Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve container image #60

Merged
merged 11 commits into from
Jul 25, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 2 additions & 6 deletions .docker/prod.Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -48,17 +48,13 @@ RUN apt-get update && \

WORKDIR /home/postgres

RUN usermod -u 104 postgres && groupmod -g 106 postgres

RUN chown -R postgres:postgres /var/lib/postgresql && \
RUN usermod -u 104 postgres && groupmod -g 106 postgres && \
chown -R postgres:postgres /var/lib/postgresql && \
chown -R postgres:postgres /var/run/postgresql && \
chown -R postgres:postgres /var/log/postgresql && \
chown -R postgres:postgres /etc/postgresql && \
chmod 755 /usr/local/bin/start-postgresql /usr/local/bin/entrypoint


RUN sed -i 's/peer/trust/' /etc/postgresql/13/main/pg_hba.conf

ENTRYPOINT [ "/usr/local/bin/entrypoint" ]

CMD ["/usr/local/bin/start-postgresql"]
78 changes: 63 additions & 15 deletions .docker/start-postgresql.sh
Original file line number Diff line number Diff line change
@@ -1,23 +1,71 @@
#!/bin/sh

[ -z "$GVMD_USER" ] && GVMD_USER="gvmd"
[ -z "$PGRES_DATA"] && PGRES_DATA="/var/lib/postgresql"
[ -z "$POSTGRES_USER" ] && POSTGRES_USER="gvmd"
[ -z "$POSTGRES_DATA" ] && POSTGRES_DATA="/var/lib/postgresql"
[ -z "$POSTGRES_HOST_AUTH_METHOD" ] && POSTGRES_HOST_AUTH_METHOD="md5"

rm -f $PGRES_DATA/started
POSTGRES_DB=gvmd
POSTGRES_VERSION=13
POSTGRES_HBA_CONF="/etc/postgresql/$POSTGRES_VERSION/main/pg_hba.conf"

pg_ctlcluster -o "-k /tmp" 13 main start
rm -f "$POSTGRES_DATA/started"

createuser --host=/tmp -DRS "$GVMD_USER"
createdb --host=/tmp -O gvmd "$GVMD_USER"
# allow access via unix domain socket unauthenticated
echo "local all all trust" > $POSTGRES_HBA_CONF

psql --host=/tmp -d gvmd -c "create role dba with superuser noinherit;"
psql --host=/tmp -d gvmd -c "grant dba to $GVMD_USER;"
psql --host=/tmp -d gvmd -c 'create extension "uuid-ossp";'
psql --host=/tmp -d gvmd -c 'create extension "pgcrypto";'
psql --host=/tmp -d gvmd -c 'create extension "pg-gvm";'
if [ "$POSTGRES_HOST_AUTH_METHOD" = "trust" ]; then
echo "# warning trust is enabled for all connections"
echo "# see https://www.postgresql.org/docs/$POSTGRES_VERSION/auth-trust.html"
fi

echo "host all all all $POSTGRES_HOST_AUTH_METHOD" >> $POSTGRES_HBA_CONF

pg_ctlcluster -o "-k /tmp" -o "-c listen_addresses=''" $POSTGRES_VERSION main start

USER_EXISTS="$(echo "SELECT 1 FROM pg_roles WHERE rolname = '$POSTGRES_USER'" | psql --host=/tmp -d postgres --tuples-only)"
if [ -z "$USER_EXISTS" ]; then
createuser --host=/tmp -DRS "$POSTGRES_USER"
fi

if [ -n "$POSTGRES_PASSWORD" ]; then
echo "ALTER ROLE $POSTGRES_USER PASSWORD '$POSTGRES_PASSWORD';" | \
psql --host=/tmp -d postgres
fi

DB_EXISTS="$(echo "SELECT 1 FROM pg_database WHERE datname = '$POSTGRES_DB';" | psql --host=/tmp -d postgres --tuples-only)"
if [ -z "$DB_EXISTS" ]; then
createdb --host=/tmp -O "$POSTGRES_DB" "$POSTGRES_USER"
fi;

DBA_EXISTS="$(echo "SELECT 1 FROM pg_roles WHERE rolname = 'dba';" | psql --host=/tmp -d $POSTGRES_DB --tuples-only)"
if [ -z "$DBA_EXISTS" ]; then
psql --host=/tmp -d $POSTGRES_DB -c "create role dba with superuser noinherit;"
psql --host=/tmp -d $POSTGRES_DB -c "grant dba to $POSTGRES_USER;"
fi

UUID_OSSP_EXTENSION_EXISTS="$(echo "SELECT 1 FROM pg_extension WHERE extname = 'uuid-ossp';" | psql --host=/tmp -d $POSTGRES_DB --tuples-only)"
if [ -z "$UUID_OSSP_EXTENSION_EXISTS" ]; then
psql --host=/tmp -d $POSTGRES_DB -c 'create extension "uuid-ossp";'
fi

PGCRYPTO_EXTENSION_EXISTS="$(echo "SELECT 1 FROM pg_extension WHERE extname = 'pgcrypto';" | psql --host=/tmp -d $POSTGRES_DB --tuples-only)"
if [ -z "$PGCRYPTO_EXTENSION_EXISTS" ]; then
psql --host=/tmp -d $POSTGRES_DB -c 'create extension "pgcrypto";'
fi

PG_GVM_EXTENSION_EXISTS="$(echo "SELECT 1 FROM pg_extension WHERE extname = 'pg-gvm';" | psql --host=/tmp -d $POSTGRES_DB --tuples-only)"
if [ -z "$PG_GVM_EXTENSION_EXISTS" ]; then
psql --host=/tmp -d $POSTGRES_DB -c 'create extension "pg-gvm";'
fi

pg_ctlcluster --foreground $POSTGRES_VERSION main stop

pg_ctlcluster --foreground 13 main stop
# Touch file, signaling startup is done
touch $PGRES_DATA/started
pg_ctlcluster --foreground 13 main start
trap 'rm -f $PGRES_DATA/started && echo "Deleted verification file."' EXIT
touch "$POSTGRES_DATA/started"
pg_ctlcluster -o "-c listen_addresses='*'" --foreground $POSTGRES_VERSION main start

at_exit() {
rm -f "$POSTGRES_DATA/started" && echo "Deleted verification file."
}

trap at_exit EXIT