-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Niccolò Fei <[email protected]>
- Loading branch information
1 parent
3a4ce6a
commit a2f2c0b
Showing
30 changed files
with
3,650 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,132 @@ | ||
# vim:set ft=dockerfile: | ||
FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 | ||
|
||
# Do not split the description, otherwise we will see a blank space in the labels | ||
LABEL name="PostgreSQL Container Images" \ | ||
vendor="EnterpriseDB" \ | ||
url="https://www.enterprisedb.com/" \ | ||
version="12.17" \ | ||
release="1" \ | ||
summary="PostgreSQL Container images." \ | ||
description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." | ||
|
||
COPY root/ / | ||
|
||
ARG TARGETARCH | ||
RUN --mount=type=secret,id=cs_token \ | ||
set -xe ; \ | ||
ARCH="${TARGETARCH}" ; \ | ||
base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ | ||
pg_failover_slots_pkg="pg_failover_slots_12" ; \ | ||
pg_audit_pkg="pgaudit14_12" ; \ | ||
case $ARCH in \ | ||
amd64) \ | ||
yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ | ||
curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ | ||
if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ | ||
arm64) \ | ||
yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ | ||
curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ | ||
if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ | ||
ppc64le) \ | ||
curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ | ||
pg_failover_slots_pkg="edb-pg12-pg-failover-slots1" ; \ | ||
pg_audit_pkg="edb-pg12-pgaudit1" ; \ | ||
if [ "12" -gt "15" ]; then pg_audit_pkg="edb-pg12-pgaudit12"; fi ;; \ | ||
s390x) \ | ||
curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ | ||
pg_failover_slots_pkg="edb-pg12-pg-failover-slots1" ; \ | ||
pg_audit_pkg="edb-pg12-pgaudit1" ; \ | ||
if [ "12" -gt "15" ]; then pg_audit_pkg="edb-pg12-pgaudit12"; fi ;; \ | ||
*) \ | ||
exit 1 ;; \ | ||
esac ; \ | ||
yum -y upgrade glibc-common ; \ | ||
yum -y reinstall glibc-common ; \ | ||
rm -fr /etc/rpm/macros.image-language-conf ; \ | ||
yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ | ||
yum -y --setopt=tsflags=nodocs install \ | ||
postgresql12-12.17 \ | ||
postgresql12-contrib-12.17 \ | ||
postgresql12-server-12.17 \ | ||
postgresql12-libs-12.17 \ | ||
"$pg_audit_pkg" \ | ||
"$pg_failover_slots_pkg" \ | ||
; \ | ||
rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ | ||
rm -fr /tmp/* ; \ | ||
yum -y clean all --enablerepo='*' | ||
|
||
# Install barman-cloud | ||
RUN set -xe ; \ | ||
yum -y install python3.11-pip python3.11-psycopg2 ; \ | ||
pip3.11 install --upgrade pip ; \ | ||
pip3.11 install -r requirements.txt ; \ | ||
yum -y clean all --enablerepo='*' | ||
|
||
# make the sample config easier to munge (and "correct by default") | ||
RUN set -eux; \ | ||
sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-12/share/postgresql.conf.sample; \ | ||
grep -F "listen_addresses = '*'" /usr/pgsql-12/share/postgresql.conf.sample | ||
|
||
# prepare the environment and make sure postgres user has the correct UID | ||
RUN set -xeu ; \ | ||
localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ | ||
test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ | ||
mkdir -p /var/run/postgresql ; \ | ||
chown postgres:postgres /var/run/postgresql ; \ | ||
chmod 0755 /var/run/postgresql | ||
|
||
ENV PATH $PATH:/usr/pgsql-12/bin | ||
|
||
RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql | ||
|
||
ENV PGDATA /var/lib/postgresql/data/pgdata | ||
# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) | ||
RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" | ||
VOLUME /var/lib/postgresql/data | ||
|
||
RUN mkdir /docker-entrypoint-initdb.d | ||
|
||
# Remove example certificates in pem and enc format from /usr/share/doc folder | ||
RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true | ||
|
||
# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout | ||
RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true | ||
|
||
USER 26 | ||
|
||
ENTRYPOINT ["docker-entrypoint.sh"] | ||
|
||
# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL | ||
# calls "Fast Shutdown mode" wherein new connections are disallowed and any | ||
# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and | ||
# flush tables to disk, which is the best compromise available to avoid data | ||
# corruption. | ||
# | ||
# Users who know their applications do not keep open long-lived idle connections | ||
# may way to use a value of SIGTERM instead, which corresponds to "Smart | ||
# Shutdown mode" in which any existing sessions are allowed to finish and the | ||
# server stops when all sessions are terminated. | ||
# | ||
# See https://www.postgresql.org/docs/12/server-shutdown.html for more details | ||
# about available PostgreSQL server shutdown signals. | ||
# | ||
# See also https://www.postgresql.org/docs/12/server-start.html for further | ||
# justification of this as the default value, namely that the example (and | ||
# shipped) systemd service files use the "Fast Shutdown mode" for service | ||
# termination. | ||
# | ||
STOPSIGNAL SIGINT | ||
# | ||
# An additional setting that is recommended for all users regardless of this | ||
# value is the runtime "--stop-timeout" (or your orchestrator/runtime's | ||
# equivalent) for controlling how long to wait between sending the defined | ||
# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). | ||
# | ||
# The default in most runtimes (such as Docker) is 10 seconds, and the | ||
# documentation at https://www.postgresql.org/docs/12/server-start.html notes | ||
# that even 90 seconds may not be long enough in many instances. | ||
|
||
EXPOSE 5432 | ||
CMD ["postgres"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,132 @@ | ||
# vim:set ft=dockerfile: | ||
FROM quay.io/enterprisedb/edb-ubi:9.3-1476 | ||
|
||
# Do not split the description, otherwise we will see a blank space in the labels | ||
LABEL name="PostgreSQL Container Images" \ | ||
vendor="EnterpriseDB" \ | ||
url="https://www.enterprisedb.com/" \ | ||
version="12.17" \ | ||
release="1" \ | ||
summary="PostgreSQL Container images." \ | ||
description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 9." | ||
|
||
COPY root/ / | ||
|
||
ARG TARGETARCH | ||
RUN --mount=type=secret,id=cs_token \ | ||
set -xe ; \ | ||
ARCH="${TARGETARCH}" ; \ | ||
base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ | ||
pg_failover_slots_pkg="pg_failover_slots_12" ; \ | ||
pg_audit_pkg="pgaudit14_12" ; \ | ||
case $ARCH in \ | ||
amd64) \ | ||
yum -y install "${base_url}/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ | ||
curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ | ||
if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ | ||
arm64) \ | ||
yum -y install "${base_url}/EL-9-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ | ||
curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ | ||
if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ | ||
ppc64le) \ | ||
curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/enterprise/setup.rpm.sh | bash ; \ | ||
pg_failover_slots_pkg="edb-pg12-pg-failover-slots1" ; \ | ||
pg_audit_pkg="edb-pg12-pgaudit1" ; \ | ||
if [ "12" -gt "15" ]; then pg_audit_pkg="edb-pg12-pgaudit12"; fi ;; \ | ||
s390x) \ | ||
curl -u token:$(cat /run/secrets/cs_token) -1sLf https://downloads.enterprisedb.com/basic/edb/setup.rpm.sh | bash ; \ | ||
pg_failover_slots_pkg="edb-pg12-pg-failover-slots1" ; \ | ||
pg_audit_pkg="edb-pg12-pgaudit1" ; \ | ||
if [ "12" -gt "15" ]; then pg_audit_pkg="edb-pg12-pgaudit12"; fi ;; \ | ||
*) \ | ||
exit 1 ;; \ | ||
esac ; \ | ||
yum -y upgrade glibc-common ; \ | ||
yum -y reinstall glibc-common ; \ | ||
rm -fr /etc/rpm/macros.image-language-conf ; \ | ||
yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ | ||
yum -y --setopt=tsflags=nodocs install \ | ||
postgresql12-12.17 \ | ||
postgresql12-contrib-12.17 \ | ||
postgresql12-server-12.17 \ | ||
postgresql12-libs-12.17 \ | ||
"$pg_audit_pkg" \ | ||
"$pg_failover_slots_pkg" \ | ||
; \ | ||
rm -fr /etc/yum.repos.d/enterprisedb-*.repo ; \ | ||
rm -fr /tmp/* ; \ | ||
yum -y clean all --enablerepo='*' | ||
|
||
# Install barman-cloud | ||
RUN set -xe ; \ | ||
yum -y install python3.11-pip python3.11-psycopg2 ; \ | ||
pip3.11 install --upgrade pip ; \ | ||
pip3.11 install -r requirements.txt ; \ | ||
yum -y clean all --enablerepo='*' | ||
|
||
# make the sample config easier to munge (and "correct by default") | ||
RUN set -eux; \ | ||
sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-12/share/postgresql.conf.sample; \ | ||
grep -F "listen_addresses = '*'" /usr/pgsql-12/share/postgresql.conf.sample | ||
|
||
# prepare the environment and make sure postgres user has the correct UID | ||
RUN set -xeu ; \ | ||
localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ | ||
test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ | ||
mkdir -p /var/run/postgresql ; \ | ||
chown postgres:postgres /var/run/postgresql ; \ | ||
chmod 0755 /var/run/postgresql | ||
|
||
ENV PATH $PATH:/usr/pgsql-12/bin | ||
|
||
RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql | ||
|
||
ENV PGDATA /var/lib/postgresql/data/pgdata | ||
# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) | ||
RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" | ||
VOLUME /var/lib/postgresql/data | ||
|
||
RUN mkdir /docker-entrypoint-initdb.d | ||
|
||
# Remove example certificates in pem and enc format from /usr/share/doc folder | ||
RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true | ||
|
||
# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout | ||
RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true | ||
|
||
USER 26 | ||
|
||
ENTRYPOINT ["docker-entrypoint.sh"] | ||
|
||
# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL | ||
# calls "Fast Shutdown mode" wherein new connections are disallowed and any | ||
# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and | ||
# flush tables to disk, which is the best compromise available to avoid data | ||
# corruption. | ||
# | ||
# Users who know their applications do not keep open long-lived idle connections | ||
# may way to use a value of SIGTERM instead, which corresponds to "Smart | ||
# Shutdown mode" in which any existing sessions are allowed to finish and the | ||
# server stops when all sessions are terminated. | ||
# | ||
# See https://www.postgresql.org/docs/12/server-shutdown.html for more details | ||
# about available PostgreSQL server shutdown signals. | ||
# | ||
# See also https://www.postgresql.org/docs/12/server-start.html for further | ||
# justification of this as the default value, namely that the example (and | ||
# shipped) systemd service files use the "Fast Shutdown mode" for service | ||
# termination. | ||
# | ||
STOPSIGNAL SIGINT | ||
# | ||
# An additional setting that is recommended for all users regardless of this | ||
# value is the runtime "--stop-timeout" (or your orchestrator/runtime's | ||
# equivalent) for controlling how long to wait between sending the defined | ||
# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). | ||
# | ||
# The default in most runtimes (such as Docker) is 10 seconds, and the | ||
# documentation at https://www.postgresql.org/docs/12/server-start.html notes | ||
# that even 90 seconds may not be long enough in many instances. | ||
|
||
EXPOSE 5432 | ||
CMD ["postgres"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
# vim:set ft=dockerfile: | ||
FROM quay.io/enterprisedb/edb-ubi:8.9-1107.1705420509 | ||
|
||
# Do not split the description, otherwise we will see a blank space in the labels | ||
LABEL name="PostgreSQL Container Images" \ | ||
vendor="EnterpriseDB" \ | ||
url="https://www.enterprisedb.com/" \ | ||
version="12.17" \ | ||
release="1" \ | ||
summary="PostgreSQL Container images." \ | ||
description="This Docker image contains PostgreSQL and Barman Cloud based on RedHat Universal Base Images (UBI) 8." | ||
|
||
COPY root/ / | ||
|
||
ARG TARGETARCH | ||
RUN set -xe ; \ | ||
ARCH="${TARGETARCH}" ; \ | ||
base_url="https://download.postgresql.org/pub/repos/yum/reporpms" ; \ | ||
pg_audit_pkg="pgaudit14_12" ; \ | ||
case $ARCH in \ | ||
amd64) \ | ||
yum -y install "${base_url}/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm" ; \ | ||
if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ | ||
arm64) \ | ||
yum -y install "${base_url}/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm" ; \ | ||
if [ "12" -gt "15" ]; then pg_audit_pkg="pgaudit_12"; fi ;; \ | ||
*) \ | ||
exit 1 ;; \ | ||
esac ; \ | ||
yum -y upgrade glibc-common ; \ | ||
yum -y reinstall glibc-common ; \ | ||
rm -fr /etc/rpm/macros.image-language-conf ; \ | ||
yum -y install hostname rsync tar gettext bind-utils nss_wrapper glibc-locale-source glibc-langpack-en glibc-all-langpacks ; \ | ||
yum -y --setopt=tsflags=nodocs install \ | ||
postgresql12-12.17 \ | ||
postgresql12-contrib-12.17 \ | ||
postgresql12-server-12.17 \ | ||
postgresql12-libs-12.17 \ | ||
pg_failover_slots_12 \ | ||
"$pg_audit_pkg" \ | ||
; \ | ||
rm -fr /tmp/* ; \ | ||
yum -y clean all --enablerepo='*' | ||
|
||
# Install barman-cloud | ||
RUN set -xe ; \ | ||
yum -y install python3.11-pip python3.11-psycopg2 ; \ | ||
pip3.11 install --upgrade pip ; \ | ||
pip3.11 install -r requirements.txt ; \ | ||
yum -y clean all --enablerepo='*' | ||
|
||
# make the sample config easier to munge (and "correct by default") | ||
RUN set -eux; \ | ||
sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/pgsql-12/share/postgresql.conf.sample; \ | ||
grep -F "listen_addresses = '*'" /usr/pgsql-12/share/postgresql.conf.sample | ||
|
||
# prepare the environment and make sure postgres user has the correct UID | ||
RUN set -xeu ; \ | ||
localedef -f UTF-8 -i en_US en_US.UTF-8 ; \ | ||
test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ; \ | ||
mkdir -p /var/run/postgresql ; \ | ||
chown postgres:postgres /var/run/postgresql ; \ | ||
chmod 0755 /var/run/postgresql | ||
|
||
ENV PATH $PATH:/usr/pgsql-12/bin | ||
|
||
RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql | ||
|
||
ENV PGDATA /var/lib/postgresql/data/pgdata | ||
# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) | ||
RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" | ||
VOLUME /var/lib/postgresql/data | ||
|
||
RUN mkdir /docker-entrypoint-initdb.d | ||
|
||
# Remove example certificates in pem and enc format from /usr/share/doc folder | ||
RUN find /usr/share/doc -type f '(' -iname "*.pem" -o -iname "*.enc" ')' -exec rm -rf {} \; || true | ||
|
||
# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout | ||
RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true | ||
|
||
USER 26 | ||
|
||
ENTRYPOINT ["docker-entrypoint.sh"] | ||
|
||
# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL | ||
# calls "Fast Shutdown mode" wherein new connections are disallowed and any | ||
# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and | ||
# flush tables to disk, which is the best compromise available to avoid data | ||
# corruption. | ||
# | ||
# Users who know their applications do not keep open long-lived idle connections | ||
# may way to use a value of SIGTERM instead, which corresponds to "Smart | ||
# Shutdown mode" in which any existing sessions are allowed to finish and the | ||
# server stops when all sessions are terminated. | ||
# | ||
# See https://www.postgresql.org/docs/12/server-shutdown.html for more details | ||
# about available PostgreSQL server shutdown signals. | ||
# | ||
# See also https://www.postgresql.org/docs/12/server-start.html for further | ||
# justification of this as the default value, namely that the example (and | ||
# shipped) systemd service files use the "Fast Shutdown mode" for service | ||
# termination. | ||
# | ||
STOPSIGNAL SIGINT | ||
# | ||
# An additional setting that is recommended for all users regardless of this | ||
# value is the runtime "--stop-timeout" (or your orchestrator/runtime's | ||
# equivalent) for controlling how long to wait between sending the defined | ||
# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). | ||
# | ||
# The default in most runtimes (such as Docker) is 10 seconds, and the | ||
# documentation at https://www.postgresql.org/docs/12/server-start.html notes | ||
# that even 90 seconds may not be long enough in many instances. | ||
|
||
EXPOSE 5432 | ||
CMD ["postgres"] |
Oops, something went wrong.