docker-images/postgres
1
0
Fork 0
mirror of https://github.com/docker-library/postgres.git synced 2025-07-29 21:41:20 +03:00
Code Activity

Functionalize the entrypoint to allow outside sourcing for extreme customizing of startup

Browse Source
This commit is contained in:
Joe Ferguson
2018-09-10 16:46:22 -07:00
parent a8613f4cda
commit 48f2ad1b73
1 changed files with 203 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

198
docker-entrypoint.sh
View File

@ -24,37 +24,39 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
if [ "${1:0:1}" = '-' ]; then # check to see if this file is being run or sourced from another script
set -- postgres "$@" _is_sourced() {
fi # https://unix.stackexchange.com/a/215279
[ "${FUNCNAME[${#FUNCNAME[@]} - 1]}" == 'source' ]
}
# used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user
create_postgres_dirs() {
local user="$(id -u)"
# allow the container to be started with `--user`
if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
mkdir -p "$PGDATA" mkdir -p "$PGDATA"
chown -R postgres "$PGDATA"
chmod 700 "$PGDATA" chmod 700 "$PGDATA"
mkdir -p /var/run/postgresql # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
chown -R postgres /var/run/postgresql mkdir -p /var/run/postgresql || :
chmod 775 /var/run/postgresql chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user # Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ "$POSTGRES_INITDB_WALDIR" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR" mkdir -p "$POSTGRES_INITDB_WALDIR"
chown -R postgres "$POSTGRES_INITDB_WALDIR" [ "$user" = '0' ] && find "$POSTGRES_INITDB_WALDIR" \! -user postgres - exec chown postgres '{}' +
chmod 700 "$POSTGRES_INITDB_WALDIR" chmod 700 "$POSTGRES_INITDB_WALDIR"
fi fi
exec gosu postgres "$BASH_SOURCE" "$@" # allow the container to be started with `--user`
fi if [ "$user" = '0' ]; then
find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
fi
}
if [ "$1" = 'postgres' ]; then # initialize empty PGDATA directory with new database via 'initdb'
mkdir -p "$PGDATA" init_pgdata() {
chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
chmod 700 "$PGDATA" 2>/dev/null || :
# look specifically for PG_VERSION, as it is expected in the DB dir
if [ ! -s "$PGDATA/PG_VERSION" ]; then
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
@ -65,13 +67,11 @@ if [ "$1" = 'postgres' ]; then
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi fi
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_PASSWORD'
file_env 'POSTGRES_INITDB_ARGS' file_env 'POSTGRES_INITDB_ARGS'
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ "$POSTGRES_INITDB_WALDIR" ]; then
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR" export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
fi fi
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS" eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
# unset/cleanup "nss_wrapper" bits # unset/cleanup "nss_wrapper" bits
@ -79,12 +79,12 @@ if [ "$1" = 'postgres' ]; then
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
fi fi
}
# print large warning if POSTGRES_PASSWORD is empty
print_password_warning() {
# check password first so we can output the warning before postgres # check password first so we can output the warning before postgres
# messes it up # messes it up
if [ -n "$POSTGRES_PASSWORD" ]; then
authMethod=md5
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
cat >&2 <<-'EOWARN' cat >&2 <<-'EOWARN'
@ -97,7 +97,7 @@ if [ "$1" = 'postgres' ]; then
EOWARN EOWARN
fi fi
else if [ -z "$POSTGRES_PASSWORD" ]; then
# The - option suppresses leading tabs but *not* spaces. :) # The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOWARN' cat >&2 <<-'EOWARN'
**************************************************** ****************************************************
@ -113,36 +113,18 @@ if [ "$1" = 'postgres' ]; then
**************************************************** ****************************************************
EOWARN EOWARN
authMethod=trust
fi fi
}
{ # run, source, or read files from /docker-entrypoint-initdb.d (or specified directory)
echo process_init_files() {
echo "host all all all $authMethod" # psql here for backwards compatiblilty "${psql[@]}"
} >> "$PGDATA/pg_hba.conf" psql=( psql_run )
# internal start of server in order to allow set-up using psql-client local initDir="${1:-/docker-entrypoint-initdb.d}"
# does not listen on external TCP/IP and waits until start finishes
PGUSER="${PGUSER:-$POSTGRES_USER}" \
pg_ctl -D "$PGDATA" \
-o "-c listen_addresses=''" \
-w start
file_env 'POSTGRES_DB' "$POSTGRES_USER"
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
if [ "$POSTGRES_DB" != 'postgres' ]; then
"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
CREATE DATABASE :"db" ;
EOSQL
echo
fi
psql+=( --dbname "$POSTGRES_DB" )
echo echo
for f in /docker-entrypoint-initdb.d/*; do for f in "${initDir%/}"/*; do
case "$f" in case "$f" in
*.sh) *.sh)
# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
@ -155,22 +137,124 @@ if [ "$1" = 'postgres' ]; then
. "$f" . "$f"
fi fi
;; ;;
*.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; *.sql) echo "$0: running $f"; psql_run -f "$f"; echo ;;
*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | psql_run; echo ;;
*) echo "$0: ignoring $f" ;; *) echo "$0: ignoring $f" ;;
esac esac
echo echo
done done
}
# run `psql` with proper arguments for user and db
psql_run() {
local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
if [ -n "$POSTGRES_DB" ]; then
query_runner+=( --dbname "$POSTGRES_DB" )
fi
"${query_runner[@]}" "$@"
}
# create initial postgresql superuser with password and database
# uses environment variables for input: POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB
setup_database() {
if [ "$POSTGRES_DB" != 'postgres' ]; then
POSTGRES_DB= psql_run --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
CREATE DATABASE :"db" ;
EOSQL
echo
fi
}
# get user/pass and db from env vars or via file
setup_env_vars() {
file_env 'POSTGRES_PASSWORD'
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
}
# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
setup_pg_hba() {
local authMethod
if [ "$POSTGRES_PASSWORD" ]; then
authMethod='md5'
else
authMethod='trust'
fi
{
echo
echo "host all all all $authMethod"
} >> "$PGDATA/pg_hba.conf"
}
# start socket-only postgresql server for setting up user or running scripts
temporary_pgserver_start() {
# internal start of server in order to allow set-up using psql-client
# does not listen on external TCP/IP and waits until start finishes
PGUSER="${PGUSER:-$POSTGRES_USER}" \ PGUSER="${PGUSER:-$POSTGRES_USER}" \
pg_ctl -D "$PGDATA" -m fast -w stop pg_ctl -D "$PGDATA" \
-o "-c listen_addresses=''" \
-w start
#??? "$@"
}
# stop postgresql server after done setting up user and running scripts
temporary_pgserver_stop() {
PGUSER="${PGUSER:-postgres}" \
pg_ctl -D "$PGDATA" -m fast -w stop
}
main() {
# if first arg looks like a flag, assume we want to run postgres server
if [ "${1:0:1}" = '-' ]; then
set -- postgres "$@"
fi
# setup data directories and permissions, then restart script as postgres user
if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
create_postgres_dirs
exec gosu postgres "$BASH_SOURCE" "$@"
fi
if [ "$1" = 'postgres' ]; then
create_postgres_dirs
# only run initialization on an empty data directory
# look specifically for PG_VERSION, as it is expected in the DB dir
if [ ! -s "$PGDATA/PG_VERSION" ]; then
init_pgdata
setup_env_vars
print_password_warning
setup_pg_hba
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
temporary_pgserver_start
setup_database
process_init_files
temporary_pgserver_stop
unset PGPASSWORD unset PGPASSWORD
echo echo
echo 'PostgreSQL init process complete; ready for start up.' echo 'PostgreSQL init process complete; ready for start up.'
echo echo
else
echo
echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
echo
fi
fi fi
fi
exec "$@" exec "$@"
}
if ! _is_sourced; then
main "$@"
fi