From 4439d3cc9b21454573813b0f9b52005e8b77b1e7 Mon Sep 17 00:00:00 2001 From: "Petr \"Stone\" Hracek" Date: Tue, 9 Jan 2024 10:57:10 +0100 Subject: [PATCH 1/9] Add support for postgresql-16 Signed-off-by: Petr "Stone" Hracek --- Makefile | 2 +- specs/multispec.yml | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 6cd33a76..c1fc54ab 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # Variables are documented in common/build.sh. BASE_IMAGE_NAME = postgresql -VERSIONS = 10 12 13 14 15 +VERSIONS = 10 12 13 14 15 16 OPENSHIFT_NAMESPACES = 9.2 NOT_RELEASED_VERSIONS = diff --git a/specs/multispec.yml b/specs/multispec.yml index ac8e6e0a..7638ca1d 100644 --- a/specs/multispec.yml +++ b/specs/multispec.yml @@ -156,6 +156,15 @@ specs: c9s_image_name: "sclorg/postgresql-{{ spec.short }}-c9s" latest_fedora: "f38" + "16": + version: "16" + prev_version: "13" + short: "16" + prev_short: "13" + common_image_name: "{{ spec.org }}/postgresql-{{ spec.short }}-{{ spec.prod }}" + c9s_image_name: "sclorg/postgresql-{{ spec.short }}-c9s" + latest_fedora: "f39" + matrix: exclude: @@ -185,3 +194,7 @@ matrix: - rhel-7-x86_64 - centos-7-x86_64 version: "15" + - distros: + - rhel-7-x86_64 + - centos-7-x86_64 + version: "16" From a847e424e51e303c3119c65827d4a0c05f7f2ed1 Mon Sep 17 00:00:00 2001 From: "Petr \"Stone\" Hracek" Date: Tue, 9 Jan 2024 10:57:29 +0100 Subject: [PATCH 2/9] Add generated sources for Postgresql-16 Signed-off-by: Petr "Stone" Hracek --- 16/Dockerfile.c8s | 85 +++ 16/Dockerfile.c9s | 84 +++ 16/Dockerfile.fedora | 84 +++ 16/Dockerfile.rhel8 | 86 +++ 16/Dockerfile.rhel9 | 86 +++ 16/README.md | 1 + 16/root/usr/bin/container-entrypoint | 3 + 16/root/usr/bin/run-postgresql | 58 ++ 16/root/usr/bin/run-postgresql-master | 5 + 16/root/usr/bin/run-postgresql-slave | 39 ++ 16/root/usr/bin/usage | 4 + 16/root/usr/libexec/check-container | 27 + 16/root/usr/libexec/fix-permissions | 39 ++ .../container-scripts/postgresql/README.md | 195 +++++++ .../container-scripts/postgresql/common.sh | 504 ++++++++++++++++++ ...ustom-postgresql-replication.conf.template | 7 + .../openshift-custom-postgresql.conf.template | 21 + .../openshift-custom-recovery.conf.template | 8 + .../container-scripts/postgresql/scl_enable | 3 + .../postgresql/start/set_passwords.sh | 23 + 16/s2i/bin/assemble | 14 + 16/s2i/bin/run | 1 + 16/s2i/bin/usage | 1 + 16/test | 1 + 24 files changed, 1379 insertions(+) create mode 100644 16/Dockerfile.c8s create mode 100644 16/Dockerfile.c9s create mode 100644 16/Dockerfile.fedora create mode 100644 16/Dockerfile.rhel8 create mode 100644 16/Dockerfile.rhel9 create mode 120000 16/README.md create mode 100755 16/root/usr/bin/container-entrypoint create mode 100755 16/root/usr/bin/run-postgresql create mode 100755 16/root/usr/bin/run-postgresql-master create mode 100755 16/root/usr/bin/run-postgresql-slave create mode 100755 16/root/usr/bin/usage create mode 100755 16/root/usr/libexec/check-container create mode 100755 16/root/usr/libexec/fix-permissions create mode 100644 16/root/usr/share/container-scripts/postgresql/README.md create mode 100644 16/root/usr/share/container-scripts/postgresql/common.sh create mode 100644 16/root/usr/share/container-scripts/postgresql/openshift-custom-postgresql-replication.conf.template create mode 100644 16/root/usr/share/container-scripts/postgresql/openshift-custom-postgresql.conf.template create mode 100644 16/root/usr/share/container-scripts/postgresql/openshift-custom-recovery.conf.template create mode 100644 16/root/usr/share/container-scripts/postgresql/scl_enable create mode 100644 16/root/usr/share/container-scripts/postgresql/start/set_passwords.sh create mode 100755 16/s2i/bin/assemble create mode 120000 16/s2i/bin/run create mode 100755 16/s2i/bin/usage create mode 120000 16/test diff --git a/16/Dockerfile.c8s b/16/Dockerfile.c8s new file mode 100644 index 00000000..62366632 --- /dev/null +++ b/16/Dockerfile.c8s @@ -0,0 +1,85 @@ +FROM quay.io/sclorg/s2i-core-c8s:c8s + +# PostgreSQL image for OpenShift. +# Volumes: +# * /var/lib/pgsql/data - Database cluster for PostgreSQL +# Environment: +# * $POSTGRESQL_USER - Database user name +# * $POSTGRESQL_PASSWORD - User's password +# * $POSTGRESQL_DATABASE - Name of the database to create +# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' +# PostgreSQL administrative account + +ENV POSTGRESQL_VERSION=16 \ + POSTGRESQL_PREV_VERSION=13 \ + HOME=/var/lib/pgsql \ + PGUSER=postgres \ + APP_DATA=/opt/app-root + +ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ + DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ +The image contains the client and server programs that you'll need to \ +create, run, maintain and access a PostgreSQL DBMS server." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="PostgreSQL 16" \ + io.openshift.expose-services="5432:postgresql" \ + io.openshift.tags="database,postgresql,postgresql16,postgresql-16" \ + io.openshift.s2i.assemble-user="26" \ + name="sclorg/postgresql-16-c8s" \ + com.redhat.component="postgresql-16-container" \ + version="1" \ + usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 sclorg/postgresql-16-c8s" \ + maintainer="SoftwareCollections.org " + +EXPOSE 5432 + +COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions + +# This image must forever use UID 26 for postgres user so our volumes are +# safe in the future. This should *never* change, the last test is there +# to make sure of that. +RUN yum -y module enable postgresql:16 && \ + INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper postgresql-server postgresql-contrib" && \ + INSTALL_PKGS="$INSTALL_PKGS pgaudit" && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + postgres -V | grep -qe "$POSTGRESQL_VERSION\." && echo "Found VERSION $POSTGRESQL_VERSION" && \ + yum -y reinstall tzdata && \ + yum -y clean all --enablerepo='*' && \ + localedef -f UTF-8 -i en_US en_US.UTF-8 && \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ + mkdir -p /var/lib/pgsql/data && \ + /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql + +# Get prefix path and path to scripts rather than hard-code them in scripts +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ + ENABLED_COLLECTIONS= + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +# Not using VOLUME statement since it's not working in OpenShift Online: +# https://github.com/sclorg/httpd-container/issues/30 +# VOLUME ["/var/lib/pgsql/data"] + +# S2I permission fixes +# -------------------- +# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i +# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. +# Such process wouldn't be able to execute the default 'assemble' script +# correctly (it transitively executes 'fix-permissions' script). So let's +# add the 'postgres' user into 'root' group here +# +# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build +# anyways) to assure that s2i process is actually able to _read_ the +# user-specified scripting. +RUN usermod -a -G root postgres && \ + /usr/libexec/fix-permissions --read-only "$APP_DATA" + +USER 26 + +ENTRYPOINT ["container-entrypoint"] +CMD ["run-postgresql"] diff --git a/16/Dockerfile.c9s b/16/Dockerfile.c9s new file mode 100644 index 00000000..9a8d35d0 --- /dev/null +++ b/16/Dockerfile.c9s @@ -0,0 +1,84 @@ +FROM quay.io/sclorg/s2i-core-c9s:c9s + +# PostgreSQL image for OpenShift. +# Volumes: +# * /var/lib/pgsql/data - Database cluster for PostgreSQL +# Environment: +# * $POSTGRESQL_USER - Database user name +# * $POSTGRESQL_PASSWORD - User's password +# * $POSTGRESQL_DATABASE - Name of the database to create +# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' +# PostgreSQL administrative account + +ENV POSTGRESQL_VERSION=16 \ + POSTGRESQL_PREV_VERSION=13 \ + HOME=/var/lib/pgsql \ + PGUSER=postgres \ + APP_DATA=/opt/app-root + +ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ + DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ +The image contains the client and server programs that you'll need to \ +create, run, maintain and access a PostgreSQL DBMS server." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="PostgreSQL 16" \ + io.openshift.expose-services="5432:postgresql" \ + io.openshift.tags="database,postgresql,postgresql16,postgresql-16" \ + io.openshift.s2i.assemble-user="26" \ + name="sclorg/postgresql-16-c9s" \ + com.redhat.component="postgresql-16-container" \ + version="1" \ + usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 sclorg/postgresql-16-c9s" \ + maintainer="SoftwareCollections.org " + +EXPOSE 5432 + +COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions + +# This image must forever use UID 26 for postgres user so our volumes are +# safe in the future. This should *never* change, the last test is there +# to make sure of that. +RUN { yum -y module enable postgresql:16 || :; } && \ + INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper postgresql-server postgresql-contrib" && \ + INSTALL_PKGS="$INSTALL_PKGS pgaudit" && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + postgres -V | grep -qe "$POSTGRESQL_VERSION\." && echo "Found VERSION $POSTGRESQL_VERSION" && \ + yum -y clean all --enablerepo='*' && \ + localedef -f UTF-8 -i en_US en_US.UTF-8 && \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ + mkdir -p /var/lib/pgsql/data && \ + /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql + +# Get prefix path and path to scripts rather than hard-code them in scripts +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ + ENABLED_COLLECTIONS= + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +# Not using VOLUME statement since it's not working in OpenShift Online: +# https://github.com/sclorg/httpd-container/issues/30 +# VOLUME ["/var/lib/pgsql/data"] + +# S2I permission fixes +# -------------------- +# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i +# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. +# Such process wouldn't be able to execute the default 'assemble' script +# correctly (it transitively executes 'fix-permissions' script). So let's +# add the 'postgres' user into 'root' group here +# +# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build +# anyways) to assure that s2i process is actually able to _read_ the +# user-specified scripting. +RUN usermod -a -G root postgres && \ + /usr/libexec/fix-permissions --read-only "$APP_DATA" + +USER 26 + +ENTRYPOINT ["container-entrypoint"] +CMD ["run-postgresql"] diff --git a/16/Dockerfile.fedora b/16/Dockerfile.fedora new file mode 100644 index 00000000..d1b193ca --- /dev/null +++ b/16/Dockerfile.fedora @@ -0,0 +1,84 @@ +FROM quay.io/fedora/s2i-core:38 + +# PostgreSQL image for OpenShift. +# Volumes: +# * /var/lib/psql/data - Database cluster for PostgreSQL +# Environment: +# * $POSTGRESQL_USER - Database user name +# * $POSTGRESQL_PASSWORD - User's password +# * $POSTGRESQL_DATABASE - Name of the database to create +# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' +# PostgreSQL administrative account + +ENV NAME=postgresql \ + VERSION=0 \ + ARCH=x86_64 \ + \ + POSTGRESQL_VERSION=16 \ + POSTGRESQL_PREV_VERSION=13 \ + HOME=/var/lib/pgsql \ + PGUSER=postgres \ + APP_DATA=/opt/app-root + +ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ + DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ +The image contains the client and server programs that you'll need to \ +create, run, maintain and access a PostgreSQL DBMS server." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="PostgreSQL 16" \ + io.openshift.expose-services="5432:postgresql" \ + io.openshift.tags="database,postgresql,postgresql16" \ + com.redhat.component="$NAME" \ + maintainer="SoftwareCollections.org " \ + name="fedora/$NAME-16" \ + version="0" \ + usage="docker run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 quay.io/fedora/$NAME-16" + +EXPOSE 5432 + +COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions + +# This image must forever use UID 26 for postgres user so our volumes are +# safe in the future. This should *never* change, the last test is there +# to make sure of that. +RUN INSTALL_PKGS="rsync tar gettext bind-utils postgresql-server postgresql-contrib nss_wrapper " && \ + INSTALL_PKGS+="findutils xz" && \ + INSTALL_PKGS+=" pgaudit" && \ + dnf -y module enable postgresql:16 && \ + dnf -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + postgres -V | grep -qe "$POSTGRESQL_VERSION\." && echo "Found VERSION $POSTGRESQL_VERSION" && \ + dnf clean all && \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ + mkdir -p /var/lib/pgsql/data && \ + /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql + +# Get prefix path and path to scripts rather than hard-code them in scripts +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +VOLUME ["/var/lib/pgsql/data"] + +# S2I permission fixes +# -------------------- +# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i +# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. +# Such process wouldn't be able to execute the default 'assemble' script +# correctly (it transitively executes 'fix-permissions' script). So let's +# add the 'postgres' user into 'root' group here +# +# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build +# anyways) to assure that s2i process is actually able to _read_ the +# user-specified scripting. +RUN usermod -a -G root postgres && \ + /usr/libexec/fix-permissions --read-only "$APP_DATA" + +USER 26 + +ENTRYPOINT ["container-entrypoint"] +CMD ["run-postgresql"] diff --git a/16/Dockerfile.rhel8 b/16/Dockerfile.rhel8 new file mode 100644 index 00000000..27e748ea --- /dev/null +++ b/16/Dockerfile.rhel8 @@ -0,0 +1,86 @@ +FROM ubi8/s2i-core + +# PostgreSQL image for OpenShift. +# Volumes: +# * /var/lib/pgsql/data - Database cluster for PostgreSQL +# Environment: +# * $POSTGRESQL_USER - Database user name +# * $POSTGRESQL_PASSWORD - User's password +# * $POSTGRESQL_DATABASE - Name of the database to create +# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' +# PostgreSQL administrative account + +ENV POSTGRESQL_VERSION=16 \ + POSTGRESQL_PREV_VERSION=13 \ + HOME=/var/lib/pgsql \ + PGUSER=postgres \ + APP_DATA=/opt/app-root + +ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ + DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ +The image contains the client and server programs that you'll need to \ +create, run, maintain and access a PostgreSQL DBMS server." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="PostgreSQL 16" \ + io.openshift.expose-services="5432:postgresql" \ + io.openshift.tags="database,postgresql,postgresql16,postgresql-16" \ + io.openshift.s2i.assemble-user="26" \ + name="rhel8/postgresql-16" \ + com.redhat.component="postgresql-16-container" \ + version="1" \ + com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#rhel" \ + usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 rhel8/postgresql-16" \ + maintainer="SoftwareCollections.org " + +EXPOSE 5432 + +COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions + +# This image must forever use UID 26 for postgres user so our volumes are +# safe in the future. This should *never* change, the last test is there +# to make sure of that. +RUN yum -y module enable postgresql:16 && \ + INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper postgresql-server postgresql-contrib" && \ + INSTALL_PKGS="$INSTALL_PKGS pgaudit" && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + postgres -V | grep -qe "$POSTGRESQL_VERSION\." && echo "Found VERSION $POSTGRESQL_VERSION" && \ + (yum -y reinstall tzdata || yum -y update tzdata ) && \ + yum -y clean all --enablerepo='*' && \ + localedef -f UTF-8 -i en_US en_US.UTF-8 && \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ + mkdir -p /var/lib/pgsql/data && \ + /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql + +# Get prefix path and path to scripts rather than hard-code them in scripts +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ + ENABLED_COLLECTIONS= + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +# Not using VOLUME statement since it's not working in OpenShift Online: +# https://github.com/sclorg/httpd-container/issues/30 +# VOLUME ["/var/lib/pgsql/data"] + +# S2I permission fixes +# -------------------- +# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i +# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. +# Such process wouldn't be able to execute the default 'assemble' script +# correctly (it transitively executes 'fix-permissions' script). So let's +# add the 'postgres' user into 'root' group here +# +# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build +# anyways) to assure that s2i process is actually able to _read_ the +# user-specified scripting. +RUN usermod -a -G root postgres && \ + /usr/libexec/fix-permissions --read-only "$APP_DATA" + +USER 26 + +ENTRYPOINT ["container-entrypoint"] +CMD ["run-postgresql"] diff --git a/16/Dockerfile.rhel9 b/16/Dockerfile.rhel9 new file mode 100644 index 00000000..a6d8d927 --- /dev/null +++ b/16/Dockerfile.rhel9 @@ -0,0 +1,86 @@ +FROM ubi9/s2i-core + +# PostgreSQL image for OpenShift. +# Volumes: +# * /var/lib/pgsql/data - Database cluster for PostgreSQL +# Environment: +# * $POSTGRESQL_USER - Database user name +# * $POSTGRESQL_PASSWORD - User's password +# * $POSTGRESQL_DATABASE - Name of the database to create +# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' +# PostgreSQL administrative account + +ENV POSTGRESQL_VERSION=16 \ + POSTGRESQL_PREV_VERSION=13 \ + HOME=/var/lib/pgsql \ + PGUSER=postgres \ + APP_DATA=/opt/app-root + +ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ + DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ +The image contains the client and server programs that you'll need to \ +create, run, maintain and access a PostgreSQL DBMS server." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="PostgreSQL 16" \ + io.openshift.expose-services="5432:postgresql" \ + io.openshift.tags="database,postgresql,postgresql16,postgresql-16" \ + io.openshift.s2i.assemble-user="26" \ + name="rhel9/postgresql-16" \ + com.redhat.component="postgresql-16-container" \ + version="1" \ + com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#rhel" \ + usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 rhel9/postgresql-16" \ + maintainer="SoftwareCollections.org " + +EXPOSE 5432 + +COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions + +# This image must forever use UID 26 for postgres user so our volumes are +# safe in the future. This should *never* change, the last test is there +# to make sure of that. +RUN { yum -y module enable postgresql:16 || :; } && \ + INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper postgresql-server postgresql-contrib" && \ + INSTALL_PKGS="$INSTALL_PKGS pgaudit" && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + postgres -V | grep -qe "$POSTGRESQL_VERSION\." && echo "Found VERSION $POSTGRESQL_VERSION" && \ + (yum -y reinstall tzdata || yum -y update tzdata ) && \ + yum -y clean all --enablerepo='*' && \ + localedef -f UTF-8 -i en_US en_US.UTF-8 && \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ + mkdir -p /var/lib/pgsql/data && \ + /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql + +# Get prefix path and path to scripts rather than hard-code them in scripts +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ + ENABLED_COLLECTIONS= + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +# Not using VOLUME statement since it's not working in OpenShift Online: +# https://github.com/sclorg/httpd-container/issues/30 +# VOLUME ["/var/lib/pgsql/data"] + +# S2I permission fixes +# -------------------- +# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i +# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. +# Such process wouldn't be able to execute the default 'assemble' script +# correctly (it transitively executes 'fix-permissions' script). So let's +# add the 'postgres' user into 'root' group here +# +# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build +# anyways) to assure that s2i process is actually able to _read_ the +# user-specified scripting. +RUN usermod -a -G root postgres && \ + /usr/libexec/fix-permissions --read-only "$APP_DATA" + +USER 26 + +ENTRYPOINT ["container-entrypoint"] +CMD ["run-postgresql"] diff --git a/16/README.md b/16/README.md new file mode 120000 index 00000000..d359f030 --- /dev/null +++ b/16/README.md @@ -0,0 +1 @@ +root/usr/share/container-scripts/postgresql/README.md \ No newline at end of file diff --git a/16/root/usr/bin/container-entrypoint b/16/root/usr/bin/container-entrypoint new file mode 100755 index 00000000..5fc44481 --- /dev/null +++ b/16/root/usr/bin/container-entrypoint @@ -0,0 +1,3 @@ +#!/bin/bash + +exec "$@" diff --git a/16/root/usr/bin/run-postgresql b/16/root/usr/bin/run-postgresql new file mode 100755 index 00000000..2367e57e --- /dev/null +++ b/16/root/usr/bin/run-postgresql @@ -0,0 +1,58 @@ +#!/bin/bash + +export ENABLE_REPLICATION=${ENABLE_REPLICATION:-false} + +set -eu +export_vars=$(cgroup-limits) ; export $export_vars + +source "${CONTAINER_SCRIPTS_PATH}/common.sh" + +set_pgdata + +process_extending_files \ + "${APP_DATA}/src/postgresql-pre-start" \ + "${CONTAINER_SCRIPTS_PATH}/pre-start" + +check_env_vars +generate_passwd_file +generate_postgresql_config + +# Is this brand new data volume? +PG_INITIALIZED=false + +if [ ! -f "$PGDATA/postgresql.conf" ]; then + initialize_database + PG_INITIALIZED=: +else + try_pgupgrade +fi + +# Use insanely large timeout (24h) to ensure that the potential recovery has +# enough time here to happen (unless liveness probe kills us). Note that in +# case of server failure this command still exists immediately. +pg_ctl start -w --timeout 86400 -o "-h ''" + +# This is just a pedantic safety measure (the timeout above is unlikely to +# happen), but `pt_ctl -w` is not reliable prior to PostgreSQL v10 where it +# returns exit_status=0 even if the server is still starting. For more info +# see the issue#297 and +# https://www.postgresql.org/message-id/CAB7nPqSJs85wK9aknm%3D_jmS6GnH3SQBhpzKcqs8Qo2LhEg2etw%40mail.gmail.com +pg_isready + +if $PG_INITIALIZED ; then + process_extending_files \ + "${APP_DATA}/src/postgresql-init" \ + "${CONTAINER_SCRIPTS_PATH}/init" + migrate_db + create_users +fi + +process_extending_files \ + "${APP_DATA}/src/postgresql-start" \ + "${CONTAINER_SCRIPTS_PATH}/start" + +pg_ctl stop + +unset_env_vars +echo "Starting server..." +exec postgres "$@" diff --git a/16/root/usr/bin/run-postgresql-master b/16/root/usr/bin/run-postgresql-master new file mode 100755 index 00000000..79e7cc24 --- /dev/null +++ b/16/root/usr/bin/run-postgresql-master @@ -0,0 +1,5 @@ +#!/bin/bash + +export ENABLE_REPLICATION=true + +exec run-postgresql "$@" diff --git a/16/root/usr/bin/run-postgresql-slave b/16/root/usr/bin/run-postgresql-slave new file mode 100755 index 00000000..586bf5d7 --- /dev/null +++ b/16/root/usr/bin/run-postgresql-slave @@ -0,0 +1,39 @@ +#!/bin/bash + +export ENABLE_REPLICATION=true + +set -eu +export_vars=$(cgroup-limits) ; export $export_vars + +source "$CONTAINER_SCRIPTS_PATH"/common.sh + +set_pgdata + +function initialize_replica() { + echo "Initializing PostgreSQL slave ..." + # TODO: Validate and reuse existing data? + rm -rf $PGDATA + PGPASSWORD="${POSTGRESQL_MASTER_PASSWORD}" pg_basebackup -X fetch --no-password --pgdata ${PGDATA} --host=${MASTER_FQDN} --port=5432 -U "${POSTGRESQL_MASTER_USER}" + + # PostgreSQL recovery configuration. + generate_postgresql_recovery_config + cat >> "$PGDATA/postgresql.auto.conf" <&2 <&2 "fixing permissions on '$dir' directory" + find "$dir" -exec chown "$uid:0" {} \; + find "$dir" -exec chmod "g+r$write" {} \; + find "$dir" -type d -exec chmod g+x {} + +done diff --git a/16/root/usr/share/container-scripts/postgresql/README.md b/16/root/usr/share/container-scripts/postgresql/README.md new file mode 100644 index 00000000..3e0df720 --- /dev/null +++ b/16/root/usr/share/container-scripts/postgresql/README.md @@ -0,0 +1,195 @@ +# PostgreSQL 16 SQL Database Server Container Image + +This container image features the PostgreSQL 16 SQL database server, suitable for OpenShift and general applications. Users have the option to select from RHEL, CentOS, and Fedora-based images. RHEL images can be found in the [Red Hat Container Catalog](https://access.redhat.com/containers/), while CentOS images are available on [Quay.io](https://quay.io/organization/centos7), and Fedora images can be accessed in [Quay.io](https://quay.io/organization/fedora). The resulting image can be executed using [podman](https://github.com/containers/libpod). + +Please note that while the examples provided in this README utilize `podman`, it is possible to substitute any instance of `podman` with `docker` and the same arguments. `podman` can be installed with on Fedora with command `dnf install podman-docker`. + +## Overview + +This container image offers a containerized version of the PostgreSQL postgres daemon and client application. The postgres server daemon accepts client connections and grants access to PostgreSQL database content on behalf of said clients. For more information regarding the PostgreSQL project, please visit the official project website (https://www.postgresql.org/). + +## Usage + +Assuming you are utilizing the `` image, which is accessible via the `postgresql:16` imagestream tag in Openshift, the following steps outline usage. To set only the mandatory environment variables without storing the database in a host directory, execute this command: + +```bash +$ podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 +``` + +This command creates a container named `postgresql_database` running PostgreSQL with the database `db` and a user with the credentials `user:pass`. + +> Note: The user `postgres` is reserved for internal usage + +Port 5432 will be exposed and mapped to the host. For persistent database storage across container executions, include the `-v /host/db/path:/var/lib/pgsql/data` argument (refer to the information below). This directory will serve as the PostgreSQL database cluster. + +In an Openshift environment, the same can be achieved using templates provided by Openshift or found in [examples](https://github.com/sclorg/postgresql-container/tree/master/examples): + +```bash +$ oc process -f examples/postgresql-ephemeral-template.json -p POSTGRESQL_VERSION=16 -p POSTGRESQL_USER=user -p POSTGRESQL_PASSWORD=pass -p POSTGRESQL_DATABASE=db | oc create -f - +``` + +If the database cluster directory has not been initialized, the entrypoint script will first run [`initdb`](http://www.postgresql.org/docs/16/static/app-initdb.html) to set up the necessary database users and passwords. Once the database has been initialized or if it was previously in place,[`postgres`](http://www.postgresql.org/docs/16/static/app-postgres.html) will be executed and run as PID 1. The detached container can be stopped using `podman stop postgresql_database`. + +## Environment Variables and Volumes + +The image recognizes the following environment variables, which can be set during initialization by passing `-e VAR=VALUE` to the Docker run command. + +**`POSTGRESQL_USER`** + User name for PostgreSQL account to be created + +**`POSTGRESQL_PASSWORD`** + Password for the user account + +**`POSTGRESQL_DATABASE`** + Database name + +**`POSTGRESQL_ADMIN_PASSWORD`** + Password for the `postgres` admin account (optional) + +Alternatively, the following options are related to migration scenario: + +**`POSTGRESQL_MIGRATION_REMOTE_HOST`** + Hostname/IP to migrate from + +**`POSTGRESQL_MIGRATION_ADMIN_PASSWORD`** + Password for the remote 'postgres' admin user + +**`POSTGRESQL_MIGRATION_IGNORE_ERRORS (optional, default 'no')`** + Set to 'yes' to ignore sql import errors + +The following environment variables influence the PostgreSQL configuration file. They are all optional. + +**`POSTGRESQL_MAX_CONNECTIONS (default: 100)`** + The maximum number of client connections allowed + +**`POSTGRESQL_MAX_PREPARED_TRANSACTIONS (default: 0)`** + Sets the maximum number of transactions that can be in the "prepared" state. If you are using prepared transactions, you will probably want this to be at least as large as max_connections + +**`POSTGRESQL_SHARED_BUFFERS (default: 1/4 of memory limit or 32M)`** +Sets how much memory is dedicated to PostgreSQL to use for caching data + +**`POSTGRESQL_EFFECTIVE_CACHE_SIZE (default: 1/2 of memory limit or 128M)`** +Set to an estimate of how much memory is available for disk caching by the operating system and within the database itself + +**`POSTGRESQL_LOG_DESTINATION (default: /var/lib/pgsql/data/userdata/log/postgresql-*.log)`** + Where to log errors, the default is `/var/lib/pgsql/data/userdata/log/postgresql-*.log` and this file is rotated; it can be changed to `/dev/stderr` to make debugging easier + +You can also set the following mount points by passing the `-v /host/dir:/container/dir:Z` flag to Docker. + +**`/var/lib/pgsql/data`** + PostgreSQL database cluster directory + +**Notice: When mouting a directory from the host into the container, ensure that the mounted +directory has the appropriate permissions and that the owner and group of the directory +matches the user UID or name which is running inside the container.** + +Typically (unless you use `podman run -u` option) processes in container +run under UID 26, so -- on GNU/Linux -- you can fix the datadir permissions +for example by: + +```bash +$ setfacl -m u:26:-wx /your/data/dir +$ podman run <...> -v /your/data/dir:/var/lib/pgsql/data:Z <...> +``` + +## Data Migration + +The PostgreSQL container supports data migration from a remote PostgreSQL server. Execute the following command to initiate the process: + +```bash +$ podman run -d --name postgresql_database \ + -e POSTGRESQL_MIGRATION_REMOTE_HOST=172.17.0.2 \ + -e POSTGRESQL_MIGRATION_ADMIN_PASSWORD=remoteAdminP@ssword \ + [ OPTIONAL_CONFIGURATION_VARIABLES ] + rhel8/postgresql-13 +``` + +The migration is performed using the **dump and restore** method (running `pg_dumpall` against the remote cluster and importing the dump locally using `psql`). The process is streamed (via a Unix pipeline), eliminating the need for intermediate dump files and conserving storage space. + +If some SQL commands fail during the application, the default behavior of the migration script is to fail, ensuring an **all** or **nothing** outcome for scripted, unattended migration. In most cases, successful migration is expected (but not guaranteed) when migrating from a previous version of the PostgreSQL server container created using the same principles as this one (e.g., migration from `rhel8/postgresql-12` to `rhel8/postgresql-13`). +Migration from a different type of PostgreSQL container may likely fail. + +If the **all or nothing** principle is unsuitable for your needs and you are aware of the risks, the optional `POSTGRESQL_MIGRATION_IGNORE_ERRORS` option offers a **best effort** migration (some data may be lost; users must review the standard error output and address issues manually after migration). + +Please note that the container image provides assistance for user convenience, but fully automatic migration is not guaranteed. Before starting the database migration, be prepared to perform manual steps to ensure all data is migrated. + +Do not use variables like `POSTGRESQL_USER`in migration scenarios, as all data (including information about databases, roles, and passwords) is copied from the old cluster. Make sure to use the same `OPTIONAL_CONFIGURATION_VARIABLES`as you did when initializing the old PostgreSQL container. If the remote cluster has some non-default configurations, you may need to manually copy the configuration files. + +**Security warning**: Be aware that IP communication between the old and new PostgreSQL clusters is not encrypted by default. Users must configure SSL on the remote cluster or ensure security through other means. + +## PostgreSQL Auto-Tuning + +When running the PostgreSQL image with the `--memory` parameter set, and no values provided for `POSTGRESQL_SHARED_BUFFERS` and +`POSTGRESQL_EFFECTIVE_CACHE_SIZE` these values are automatically calculated based on the `--memory` parameter value. + +The values are determined using the [upstream](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) formulas. For `shared_buffers` 1/4 of the provided memory is used, and for `effective_cache_size`, 1/2 of the provided memory is set. + +## PostgreSQL Admin Account + +By default, the admin account `postgres` has no password set, allowing only local connections. To set a password, define the `POSTGRESQL_ADMIN_PASSWORD` environment variable when initializing your container. This allows you to log in to the `postgres` account remotely, while local connections still do not require a password. + +## Changing Passwords + +As passwords are part of the image configuration, the only supported method for changing passwords for the database user (`POSTGRESQL_USER`) and `postgres` +admin user is by changing the environment variables `POSTGRESQL_PASSWORD` and `POSTGRESQL_ADMIN_PASSWORD`, respectively. + +Changing database passwords through SQL statements or any other method than the environment variables mentioned above will cause a mismatch between the stored variable values and the actual passwords. When a database container starts, it will reset the passwords to the values stored in the environment variables. + + +## Extending Image + +You can extend this image in Openshift using the `Source` build strategy or via the standalone [source-to-image](https://github.com/openshift/source-to-image) application (where available). For this example, assume that you are using the `` image, available via `postgresql:16` imagestream tag in Openshift. + +To build a customized image `new-postgresql` with configuration from `https://github.com/sclorg/postgresql-container/tree/master/examples/extending-image`, run: + +```bash +$ oc new-app postgresql:16~https://github.com/sclorg/postgresql-container.git \ + --name new-postgresql \ + --context-dir examples/extending-image/ \ + -e POSTGRESQL_USER=user \ + -e POSTGRESQL_DATABASE=db \ + -e POSTGRESQL_PASSWORD=password +``` + +or via `s2i`: + +``` +$ s2i build --context-dir examples/extending-image/ https://github.com/sclorg/postgresql-container.git new-postgresql +``` + +The directory passed to Openshift should contain one or more of the following directories: + +##### `postgresql-pre-start/` + +This directory should contain `*.sh` files that will be sourced during the early start of the container. At this point, there is no PostgreSQL daemon running in the background. + +##### `postgresql-cfg/` + +Configuration files (`*.conf`) contained in this directory will be included at the end of the image's postgresql.conf file. + +##### `postgresql-init/` + +This directory should contain shell scripts (`*.sh`) that are sourced when the database is freshly initialized (after a successful initdb run, which makes the data directory non-empty). At the time of sourcing these scripts, the local PostgreSQL server is running. For re-deployment scenarios with a persistent data directory, the scripts are not sourced (no-op). + +##### `postgresql-start/` + +This directory has the same semantics as `postgresql-init/`, except that these scripts are always sourced (after `postgresql-init/` scripts, if they exist). + +--- + +During the s2i build, all provided files are copied into the `/opt/app-root/src` +directory in the new image. Only one file with the same name can be used for customization, and user-provided files take precedence over default files in `/usr/share/container-scripts/`. This means that it is possible to overwrite the default files. + +## Troubleshooting + +Initially, the postgres daemon logs are written to the standard output, making them accessible within the container log. To examine the log, execute the following command: + +```bash +podman logs +``` + +Subsequently, log output is redirected to the logging collector process and will appear in the "pg_log" directory. + +## Additional Resources + +The Dockerfile and other sources related to this container image can be found at https://github.com/sclorg/postgresql-container. In this repository, the CentOS Dockerfile is named Dockerfile, the RHEL7 Dockerfile is named Dockerfile.rhel7, the RHEL8 Dockerfile is named Dockerfile.rhel8, the RHEL9 Dockerfile is named Dockerfile.rhel9, and the Fedora Dockerfile is named Dockerfile.fedora. diff --git a/16/root/usr/share/container-scripts/postgresql/common.sh b/16/root/usr/share/container-scripts/postgresql/common.sh new file mode 100644 index 00000000..10991b1e --- /dev/null +++ b/16/root/usr/share/container-scripts/postgresql/common.sh @@ -0,0 +1,504 @@ +# Configuration settings. +export POSTGRESQL_MAX_CONNECTIONS=${POSTGRESQL_MAX_CONNECTIONS:-100} +export POSTGRESQL_MAX_PREPARED_TRANSACTIONS=${POSTGRESQL_MAX_PREPARED_TRANSACTIONS:-0} + +# Perform auto-tuning based on the container cgroups limits (only when the +# limits are set). +# Users can still override this by setting the POSTGRESQL_SHARED_BUFFERS +# and POSTGRESQL_EFFECTIVE_CACHE_SIZE variables. +if [[ "${NO_MEMORY_LIMIT:-}" == "true" || -z "${MEMORY_LIMIT_IN_BYTES:-}" ]]; then + export POSTGRESQL_SHARED_BUFFERS=${POSTGRESQL_SHARED_BUFFERS:-32MB} + export POSTGRESQL_EFFECTIVE_CACHE_SIZE=${POSTGRESQL_EFFECTIVE_CACHE_SIZE:-128MB} +else + # Use 1/4 of given memory for shared buffers + shared_buffers_computed="$(($MEMORY_LIMIT_IN_BYTES/1024/1024/4))MB" + # Setting effective_cache_size to 1/2 of total memory would be a normal conservative setting, + effective_cache="$(($MEMORY_LIMIT_IN_BYTES/1024/1024/2))MB" + export POSTGRESQL_SHARED_BUFFERS=${POSTGRESQL_SHARED_BUFFERS:-$shared_buffers_computed} + export POSTGRESQL_EFFECTIVE_CACHE_SIZE=${POSTGRESQL_EFFECTIVE_CACHE_SIZE:-$effective_cache} +fi + +export POSTGRESQL_LOG_DESTINATION=${POSTGRESQL_LOG_DESTINATION:-} + +export POSTGRESQL_RECOVERY_FILE=$HOME/openshift-custom-recovery.conf +export POSTGRESQL_CONFIG_FILE=$HOME/openshift-custom-postgresql.conf + +postinitdb_actions= + +# match . files when moving userdata below +shopt -s dotglob +# extglob enables the !(userdata) glob pattern below. +shopt -s extglob + +function usage() { + if [ $# == 1 ]; then + echo >&2 "error: $1" + fi + + cat >&2 </dev/null) + # FIXME: This is for debugging (docker run) + if [ -v POSTGRESQL_MASTER_IP ]; then + endpoints=${POSTGRESQL_MASTER_IP:-} + fi + if [ -z "$endpoints" ]; then + >&2 echo "Failed to resolve PostgreSQL master IP address" + exit 3 + fi + echo -n "$(echo $endpoints | cut -d ' ' -f 1)" +} + +# Converts the version in format x.y or x.y.z to a number. +version2number () +{ + local old_IFS=$IFS + local to_print= depth=${2-3} width=${3-2} sum=0 one_part + IFS='.' + set -- $1 + while test $depth -ge 1; do + depth=$(( depth - 1 )) + part=${1-0} ; shift || : + printf "%0${width}d" "$part" + done + IFS=$old_IFS +} + +# On non-intel arches, data_sync_retry = off does not work +# Upstream discussion: https://www.postgresql.org/message-id/CA+mCpegfOUph2U4ZADtQT16dfbkjjYNJL1bSTWErsazaFjQW9A@mail.gmail.com +# Upstream changes that caused this issue: +# https://github.com/postgres/postgres/commit/483520eca426fb1b428e8416d1d014ac5ad80ef4 +# https://github.com/postgres/postgres/commit/9ccdd7f66e3324d2b6d3dec282cfa9ff084083f1 +# RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1779150 +# Special handle of data_sync_retry should handle only in some cases. +# These cases are: non-intel architectures, and version higher or equal 12.0, 10.7, 9.6.12 +# Return value 0 means the hack is needed. +function should_hack_data_sync_retry() { + [ "$(uname -m)" == 'x86_64' ] && return 1 + local version_number=$(version2number "$(pg_ctl -V | sed -e 's/^pg_ctl (PostgreSQL) //')") + # this matches all 12.x and versions of 10.x where we need the hack + [ "$version_number" -ge 100700 ] && return 0 + # this matches all 10.x that were not matched above + [ "$version_number" -ge 100000 ] && return 1 + # this matches all 9.x where need the hack + [ "$version_number" -ge 090612 ] && return 0 + # all rest should be older 9.x releases + return 1 +} + +# New config is generated every time a container is created. It only contains +# additional custom settings and is included from $PGDATA/postgresql.conf. +function generate_postgresql_config() { + envsubst \ + < "${CONTAINER_SCRIPTS_PATH}/openshift-custom-postgresql.conf.template" \ + > "${POSTGRESQL_CONFIG_FILE}" + + if [ "${ENABLE_REPLICATION}" == "true" ]; then + envsubst \ + < "${CONTAINER_SCRIPTS_PATH}/openshift-custom-postgresql-replication.conf.template" \ + >> "${POSTGRESQL_CONFIG_FILE}" + fi + + if should_hack_data_sync_retry ; then + echo "data_sync_retry = on" >>"${POSTGRESQL_CONFIG_FILE}" + fi + + # For easier debugging, allow users to log to stderr (will be visible + # in the pod logs) using a single variable + # https://github.com/sclorg/postgresql-container/issues/353 + if [ -n "${POSTGRESQL_LOG_DESTINATION:-}" ] ; then + echo "log_destination = 'stderr'" >>"${POSTGRESQL_CONFIG_FILE}" + echo "logging_collector = on" >>"${POSTGRESQL_CONFIG_FILE}" + echo "log_directory = '$(dirname "${POSTGRESQL_LOG_DESTINATION}")'" >>"${POSTGRESQL_CONFIG_FILE}" + echo "log_filename = '$(basename "${POSTGRESQL_LOG_DESTINATION}")'" >>"${POSTGRESQL_CONFIG_FILE}" + fi + + ( + shopt -s nullglob + for conf in "${APP_DATA}"/src/postgresql-cfg/*.conf; do + echo include \'${conf}\' >> "${POSTGRESQL_CONFIG_FILE}" + done + ) +} + +function generate_postgresql_recovery_config() { + envsubst \ + < "${CONTAINER_SCRIPTS_PATH}/openshift-custom-recovery.conf.template" \ + > "${POSTGRESQL_RECOVERY_FILE}" +} + +# Generate passwd file based on current uid +function generate_passwd_file() { + export USER_ID=$(id -u) + export GROUP_ID=$(id -g) + grep -v -e ^postgres -e ^$USER_ID -e ^$(id -un) /etc/passwd > "$HOME/passwd" + echo "postgres:x:${USER_ID}:${GROUP_ID}:PostgreSQL Server:${HOME}:/bin/bash" >> "$HOME/passwd" + export LD_PRELOAD=libnss_wrapper.so + export NSS_WRAPPER_PASSWD=${HOME}/passwd + export NSS_WRAPPER_GROUP=/etc/group +} + +initdb_wrapper () +{ + # Initialize the database cluster with utf8 support enabled by default. + # This might affect performance, see: + # http://www.postgresql.org/docs/16/static/locale.html + LANG=${LANG:-en_US.utf8} "$@" +} + +function initialize_database() { + initdb_wrapper initdb + + # PostgreSQL configuration. + cat >> "$PGDATA/postgresql.conf" <> "$PGDATA/pg_hba.conf" <&2 "\n========== \$PGDATA upgrade: %s -> %s ==========\n\n" \ + "$POSTGRESQL_PREV_VERSION" \ + "$POSTGRESQL_VERSION" + + info_msg () { printf >&2 "\n===> $*\n\n" ;} + + # pg_upgrade writes logs to cwd, so go to the persistent storage first + cd "$HOME"/data + + # disable this because of scl_source, 'set +u' just makes the code ugly + # anyways + set +u + + # we need to have the old SCL enabled, otherwise the $old_pgengine is not + # working. The scl_source script doesn't pay attention to non-zero exit + # statuses, so use 'set +e'. + set +e + source scl_source enable $old_collection + set -e + + case $POSTGRESQL_UPGRADE in + copy) # we accept this + ;; + hardlink) + optimized=: + ;; + *) + echo >&2 "Unsupported value: \$POSTGRESQL_UPGRADE=$POSTGRESQL_UPGRADE" + false + ;; + esac + + # boot up data directory with old postgres once again to make sure + # it was shut down properly, otherwise the upgrade process fails + info_msg "Starting old postgresql once again for a clean shutdown..." + "${old_pgengine}/pg_ctl" start -w --timeout 86400 -o "-h ''" + info_msg "Waiting for postgresql to be ready for shutdown again..." + "${old_pgengine}/pg_isready" + info_msg "Shutting down old postgresql cleanly..." + "${old_pgengine}/pg_ctl" stop + + # Ensure $PGDATA_new doesn't exist yet, so we can immediately remove it if + # there's some problem. + test ! -e "$PGDATA_new" + + # initialize the database + info_msg "Initialize new data directory; we will migrate to that." + initdb_cmd=( initdb_wrapper "$new_pgengine"/initdb "$PGDATA_new" ) + eval "\${initdb_cmd[@]} ${POSTGRESQL_UPGRADE_INITDB_OPTIONS-}" || \ + { rm -rf "$PGDATA_new" ; false ; } + + upgrade_cmd=( + "$new_pgengine"/pg_upgrade + "--old-bindir=$old_pgengine" + "--new-bindir=$new_pgengine" + "--old-datadir=$PGDATA" + "--new-datadir=$PGDATA_new" + ) + + # Dangerous --link option, we loose $DATADIR if something goes wrong. + ! $optimized || upgrade_cmd+=(--link) + + # User-specififed options for pg_upgrade. + eval "upgrade_cmd+=(${POSTGRESQL_UPGRADE_PGUPGRADE_OPTIONS-})" + + # On non-intel arches the data_sync_retry set to on + sed -i -e 's/data_sync_retry/#data_sync_retry/' "${POSTGRESQL_CONFIG_FILE}" + + # the upgrade + info_msg "Starting the pg_upgrade process." + + # Once we stop support for PostgreSQL 9.4, we don't need + # REDHAT_PGUPGRADE_FROM_RHEL hack as we don't upgrade from 9.2 -- that means + # that we don't need to fiddle with unix_socket_director{y,ies} option. + REDHAT_PGUPGRADE_FROM_RHEL=1 \ + "${upgrade_cmd[@]}" || { cat $(find "$PGDATA_new"/.. -name pg_upgrade_server.log) ; rm -rf "$PGDATA_new" && false ; } + + # Move the important configuration and remove old data. This is highly + # careless, but we can't do more for this over-automatized process. + info_msg "Swap the old and new PGDATA and cleanup." + mv "$PGDATA"/*.conf "$PGDATA_new" + rm -rf "$PGDATA" + mv "$PGDATA_new" "$PGDATA" + + # Get back the option we changed above + sed -i -e 's/#data_sync_retry/data_sync_retry/' "${POSTGRESQL_CONFIG_FILE}" + + info_msg "Upgrade DONE." +) + + +# Run right after container startup, when the data volume is already initialized +# (not initialized by this container run) and thus there exists a chance that +# the data was generated by incompatible PostgreSQL major version. +try_pgupgrade () +{ + local versionfile="$PGDATA"/PG_VERSION version upgrade_available + + # This file always exists. + test -f "$versionfile" + version=$(cat "$versionfile") + + # If we don't support pg_upgrade, skip. + test -z "${POSTGRESQL_PREV_VERSION-}" && return 0 + + if test "$POSTGRESQL_VERSION" = "$version"; then + # No need to call pg_upgrade. + + # Mistakenly requests upgrade? If not, just start the DB. + test -z "${POSTGRESQL_UPGRADE-}" && return 0 + + # Make _sure_ we have this safety-belt here, otherwise our users would + # just specify '-e POSTGRESQL_UPGRADE=hardlink' permanently, even for + # re-deployment cases when upgrade is not needed. Setting such + # unfortunate default could mean that pg_upgrade might (after some user + # mistake) migrate (or even destruct, especially with --link) the old data + # directory with limited rollback options, if any. + echo >&2 + echo >&2 "== WARNING!! ==" + echo >&2 "PostgreSQL server version matches the datadir PG_VERSION." + echo >&2 "The \$POSTGRESQL_UPGRADE makes no sense and you probably" + echo >&2 "made some mistake, keeping the variable set you might" + echo >&2 "risk a data loss in future!" + echo >&2 "===============" + echo >&2 + + # Exit here, but allow _really explicit_ foot-shot. + ${POSTGRESQL_UPGRADE_FORCE-false} + return 0 + fi + + # At this point in code we know that PG_VERSION doesn't match the PostgreSQL + # server major version; this might mean that user either (a) mistakenly + # deploys from a bad image, or (b) user wants to perform upgrade. For the + # upgrade we require explicit request -- just to avoid disasters in (a)-cases. + + if test -z "${POSTGRESQL_UPGRADE-}"; then + echo >&2 "Incompatible data directory. This container image provides" + echo >&2 "PostgreSQL '$POSTGRESQL_VERSION', but data directory is of" + echo >&2 "version '$version'." + echo >&2 + echo >&2 "This image supports automatic data directory upgrade from" + echo >&2 "'$POSTGRESQL_PREV_VERSION', please _carefully_ consult image documentation" + echo >&2 "about how to use the '\$POSTGRESQL_UPGRADE' startup option." + # We could wait for postgresql startup failure (there's no risk of data dir + # corruption), but fail rather early. + false + fi + + # We support pg_upgrade process only from previous version of this container + # (upgrade to N to N+1 is possible, so e.g. 9.4 to 9.5). + if test "$POSTGRESQL_PREV_VERSION" != "$version"; then + echo >&2 "With this container image you can only upgrade from data directory" + echo >&2 "of version '$POSTGRESQL_PREV_VERSION', not '$version'." + false + fi + + run_pgupgrade +} + +# get_matched_files PATTERN DIR [DIR ...] +# --------------------------------------- +# Print all basenames for files matching PATTERN in DIRs. +get_matched_files () +{ + local pattern=$1 dir + shift + for dir; do + test -d "$dir" || continue + find -L "$dir" -maxdepth 1 -type f -name "$pattern" -printf "%f\n" + done +} + +# process_extending_files DIR [DIR ...] +# ------------------------------------- +# Source all *.sh files in DIRs in alphabetical order, but if the file exists in +# more then one DIR, source only the first occurrence (first found wins). +process_extending_files() +{ + local filename dir + while read filename ; do + for dir in "$@"; do + local file="$dir/$filename" + if test -f "$file"; then + echo "=> sourcing $file ..." + source "$file" + set -e # ensure that users don't mistakenly change this + break + fi + done + done <<<"$(get_matched_files '*.sh' "$@" | sort -u)" +} diff --git a/16/root/usr/share/container-scripts/postgresql/openshift-custom-postgresql-replication.conf.template b/16/root/usr/share/container-scripts/postgresql/openshift-custom-postgresql-replication.conf.template new file mode 100644 index 00000000..d133e511 --- /dev/null +++ b/16/root/usr/share/container-scripts/postgresql/openshift-custom-postgresql-replication.conf.template @@ -0,0 +1,7 @@ +# required on master for replication +wal_level = hot_standby # minimal, archive, hot_standby, or logical +max_wal_senders = 6 # max number of walsender processes +wal_keep_size = 6400 # number of segments (400) * size of segments (16MB each); 0 disables + +# required on replicas for replication +hot_standby = on diff --git a/16/root/usr/share/container-scripts/postgresql/openshift-custom-postgresql.conf.template b/16/root/usr/share/container-scripts/postgresql/openshift-custom-postgresql.conf.template new file mode 100644 index 00000000..3c2bc7f3 --- /dev/null +++ b/16/root/usr/share/container-scripts/postgresql/openshift-custom-postgresql.conf.template @@ -0,0 +1,21 @@ +# +# Custom OpenShift configuration. +# +# NOTE: This file is rewritten every time the container is started! +# Changes to this file will be overwritten. +# + +# Listen on all interfaces. +listen_addresses = '*' + +# Determines the maximum number of concurrent connections to the database server. Default: 100 +max_connections = ${POSTGRESQL_MAX_CONNECTIONS} + +# Allow each connection to use a prepared transaction +max_prepared_transactions = ${POSTGRESQL_MAX_PREPARED_TRANSACTIONS} + +# Sets the amount of memory the database server uses for shared memory buffers. Default: 32MB +shared_buffers = ${POSTGRESQL_SHARED_BUFFERS} + +# Sets the planner's assumption about the effective size of the disk cache that is available to a single query +effective_cache_size = ${POSTGRESQL_EFFECTIVE_CACHE_SIZE} diff --git a/16/root/usr/share/container-scripts/postgresql/openshift-custom-recovery.conf.template b/16/root/usr/share/container-scripts/postgresql/openshift-custom-recovery.conf.template new file mode 100644 index 00000000..58d8e336 --- /dev/null +++ b/16/root/usr/share/container-scripts/postgresql/openshift-custom-recovery.conf.template @@ -0,0 +1,8 @@ +# +# Custom OpenShift configuration. +# +# NOTE: This file is rewritten every time the container is started! +# Changes to this file will be overwritten. +# + +primary_conninfo = 'host=${MASTER_FQDN} port=5432 user=${POSTGRESQL_MASTER_USER} password=${POSTGRESQL_MASTER_PASSWORD}' diff --git a/16/root/usr/share/container-scripts/postgresql/scl_enable b/16/root/usr/share/container-scripts/postgresql/scl_enable new file mode 100644 index 00000000..1d967f9b --- /dev/null +++ b/16/root/usr/share/container-scripts/postgresql/scl_enable @@ -0,0 +1,3 @@ +# This will make scl collection binaries work out of box. +unset BASH_ENV PROMPT_COMMAND ENV +source scl_source enable $ENABLED_COLLECTIONS diff --git a/16/root/usr/share/container-scripts/postgresql/start/set_passwords.sh b/16/root/usr/share/container-scripts/postgresql/start/set_passwords.sh new file mode 100644 index 00000000..60d70e36 --- /dev/null +++ b/16/root/usr/share/container-scripts/postgresql/start/set_passwords.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +_psql () { psql --set ON_ERROR_STOP=1 "$@" ; } + +if [[ ",$postinitdb_actions," = *,simple_db,* ]]; then +_psql --set=username="$POSTGRESQL_USER" \ + --set=password="$POSTGRESQL_PASSWORD" \ +<<< "ALTER USER :\"username\" WITH ENCRYPTED PASSWORD :'password';" +fi + +if [ -v POSTGRESQL_MASTER_USER ]; then +_psql --set=masteruser="$POSTGRESQL_MASTER_USER" \ + --set=masterpass="$POSTGRESQL_MASTER_PASSWORD" \ +<<'EOF' +ALTER USER :"masteruser" WITH REPLICATION; +ALTER USER :"masteruser" WITH ENCRYPTED PASSWORD :'masterpass'; +EOF +fi + +if [ -v POSTGRESQL_ADMIN_PASSWORD ]; then +_psql --set=adminpass="$POSTGRESQL_ADMIN_PASSWORD" \ +<<<"ALTER USER \"postgres\" WITH ENCRYPTED PASSWORD :'adminpass';" +fi diff --git a/16/s2i/bin/assemble b/16/s2i/bin/assemble new file mode 100755 index 00000000..6ed8f7aa --- /dev/null +++ b/16/s2i/bin/assemble @@ -0,0 +1,14 @@ +#!/bin/bash + +set -o errexit +set -o nounset +set -o pipefail + +shopt -s dotglob +echo "---> Installing application source ..." + + +mv /tmp/src/* ./ + +# Fix source directory permissions +/usr/libexec/fix-permissions --read-only ./ diff --git a/16/s2i/bin/run b/16/s2i/bin/run new file mode 120000 index 00000000..a7f4076b --- /dev/null +++ b/16/s2i/bin/run @@ -0,0 +1 @@ +/usr/bin/run-postgresql \ No newline at end of file diff --git a/16/s2i/bin/usage b/16/s2i/bin/usage new file mode 100755 index 00000000..9f413123 --- /dev/null +++ b/16/s2i/bin/usage @@ -0,0 +1 @@ +groff -t -man -ETascii /help.1 diff --git a/16/test b/16/test new file mode 120000 index 00000000..419df4f9 --- /dev/null +++ b/16/test @@ -0,0 +1 @@ +../test \ No newline at end of file From dd3096733b0920e448e32afec1e1ffc24030eedc Mon Sep 17 00:00:00 2001 From: "Petr \"Stone\" Hracek" Date: Tue, 9 Jan 2024 11:10:42 +0100 Subject: [PATCH 3/9] Add support for pushing PSQL-16 images to quay.io Signed-off-by: Petr "Stone" Hracek --- .github/workflows/build-and-push.yml | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml index d4073d47..21da1781 100644 --- a/.github/workflows/build-and-push.yml +++ b/.github/workflows/build-and-push.yml @@ -28,6 +28,20 @@ jobs: quayio_username: "QUAY_IMAGE_SCLORG_BUILDER_USERNAME" quayio_token: "QUAY_IMAGE_SCLORG_BUILDER_TOKEN" docker_context: 15 + - dockerfile: "16/Dockerfile.c9s" + registry_namespace: "sclorg" + tag: "c9s" + image_name: "postgresql-16-c9s" + quayio_username: "QUAY_IMAGE_SCLORG_BUILDER_USERNAME" + quayio_token: "QUAY_IMAGE_SCLORG_BUILDER_TOKEN" + docker_context: 16 + - dockerfile: "16/Dockerfile.c8s" + registry_namespace: "sclorg" + tag: "c8s" + image_name: "postgresql-16-c8s" + quayio_username: "QUAY_IMAGE_SCLORG_BUILDER_USERNAME" + quayio_token: "QUAY_IMAGE_SCLORG_BUILDER_TOKEN" + docker_context: 16 - dockerfile: "10/Dockerfile.c8s" registry_namespace: "sclorg" tag: "c8s" @@ -84,10 +98,16 @@ jobs: quayio_token: "QUAY_IMAGE_FEDORA_BUILDER_TOKEN" image_name: "postgresql-15" docker_context: 15 - + - dockerfile: "16/Dockerfile.fedora" + registry_namespace: "fedora" + tag: "16" + quayio_username: "QUAY_IMAGE_FEDORA_BUILDER_USERNAME" + quayio_token: "QUAY_IMAGE_FEDORA_BUILDER_TOKEN" + image_name: "postgresql-16" + docker_context: 16 steps: - name: check if Dockerfile is c9s, then Build multi arch image and push to quay.io registry - if: matrix.dockerfile == '13/Dockerfile.c9s' || matrix.dockerfile == '15/Dockerfile.c9s' + if: matrix.dockerfile == '13/Dockerfile.c9s' || matrix.dockerfile == '15/Dockerfile.c9s' || matrix.dockerfile == '16/Dockerfile.c9s' uses: sclorg/build-and-push-action@v4 with: registry: "quay.io" @@ -101,7 +121,7 @@ jobs: archs: amd64, s390x, ppc64le, arm64 - name: Check if Dockerfile is not c9s, then Build and push to quay.io registry - if: matrix.dockerfile != '13/Dockerfile.c9s' && matrix.dockerfile != '15/Dockerfile.c9s' + if: matrix.dockerfile != '13/Dockerfile.c9s' && matrix.dockerfile != '15/Dockerfile.c9s' && matrix.dockerfile != '16/Dockerfile.c9s' uses: sclorg/build-and-push-action@v4 with: registry: "quay.io" From d855c5622ee5379d4d95f3d1477a1aa54b3d50de Mon Sep 17 00:00:00 2001 From: "Petr \"Stone\" Hracek" Date: Tue, 9 Jan 2024 14:37:17 +0100 Subject: [PATCH 4/9] Fix Dockerfile.fedora for support Fedora 39. Signed-off-by: Petr "Stone" Hracek --- src/Dockerfile.fedora | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/Dockerfile.fedora b/src/Dockerfile.fedora index 932ede86..806621e1 100644 --- a/src/Dockerfile.fedora +++ b/src/Dockerfile.fedora @@ -1,4 +1,8 @@ +{% if spec.version == "16" %} +FROM quay.io/fedora/s2i-core:39 +{% else %} FROM quay.io/fedora/s2i-core:38 +{% endif %} # PostgreSQL image for OpenShift. # Volumes: @@ -44,12 +48,18 @@ COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions # This image must forever use UID 26 for postgres user so our volumes are # safe in the future. This should *never* change, the last test is there # to make sure of that. +{% if spec.version == "16" %} +RUN INSTALL_PKGS="rsync tar gettext bind-utils postgresql16-server postgresql16-contrib nss_wrapper " && \ +{% else %} RUN INSTALL_PKGS="rsync tar gettext bind-utils postgresql-server postgresql-contrib nss_wrapper " && \ +{% endif %} INSTALL_PKGS+="findutils xz" && \ {% if spec.version not in ["9.6", "10", "11"] %} INSTALL_PKGS+=" pgaudit" && \ {% endif %} +{% if spec.version not in ["16"] %} dnf -y module enable postgresql:{{ spec.version }} && \ +{% endif %} dnf -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ postgres -V | grep -qe "$POSTGRESQL_VERSION\." && echo "Found VERSION $POSTGRESQL_VERSION" && \ From 1fb430addca722f17a99c3074f66ca0718eac14c Mon Sep 17 00:00:00 2001 From: "Petr \"Stone\" Hracek" Date: Tue, 9 Jan 2024 14:41:27 +0100 Subject: [PATCH 5/9] Add 16/Dockerfile.fedora generated from source Signed-off-by: Petr "Stone" Hracek --- 16/Dockerfile.fedora | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/16/Dockerfile.fedora b/16/Dockerfile.fedora index d1b193ca..8fbde42a 100644 --- a/16/Dockerfile.fedora +++ b/16/Dockerfile.fedora @@ -1,4 +1,4 @@ -FROM quay.io/fedora/s2i-core:38 +FROM quay.io/fedora/s2i-core:39 # PostgreSQL image for OpenShift. # Volumes: @@ -44,10 +44,9 @@ COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions # This image must forever use UID 26 for postgres user so our volumes are # safe in the future. This should *never* change, the last test is there # to make sure of that. -RUN INSTALL_PKGS="rsync tar gettext bind-utils postgresql-server postgresql-contrib nss_wrapper " && \ +RUN INSTALL_PKGS="rsync tar gettext bind-utils postgresql16-server postgresql16-contrib nss_wrapper " && \ INSTALL_PKGS+="findutils xz" && \ INSTALL_PKGS+=" pgaudit" && \ - dnf -y module enable postgresql:16 && \ dnf -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ postgres -V | grep -qe "$POSTGRESQL_VERSION\." && echo "Found VERSION $POSTGRESQL_VERSION" && \ From 5fa4da9c64afffa0d29b3e4e4ca5a6cad541d5c7 Mon Sep 17 00:00:00 2001 From: "Petr \"Stone\" Hracek" Date: Fri, 19 Jan 2024 10:12:48 +0100 Subject: [PATCH 6/9] Use prev_version for PgSQL 16 as 15 Signed-off-by: Petr "Stone" Hracek --- specs/multispec.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specs/multispec.yml b/specs/multispec.yml index 7638ca1d..2631a700 100644 --- a/specs/multispec.yml +++ b/specs/multispec.yml @@ -158,9 +158,9 @@ specs: "16": version: "16" - prev_version: "13" + prev_version: "15" short: "16" - prev_short: "13" + prev_short: "15" common_image_name: "{{ spec.org }}/postgresql-{{ spec.short }}-{{ spec.prod }}" c9s_image_name: "sclorg/postgresql-{{ spec.short }}-c9s" latest_fedora: "f39" From d271a00a8b48234a4b343f193f838d0b01af160d Mon Sep 17 00:00:00 2001 From: "Petr \"Stone\" Hracek" Date: Fri, 19 Jan 2024 10:13:54 +0100 Subject: [PATCH 7/9] Add dist-gen generated content Signed-off-by: Petr "Stone" Hracek --- 16/Dockerfile.c8s | 2 +- 16/Dockerfile.c9s | 2 +- 16/Dockerfile.fedora | 2 +- 16/Dockerfile.rhel8 | 2 +- 16/Dockerfile.rhel9 | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/16/Dockerfile.c8s b/16/Dockerfile.c8s index 62366632..8322aa49 100644 --- a/16/Dockerfile.c8s +++ b/16/Dockerfile.c8s @@ -11,7 +11,7 @@ FROM quay.io/sclorg/s2i-core-c8s:c8s # PostgreSQL administrative account ENV POSTGRESQL_VERSION=16 \ - POSTGRESQL_PREV_VERSION=13 \ + POSTGRESQL_PREV_VERSION=15 \ HOME=/var/lib/pgsql \ PGUSER=postgres \ APP_DATA=/opt/app-root diff --git a/16/Dockerfile.c9s b/16/Dockerfile.c9s index 9a8d35d0..21e159cb 100644 --- a/16/Dockerfile.c9s +++ b/16/Dockerfile.c9s @@ -11,7 +11,7 @@ FROM quay.io/sclorg/s2i-core-c9s:c9s # PostgreSQL administrative account ENV POSTGRESQL_VERSION=16 \ - POSTGRESQL_PREV_VERSION=13 \ + POSTGRESQL_PREV_VERSION=15 \ HOME=/var/lib/pgsql \ PGUSER=postgres \ APP_DATA=/opt/app-root diff --git a/16/Dockerfile.fedora b/16/Dockerfile.fedora index 8fbde42a..74baba19 100644 --- a/16/Dockerfile.fedora +++ b/16/Dockerfile.fedora @@ -15,7 +15,7 @@ ENV NAME=postgresql \ ARCH=x86_64 \ \ POSTGRESQL_VERSION=16 \ - POSTGRESQL_PREV_VERSION=13 \ + POSTGRESQL_PREV_VERSION=15 \ HOME=/var/lib/pgsql \ PGUSER=postgres \ APP_DATA=/opt/app-root diff --git a/16/Dockerfile.rhel8 b/16/Dockerfile.rhel8 index 27e748ea..eb806267 100644 --- a/16/Dockerfile.rhel8 +++ b/16/Dockerfile.rhel8 @@ -11,7 +11,7 @@ FROM ubi8/s2i-core # PostgreSQL administrative account ENV POSTGRESQL_VERSION=16 \ - POSTGRESQL_PREV_VERSION=13 \ + POSTGRESQL_PREV_VERSION=15 \ HOME=/var/lib/pgsql \ PGUSER=postgres \ APP_DATA=/opt/app-root diff --git a/16/Dockerfile.rhel9 b/16/Dockerfile.rhel9 index a6d8d927..c1dddd52 100644 --- a/16/Dockerfile.rhel9 +++ b/16/Dockerfile.rhel9 @@ -11,7 +11,7 @@ FROM ubi9/s2i-core # PostgreSQL administrative account ENV POSTGRESQL_VERSION=16 \ - POSTGRESQL_PREV_VERSION=13 \ + POSTGRESQL_PREV_VERSION=15 \ HOME=/var/lib/pgsql \ PGUSER=postgres \ APP_DATA=/opt/app-root From 141b474fad19f25b74569d935f4f825baf9928dd Mon Sep 17 00:00:00 2001 From: "Petr \"Stone\" Hracek" Date: Mon, 12 Feb 2024 09:29:44 +0100 Subject: [PATCH 8/9] Modify Fedora Dockerfile to install proper pgaudit package Signed-off-by: Petr "Stone" Hracek --- src/Dockerfile.fedora | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Dockerfile.fedora b/src/Dockerfile.fedora index 806621e1..ad8e03ef 100644 --- a/src/Dockerfile.fedora +++ b/src/Dockerfile.fedora @@ -54,9 +54,12 @@ RUN INSTALL_PKGS="rsync tar gettext bind-utils postgresql16-server postgresql16- RUN INSTALL_PKGS="rsync tar gettext bind-utils postgresql-server postgresql-contrib nss_wrapper " && \ {% endif %} INSTALL_PKGS+="findutils xz" && \ -{% if spec.version not in ["9.6", "10", "11"] %} +{% if spec.version not in ["9.6", "10", "11", "16"] %} INSTALL_PKGS+=" pgaudit" && \ {% endif %} +{% if spec.version == "16" %} + INSTALL_PKGS+=" postgresql16-pgaudit" && \ +{% endif %} {% if spec.version not in ["16"] %} dnf -y module enable postgresql:{{ spec.version }} && \ {% endif %} From d32d825fa8a228a739986792d1f5ffa38b238fc6 Mon Sep 17 00:00:00 2001 From: "Petr \"Stone\" Hracek" Date: Mon, 12 Feb 2024 09:30:10 +0100 Subject: [PATCH 9/9] Add generated sources for Fedora Signed-off-by: Petr "Stone" Hracek --- 16/Dockerfile.fedora | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/16/Dockerfile.fedora b/16/Dockerfile.fedora index 74baba19..0a17e06b 100644 --- a/16/Dockerfile.fedora +++ b/16/Dockerfile.fedora @@ -46,7 +46,7 @@ COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions # to make sure of that. RUN INSTALL_PKGS="rsync tar gettext bind-utils postgresql16-server postgresql16-contrib nss_wrapper " && \ INSTALL_PKGS+="findutils xz" && \ - INSTALL_PKGS+=" pgaudit" && \ + INSTALL_PKGS+=" postgresql16-pgaudit" && \ dnf -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ postgres -V | grep -qe "$POSTGRESQL_VERSION\." && echo "Found VERSION $POSTGRESQL_VERSION" && \