|
|
9b9faca |
FROM registry.fedoraproject.org/f34/s2i-core:latest
|
|
|
777c768 |
|
|
|
777c768 |
# PostgreSQL image for OpenShift.
|
|
|
777c768 |
# Volumes:
|
|
|
777c768 |
# * /var/lib/psql/data - Database cluster for PostgreSQL
|
|
|
777c768 |
# Environment:
|
|
|
777c768 |
# * $POSTGRESQL_USER - Database user name
|
|
|
777c768 |
# * $POSTGRESQL_PASSWORD - User's password
|
|
|
777c768 |
# * $POSTGRESQL_DATABASE - Name of the database to create
|
|
|
777c768 |
# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres'
|
|
|
777c768 |
# PostgreSQL administrative account
|
|
|
777c768 |
|
|
|
23f709b |
ENV NAME=postgresql \
|
|
|
23f709b |
VERSION=0 \
|
|
|
23f709b |
ARCH=x86_64 \
|
|
|
23f709b |
\
|
|
|
7142c18 |
POSTGRESQL_VERSION=12 \
|
|
|
021eb6a |
POSTGRESQL_PREV_VERSION=11 \
|
|
|
777c768 |
HOME=/var/lib/pgsql \
|
|
|
23f709b |
PGUSER=postgres \
|
|
|
23f709b |
APP_DATA=/opt/app-root
|
|
|
777c768 |
|
|
|
23f709b |
ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \
|
|
|
23f709b |
DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \
|
|
|
23f709b |
The image contains the client and server programs that you'll need to \
|
|
|
23f709b |
create, run, maintain and access a PostgreSQL DBMS server."
|
|
|
23f709b |
|
|
|
23f709b |
LABEL summary="$SUMMARY" \
|
|
|
23f709b |
description="$DESCRIPTION" \
|
|
|
23f709b |
io.k8s.description="$DESCRIPTION" \
|
|
|
7142c18 |
io.k8s.display-name="PostgreSQL 12" \
|
|
|
777c768 |
io.openshift.expose-services="5432:postgresql" \
|
|
|
7142c18 |
io.openshift.tags="database,postgresql,postgresql12" \
|
|
|
23f709b |
com.redhat.component="$NAME" \
|
|
|
23f709b |
maintainer="SoftwareCollections.org <sclorg@redhat.com>" \
|
|
|
23f709b |
name="$FGC/$NAME" \
|
|
|
d097994 |
version="0" \
|
|
|
23f709b |
usage="docker run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 $FGC/$NAME"
|
|
|
777c768 |
|
|
|
777c768 |
EXPOSE 5432
|
|
|
777c768 |
|
|
|
23f709b |
COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions
|
|
|
777c768 |
|
|
|
777c768 |
# This image must forever use UID 26 for postgres user so our volumes are
|
|
|
777c768 |
# safe in the future. This should *never* change, the last test is there
|
|
|
777c768 |
# to make sure of that.
|
|
|
10a4b30 |
RUN INSTALL_PKGS="rsync tar gettext bind-utils postgresql-server postgresql-contrib nss_wrapper " && \
|
|
|
23f709b |
INSTALL_PKGS+="findutils xz" && \
|
|
|
7142c18 |
INSTALL_PKGS+=" pgaudit" && \
|
|
|
7142c18 |
dnf -y module enable postgresql:12 && \
|
|
|
10a4b30 |
dnf -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \
|
|
|
777c768 |
rpm -V $INSTALL_PKGS && \
|
|
|
10a4b30 |
dnf clean all && \
|
|
|
777c768 |
test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \
|
|
|
777c768 |
mkdir -p /var/lib/pgsql/data && \
|
|
|
23f709b |
/usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql
|
|
|
777c768 |
|
|
|
777c768 |
# Get prefix path and path to scripts rather than hard-code them in scripts
|
|
|
10a4b30 |
ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql
|
|
|
777c768 |
|
|
|
23f709b |
COPY root /
|
|
|
23f709b |
COPY ./s2i/bin/ $STI_SCRIPTS_PATH
|
|
|
23f709b |
|
|
|
777c768 |
VOLUME ["/var/lib/pgsql/data"]
|
|
|
777c768 |
|
|
|
23f709b |
# S2I permission fixes
|
|
|
23f709b |
# --------------------
|
|
|
23f709b |
# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i
|
|
|
23f709b |
# build process would be executed as 'uid=26(postgres) gid=26(postgres)'.
|
|
|
23f709b |
# Such process wouldn't be able to execute the default 'assemble' script
|
|
|
23f709b |
# correctly (it transitively executes 'fix-permissions' script). So let's
|
|
|
23f709b |
# add the 'postgres' user into 'root' group here
|
|
|
23f709b |
#
|
|
|
23f709b |
# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build
|
|
|
23f709b |
# anyways) to assure that s2i process is actually able to _read_ the
|
|
|
23f709b |
# user-specified scripting.
|
|
|
23f709b |
RUN usermod -a -G root postgres && \
|
|
|
23f709b |
/usr/libexec/fix-permissions --read-only "$APP_DATA"
|
|
|
23f709b |
|
|
|
777c768 |
USER 26
|
|
|
777c768 |
|
|
|
777c768 |
ENTRYPOINT ["container-entrypoint"]
|
|
|
777c768 |
CMD ["run-postgresql"]
|