FROM registry.fedoraproject.org/f34/s2i-core:latest

# PostgreSQL image for OpenShift.

# Volumes:

#  * /var/lib/psql/data   - Database cluster for PostgreSQL

# Environment:

#  * $POSTGRESQL_USER     - Database user name

#  * $POSTGRESQL_PASSWORD - User's password

#  * $POSTGRESQL_DATABASE - Name of the database to create

#  * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres'

#                           PostgreSQL administrative account

ENV NAME=postgresql \

    VERSION=0 \

    ARCH=x86_64 \

    \

    POSTGRESQL_VERSION=12 \

    POSTGRESQL_PREV_VERSION=11 \

    HOME=/var/lib/pgsql \

    PGUSER=postgres \

    APP_DATA=/opt/app-root

ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \

    DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \

The image contains the client and server programs that you'll need to \

create, run, maintain and access a PostgreSQL DBMS server."

LABEL summary="$SUMMARY" \

      description="$DESCRIPTION" \

      io.k8s.description="$DESCRIPTION" \

      io.k8s.display-name="PostgreSQL 12" \

      io.openshift.expose-services="5432:postgresql" \

      io.openshift.tags="database,postgresql,postgresql12" \

      com.redhat.component="$NAME" \

      maintainer="SoftwareCollections.org <sclorg@redhat.com>" \

      name="$FGC/$NAME" \

      version="0" \

      usage="docker run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 $FGC/$NAME"

EXPOSE 5432

COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions

# This image must forever use UID 26 for postgres user so our volumes are

# safe in the future. This should *never* change, the last test is there

# to make sure of that.

RUN INSTALL_PKGS="rsync tar gettext bind-utils postgresql-server postgresql-contrib nss_wrapper " && \

    INSTALL_PKGS+="findutils xz" && \

    INSTALL_PKGS+=" pgaudit" && \

    dnf -y module enable postgresql:12 && \

    dnf -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \

    rpm -V $INSTALL_PKGS && \

    dnf clean all && \

    test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \

    mkdir -p /var/lib/pgsql/data && \

    /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql

# Get prefix path and path to scripts rather than hard-code them in scripts

ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql

COPY root /

COPY ./s2i/bin/ $STI_SCRIPTS_PATH

VOLUME ["/var/lib/pgsql/data"]

# S2I permission fixes

# --------------------

# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i

#    build process would be executed as 'uid=26(postgres) gid=26(postgres)'.

#    Such process wouldn't be able to execute the default 'assemble' script

#    correctly (it transitively executes 'fix-permissions' script).  So let's

#    add the 'postgres' user into 'root' group here

#

# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build

#    anyways) to assure that s2i process is actually able to _read_ the

#    user-specified scripting.

RUN usermod -a -G root postgres && \

    /usr/libexec/fix-permissions --read-only "$APP_DATA"

USER 26

ENTRYPOINT ["container-entrypoint"]

CMD ["run-postgresql"]