 383 | create_database 384 | create_replication_user 385 | 386 | # stop the postgres server 387 | exec_as_postgres ${PG_BINDIR}/pg_ctl -D ${PG_DATADIR} -w stop >/dev/null 388 | 389 | # listen on all interfaces 390 | set_postgresql_param "listen_addresses" "*" quiet 391 | } 392 | --------------------------------------------------------------------------------