FROM registry.fedoraproject.org/f34/s2i-core:latest # PostgreSQL image for OpenShift. # Volumes: # * /var/lib/psql/data - Database cluster for PostgreSQL # Environment: # * $POSTGRESQL_USER - Database user name # * $POSTGRESQL_PASSWORD - User's password # * $POSTGRESQL_DATABASE - Name of the database to create # * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' # PostgreSQL administrative account ENV NAME=postgresql \ VERSION=0 \ ARCH=x86_64 \ \ POSTGRESQL_VERSION=12 \ POSTGRESQL_PREV_VERSION=11 \ HOME=/var/lib/pgsql \ PGUSER=postgres \ APP_DATA=/opt/app-root ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ The image contains the client and server programs that you'll need to \ create, run, maintain and access a PostgreSQL DBMS server." LABEL summary="$SUMMARY" \ description="$DESCRIPTION" \ io.k8s.description="$DESCRIPTION" \ io.k8s.display-name="PostgreSQL 12" \ io.openshift.expose-services="5432:postgresql" \ io.openshift.tags="database,postgresql,postgresql12" \ com.redhat.component="$NAME" \ maintainer="SoftwareCollections.org " \ name="$FGC/$NAME" \ version="0" \ usage="docker run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 $FGC/$NAME" EXPOSE 5432 COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions # This image must forever use UID 26 for postgres user so our volumes are # safe in the future. This should *never* change, the last test is there # to make sure of that. RUN INSTALL_PKGS="rsync tar gettext bind-utils postgresql-server postgresql-contrib nss_wrapper " && \ INSTALL_PKGS+="findutils xz" && \ INSTALL_PKGS+=" pgaudit" && \ dnf -y module enable postgresql:12 && \ dnf -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ dnf clean all && \ test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ mkdir -p /var/lib/pgsql/data && \ /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql # Get prefix path and path to scripts rather than hard-code them in scripts ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql COPY root / COPY ./s2i/bin/ $STI_SCRIPTS_PATH VOLUME ["/var/lib/pgsql/data"] # S2I permission fixes # -------------------- # 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i # build process would be executed as 'uid=26(postgres) gid=26(postgres)'. # Such process wouldn't be able to execute the default 'assemble' script # correctly (it transitively executes 'fix-permissions' script). So let's # add the 'postgres' user into 'root' group here # # 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build # anyways) to assure that s2i process is actually able to _read_ the # user-specified scripting. RUN usermod -a -G root postgres && \ /usr/libexec/fix-permissions --read-only "$APP_DATA" USER 26 ENTRYPOINT ["container-entrypoint"] CMD ["run-postgresql"]