diff --git a/10/Dockerfile.rhel8 b/10/Dockerfile.rhel8 deleted file mode 100644 index 236e488b..00000000 --- a/10/Dockerfile.rhel8 +++ /dev/null @@ -1,90 +0,0 @@ -FROM ubi8/s2i-core - -# PostgreSQL image for OpenShift. -# Volumes: -# * /var/lib/pgsql/data - Database cluster for PostgreSQL -# Environment: -# * $POSTGRESQL_USER - Database user name -# * $POSTGRESQL_PASSWORD - User's password -# * $POSTGRESQL_DATABASE - Name of the database to create -# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' -# PostgreSQL administrative account - -ENV POSTGRESQL_VERSION=10 \ - POSTGRESQL_PREV_VERSION=9.6 \ - HOME=/var/lib/pgsql \ - PGUSER=postgres \ - APP_DATA=/opt/app-root - -ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ - DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ -The image contains the client and server programs that you'll need to \ -create, run, maintain and access a PostgreSQL DBMS server." - -LABEL summary="$SUMMARY" \ - description="$DESCRIPTION" \ - io.k8s.description="$DESCRIPTION" \ - io.k8s.display-name="PostgreSQL 10" \ - io.openshift.expose-services="5432:postgresql" \ - io.openshift.tags="database,postgresql,postgresql10,postgresql-10" \ - io.openshift.s2i.assemble-user="26" \ - name="rhel8/postgresql-10" \ - com.redhat.component="postgresql-10-container" \ - version="1" \ - com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#rhel" \ - usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 rhel8/postgresql-10" \ - maintainer="SoftwareCollections.org " - -EXPOSE 5432 - -COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions - -# This image must forever use UID 26 for postgres user so our volumes are -# safe in the future. This should *never* change, the last test is there -# to make sure of that. -RUN yum -y module enable postgresql:10 && \ - INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper postgresql-server postgresql-contrib" && \ - yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ - rpm -V $INSTALL_PKGS && \ - postgres -V | grep -qe "$POSTGRESQL_VERSION\." && echo "Found VERSION $POSTGRESQL_VERSION" && \ - (yum -y reinstall tzdata || yum -y update tzdata ) && \ - yum -y clean all --enablerepo='*' && \ - localedef -f UTF-8 -i en_US en_US.UTF-8 && \ - test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ - mkdir -p /var/lib/pgsql/data && \ - /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql - -# Get prefix path and path to scripts rather than hard-code them in scripts -ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ - ENABLED_COLLECTIONS= - -COPY root / -COPY ./s2i/bin/ $STI_SCRIPTS_PATH - -# Hard links are not supported in Testing Farm approach during sync to guest -# operation system. Therefore tests are failing on error -# /usr/libexec/s2i/run no such file or directory -RUN ln -s /usr/bin/run-postgresql $STI_SCRIPTS_PATH/run - -# Not using VOLUME statement since it's not working in OpenShift Online: -# https://github.com/sclorg/httpd-container/issues/30 -# VOLUME ["/var/lib/pgsql/data"] - -# S2I permission fixes -# -------------------- -# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i -# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. -# Such process wouldn't be able to execute the default 'assemble' script -# correctly (it transitively executes 'fix-permissions' script). So let's -# add the 'postgres' user into 'root' group here -# -# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build -# anyways) to assure that s2i process is actually able to _read_ the -# user-specified scripting. -RUN usermod -a -G root postgres && \ - /usr/libexec/fix-permissions --read-only "$APP_DATA" - -USER 26 - -ENTRYPOINT ["container-entrypoint"] -CMD ["run-postgresql"] diff --git a/10/README.md b/10/README.md deleted file mode 120000 index d359f030..00000000 --- a/10/README.md +++ /dev/null @@ -1 +0,0 @@ -root/usr/share/container-scripts/postgresql/README.md \ No newline at end of file diff --git a/10/root/usr/bin/container-entrypoint b/10/root/usr/bin/container-entrypoint deleted file mode 100755 index 5fc44481..00000000 --- a/10/root/usr/bin/container-entrypoint +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -exec "$@" diff --git a/10/root/usr/bin/run-postgresql b/10/root/usr/bin/run-postgresql deleted file mode 100755 index 5ac3e928..00000000 --- a/10/root/usr/bin/run-postgresql +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash - -export ENABLE_REPLICATION=${ENABLE_REPLICATION:-false} - -set -eu -export_vars=$(cgroup-limits) ; export $export_vars - -source "${CONTAINER_SCRIPTS_PATH}/common.sh" - -set_pgdata - -process_extending_files \ - "${APP_DATA}/src/postgresql-pre-start" \ - "${CONTAINER_SCRIPTS_PATH}/pre-start" - -check_env_vars -generate_passwd_file -generate_postgresql_config - -# Is this brand new data volume? -PG_INITIALIZED=false - -if [ ! -f "$PGDATA/postgresql.conf" ]; then - initialize_database - PG_INITIALIZED=: -else - try_pgupgrade -fi - -# Use insanely large timeout (24h) to ensure that the potential recovery has -# enough time here to happen (unless liveness probe kills us). Note that in -# case of server failure this command still exists immediately. -pg_ctl start -w --timeout 86400 -o "-h ''" - -# This is just a pedantic safety measure (the timeout above is unlikely to -# happen), but `pt_ctl -w` is not reliable prior to PostgreSQL v10 where it -# returns exit_status=0 even if the server is still starting. For more info -# see the issue#297 and -# https://www.postgresql.org/message-id/CAB7nPqSJs85wK9aknm%3D_jmS6GnH3SQBhpzKcqs8Qo2LhEg2etw%40mail.gmail.com -pg_isready - -if $PG_INITIALIZED ; then - process_extending_files \ - "${APP_DATA}/src/postgresql-init" \ - "${CONTAINER_SCRIPTS_PATH}/init" - migrate_db - create_users -fi - -create_extensions -process_extending_files \ - "${APP_DATA}/src/postgresql-start" \ - "${CONTAINER_SCRIPTS_PATH}/start" - -pg_ctl stop - -unset_env_vars -echo "Starting server..." -exec postgres "$@" diff --git a/10/root/usr/bin/run-postgresql-master b/10/root/usr/bin/run-postgresql-master deleted file mode 100755 index 79e7cc24..00000000 --- a/10/root/usr/bin/run-postgresql-master +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -export ENABLE_REPLICATION=true - -exec run-postgresql "$@" diff --git a/10/root/usr/bin/run-postgresql-slave b/10/root/usr/bin/run-postgresql-slave deleted file mode 100755 index 82113b76..00000000 --- a/10/root/usr/bin/run-postgresql-slave +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash - -export ENABLE_REPLICATION=true - -set -eu -export_vars=$(cgroup-limits) ; export $export_vars - -source "$CONTAINER_SCRIPTS_PATH"/common.sh - -set_pgdata - -function initialize_replica() { - echo "Initializing PostgreSQL slave ..." - # TODO: Validate and reuse existing data? - rm -rf $PGDATA - PGPASSWORD="${POSTGRESQL_MASTER_PASSWORD}" pg_basebackup -X fetch --no-password --pgdata ${PGDATA} --host=${MASTER_FQDN} --port=5432 -U "${POSTGRESQL_MASTER_USER}" - - # PostgreSQL recovery configuration. - generate_postgresql_recovery_config - cat >> "$PGDATA/recovery.conf" <&2 <&2 "fixing permissions on '$dir' directory" - find "$dir" -exec chown "$uid:0" {} \; - find "$dir" -exec chmod "g+r$write" {} \; - find "$dir" -type d -exec chmod g+x {} + -done diff --git a/10/root/usr/share/container-scripts/postgresql/README.md b/10/root/usr/share/container-scripts/postgresql/README.md deleted file mode 100644 index 7fe07e52..00000000 --- a/10/root/usr/share/container-scripts/postgresql/README.md +++ /dev/null @@ -1,203 +0,0 @@ -# PostgreSQL 10 SQL Database Server Container Image - -This container image features the PostgreSQL 10 SQL database server, suitable for OpenShift and general applications. Users have the option to select from RHEL, CentOS Stream, and Fedora-based images. RHEL images can be found in the [Red Hat Container Catalog](https://access.redhat.com/containers/), while CentOS Stream images are available on [Quay.io](https://quay.io/organization/sclorg), and Fedora images can be accessed in [Quay.io](https://quay.io/organization/fedora). The resulting image can be executed using [podman](https://github.com/containers/libpod). - -Please note that while the examples provided in this README utilize `podman`, it is possible to substitute any instance of `podman` with `docker` and the same arguments. `podman` can be installed with on Fedora with command `dnf install podman-docker`. - -## Overview - -This container image offers a containerized version of the PostgreSQL postgres daemon and client application. The postgres server daemon accepts client connections and grants access to PostgreSQL database content on behalf of said clients. For more information regarding the PostgreSQL project, please visit the official project website (https://www.postgresql.org/). - -## Usage - -Assuming you are utilizing the `rhel8/postgresql-10` image, which is accessible via the `postgresql:10` imagestream tag in Openshift, the following steps outline usage. To set only the mandatory environment variables without storing the database in a host directory, execute this command: - -```bash -$ podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 rhel8/postgresql-10 -``` - -This command creates a container named `postgresql_database` running PostgreSQL with the database `db` and a user with the credentials `user:pass`. - -> Note: The user `postgres` is reserved for internal usage - -Port 5432 will be exposed and mapped to the host. For persistent database storage across container executions, include the `-v /host/db/path:/var/lib/pgsql/data` argument (refer to the information below). This directory will serve as the PostgreSQL database cluster. - -In an Openshift environment, the same can be achieved using templates provided by Openshift or found in [examples](https://github.com/sclorg/postgresql-container/tree/master/examples): - -```bash -$ oc process -f examples/postgresql-ephemeral-template.json -p POSTGRESQL_VERSION=10 -p POSTGRESQL_USER=user -p POSTGRESQL_PASSWORD=pass -p POSTGRESQL_DATABASE=db | oc create -f - -``` - -If the database cluster directory has not been initialized, the entrypoint script will first run [`initdb`](http://www.postgresql.org/docs/10/static/app-initdb.html) to set up the necessary database users and passwords. Once the database has been initialized or if it was previously in place,[`postgres`](http://www.postgresql.org/docs/10/static/app-postgres.html) will be executed and run as PID 1. The detached container can be stopped using `podman stop postgresql_database`. - -## Environment Variables and Volumes - -The image recognizes the following environment variables, which can be set during initialization by passing `-e VAR=VALUE` to the Docker run command. - -**`POSTGRESQL_USER`** - User name for PostgreSQL account to be created - -**`POSTGRESQL_PASSWORD`** - Password for the user account - -**`POSTGRESQL_DATABASE`** - Database name - -**`POSTGRESQL_ADMIN_PASSWORD`** - Password for the `postgres` admin account (optional) - -Alternatively, the following options are related to migration scenario: - -**`POSTGRESQL_MIGRATION_REMOTE_HOST`** - Hostname/IP to migrate from - -**`POSTGRESQL_MIGRATION_ADMIN_PASSWORD`** - Password for the remote 'postgres' admin user - -**`POSTGRESQL_MIGRATION_IGNORE_ERRORS (optional, default 'no')`** - Set to 'yes' to ignore sql import errors - -The following environment variables influence the PostgreSQL configuration file. They are all optional. - -**`POSTGRESQL_MAX_CONNECTIONS (default: 100)`** - The maximum number of client connections allowed - -**`POSTGRESQL_MAX_PREPARED_TRANSACTIONS (default: 0)`** - Sets the maximum number of transactions that can be in the "prepared" state. If you are using prepared transactions, you will probably want this to be at least as large as max_connections - -**`POSTGRESQL_SHARED_BUFFERS (default: 1/4 of memory limit or 32M)`** -Sets how much memory is dedicated to PostgreSQL to use for caching data - -**`POSTGRESQL_EFFECTIVE_CACHE_SIZE (default: 1/2 of memory limit or 128M)`** -Set to an estimate of how much memory is available for disk caching by the operating system and within the database itself - -**`POSTGRESQL_LOG_DESTINATION (default: /var/lib/pgsql/data/userdata/log/postgresql-*.log)`** - Where to log errors, the default is `/var/lib/pgsql/data/userdata/log/postgresql-*.log` and this file is rotated; it can be changed to `/dev/stderr` to make debugging easier - -The following environment variables deal with extensions. They are all optional, and if not set, no extensions will be enabled. - -**`POSTGRESQL_LIBRARIES`** - A comma-separated list of libraries that Postgres will preload using shared_preload_libraries. - -**`POSTGRESQL_EXTENSIONS`** - A space-separated list of extensions to create when the server start. Once created, the extensions will stay even if the variable is cleared. - - -You can also set the following mount points by passing the `-v /host/dir:/container/dir:Z` flag to Docker. - -**`/var/lib/pgsql/data`** - PostgreSQL database cluster directory - -**Notice: When mouting a directory from the host into the container, ensure that the mounted -directory has the appropriate permissions and that the owner and group of the directory -matches the user UID or name which is running inside the container.** - -Typically (unless you use `podman run -u` option) processes in container -run under UID 26, so -- on GNU/Linux -- you can fix the datadir permissions -for example by: - -```bash -$ setfacl -m u:26:-wx /your/data/dir -$ podman run <...> -v /your/data/dir:/var/lib/pgsql/data:Z <...> -``` - -## Data Migration - -The PostgreSQL container supports data migration from a remote PostgreSQL server. Execute the following command to initiate the process: - -```bash -$ podman run -d --name postgresql_database \ - -e POSTGRESQL_MIGRATION_REMOTE_HOST=172.17.0.2 \ - -e POSTGRESQL_MIGRATION_ADMIN_PASSWORD=remoteAdminP@ssword \ - [ OPTIONAL_CONFIGURATION_VARIABLES ] - rhel8/postgresql-13 -``` - -The migration is performed using the **dump and restore** method (running `pg_dumpall` against the remote cluster and importing the dump locally using `psql`). The process is streamed (via a Unix pipeline), eliminating the need for intermediate dump files and conserving storage space. - -If some SQL commands fail during the application, the default behavior of the migration script is to fail, ensuring an **all** or **nothing** outcome for scripted, unattended migration. In most cases, successful migration is expected (but not guaranteed) when migrating from a previous version of the PostgreSQL server container created using the same principles as this one (e.g., migration from `rhel8/postgresql-12` to `rhel8/postgresql-13`). -Migration from a different type of PostgreSQL container may likely fail. - -If the **all or nothing** principle is unsuitable for your needs and you are aware of the risks, the optional `POSTGRESQL_MIGRATION_IGNORE_ERRORS` option offers a **best effort** migration (some data may be lost; users must review the standard error output and address issues manually after migration). - -Please note that the container image provides assistance for user convenience, but fully automatic migration is not guaranteed. Before starting the database migration, be prepared to perform manual steps to ensure all data is migrated. - -Do not use variables like `POSTGRESQL_USER`in migration scenarios, as all data (including information about databases, roles, and passwords) is copied from the old cluster. Make sure to use the same `OPTIONAL_CONFIGURATION_VARIABLES`as you did when initializing the old PostgreSQL container. If the remote cluster has some non-default configurations, you may need to manually copy the configuration files. - -**Security warning**: Be aware that IP communication between the old and new PostgreSQL clusters is not encrypted by default. Users must configure SSL on the remote cluster or ensure security through other means. - -## PostgreSQL Auto-Tuning - -When running the PostgreSQL image with the `--memory` parameter set, and no values provided for `POSTGRESQL_SHARED_BUFFERS` and -`POSTGRESQL_EFFECTIVE_CACHE_SIZE` these values are automatically calculated based on the `--memory` parameter value. - -The values are determined using the [upstream](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) formulas. For `shared_buffers` 1/4 of the provided memory is used, and for `effective_cache_size`, 1/2 of the provided memory is set. - -## PostgreSQL Admin Account - -By default, the admin account `postgres` has no password set, allowing only local connections. To set a password, define the `POSTGRESQL_ADMIN_PASSWORD` environment variable when initializing your container. This allows you to log in to the `postgres` account remotely, while local connections still do not require a password. - -## Changing Passwords - -As passwords are part of the image configuration, the only supported method for changing passwords for the database user (`POSTGRESQL_USER`) and `postgres` -admin user is by changing the environment variables `POSTGRESQL_PASSWORD` and `POSTGRESQL_ADMIN_PASSWORD`, respectively. - -Changing database passwords through SQL statements or any other method than the environment variables mentioned above will cause a mismatch between the stored variable values and the actual passwords. When a database container starts, it will reset the passwords to the values stored in the environment variables. - -## Extending Image - -You can extend this image in Openshift using the `Source` build strategy or via the standalone [source-to-image](https://github.com/openshift/source-to-image) application (where available). For this example, assume that you are using the `rhel8/postgresql-10` image, available via `postgresql:10` imagestream tag in Openshift. - -To build a customized image `new-postgresql` with configuration from `https://github.com/sclorg/postgresql-container/tree/master/examples/extending-image`, run: - -```bash -$ oc new-app postgresql:10~https://github.com/sclorg/postgresql-container.git \ - --name new-postgresql \ - --context-dir examples/extending-image/ \ - -e POSTGRESQL_USER=user \ - -e POSTGRESQL_DATABASE=db \ - -e POSTGRESQL_PASSWORD=password -``` - -or via `s2i`: - -``` -$ s2i build --context-dir examples/extending-image/ https://github.com/sclorg/postgresql-container.git rhel8/postgresql-10 new-postgresql -``` - -The directory passed to Openshift should contain one or more of the following directories: - -##### `postgresql-pre-start/` - -This directory should contain `*.sh` files that will be sourced during the early start of the container. At this point, there is no PostgreSQL daemon running in the background. - -##### `postgresql-cfg/` - -Configuration files (`*.conf`) contained in this directory will be included at the end of the image's postgresql.conf file. - -##### `postgresql-init/` - -This directory should contain shell scripts (`*.sh`) that are sourced when the database is freshly initialized (after a successful initdb run, which makes the data directory non-empty). At the time of sourcing these scripts, the local PostgreSQL server is running. For re-deployment scenarios with a persistent data directory, the scripts are not sourced (no-op). - -##### `postgresql-start/` - -This directory has the same semantics as `postgresql-init/`, except that these scripts are always sourced (after `postgresql-init/` scripts, if they exist). - ---- - -During the s2i build, all provided files are copied into the `/opt/app-root/src` -directory in the new image. Only one file with the same name can be used for customization, and user-provided files take precedence over default files in `/usr/share/container-scripts/`. This means that it is possible to overwrite the default files. - -## Troubleshooting - -Initially, the postgres daemon logs are written to the standard output, making them accessible within the container log. To examine the log, execute the following command: - -```bash -podman logs -``` - -Subsequently, log output is redirected to the logging collector process and will appear in the "pg_log" directory. - -## Additional Resources - -The Dockerfile and other sources related to this container image can be found at https://github.com/sclorg/postgresql-container. In this repository, the RHEL8 Dockerfile is named Dockerfile.rhel8, the RHEL9 Dockerfile is named Dockerfile.rhel9, and the Fedora Dockerfile is named Dockerfile.fedora. diff --git a/10/root/usr/share/container-scripts/postgresql/common.sh b/10/root/usr/share/container-scripts/postgresql/common.sh deleted file mode 100644 index 7a169cc5..00000000 --- a/10/root/usr/share/container-scripts/postgresql/common.sh +++ /dev/null @@ -1,535 +0,0 @@ -# Configuration settings. -export POSTGRESQL_MAX_CONNECTIONS=${POSTGRESQL_MAX_CONNECTIONS:-100} -export POSTGRESQL_MAX_PREPARED_TRANSACTIONS=${POSTGRESQL_MAX_PREPARED_TRANSACTIONS:-0} - -# Perform auto-tuning based on the container cgroups limits (only when the -# limits are set). -# Users can still override this by setting the POSTGRESQL_SHARED_BUFFERS -# and POSTGRESQL_EFFECTIVE_CACHE_SIZE variables. -if [[ "${NO_MEMORY_LIMIT:-}" == "true" || -z "${MEMORY_LIMIT_IN_BYTES:-}" ]]; then - export POSTGRESQL_SHARED_BUFFERS=${POSTGRESQL_SHARED_BUFFERS:-32MB} - export POSTGRESQL_EFFECTIVE_CACHE_SIZE=${POSTGRESQL_EFFECTIVE_CACHE_SIZE:-128MB} -else - # Use 1/4 of given memory for shared buffers - shared_buffers_computed="$(($MEMORY_LIMIT_IN_BYTES/1024/1024/4))MB" - # Setting effective_cache_size to 1/2 of total memory would be a normal conservative setting, - effective_cache="$(($MEMORY_LIMIT_IN_BYTES/1024/1024/2))MB" - export POSTGRESQL_SHARED_BUFFERS=${POSTGRESQL_SHARED_BUFFERS:-$shared_buffers_computed} - export POSTGRESQL_EFFECTIVE_CACHE_SIZE=${POSTGRESQL_EFFECTIVE_CACHE_SIZE:-$effective_cache} -fi - -export POSTGRESQL_LOG_DESTINATION=${POSTGRESQL_LOG_DESTINATION:-} - -export POSTGRESQL_RECOVERY_FILE=$HOME/openshift-custom-recovery.conf -export POSTGRESQL_CONFIG_FILE=$HOME/openshift-custom-postgresql.conf - -postinitdb_actions= - -# match . files when moving userdata below -shopt -s dotglob -# extglob enables the !(userdata) glob pattern below. -shopt -s extglob - -function usage() { - if [ $# == 1 ]; then - echo >&2 "error: $1" - fi - - cat >&2 </dev/null) - # FIXME: This is for debugging (docker run) - if [ -v POSTGRESQL_MASTER_IP ]; then - endpoints=${POSTGRESQL_MASTER_IP:-} - fi - if [ -z "$endpoints" ]; then - >&2 echo "Failed to resolve PostgreSQL master IP address" - exit 3 - fi - echo -n "$(echo $endpoints | cut -d ' ' -f 1)" -} - -# Converts the version in format x.y or x.y.z to a number. -version2number () -{ - local old_IFS=$IFS - local to_print= depth=${2-3} width=${3-2} sum=0 one_part - IFS='.' - set -- $1 - while test $depth -ge 1; do - depth=$(( depth - 1 )) - part=${1-0} ; shift || : - printf "%0${width}d" "$part" - done - IFS=$old_IFS -} - -# On non-intel arches, data_sync_retry = off does not work -# Upstream discussion: https://www.postgresql.org/message-id/CA+mCpegfOUph2U4ZADtQT16dfbkjjYNJL1bSTWErsazaFjQW9A@mail.gmail.com -# Upstream changes that caused this issue: -# https://github.com/postgres/postgres/commit/483520eca426fb1b428e8416d1d014ac5ad80ef4 -# https://github.com/postgres/postgres/commit/9ccdd7f66e3324d2b6d3dec282cfa9ff084083f1 -# RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1779150 -# Special handle of data_sync_retry should handle only in some cases. -# These cases are: non-intel architectures, and version higher or equal 12.0, 10.7, 9.6.12 -# Return value 0 means the hack is needed. -function should_hack_data_sync_retry() { - [ "$(uname -m)" == 'x86_64' ] && return 1 - local version_number=$(version2number "$(pg_ctl -V | sed -e 's/^pg_ctl (PostgreSQL) //')") - # this matches all 12.x and versions of 10.x where we need the hack - [ "$version_number" -ge 100700 ] && return 0 - # this matches all 10.x that were not matched above - [ "$version_number" -ge 100000 ] && return 1 - # this matches all 9.x where need the hack - [ "$version_number" -ge 090612 ] && return 0 - # all rest should be older 9.x releases - return 1 -} - -function generate_postgresql_libraries_config() { - if [ -v POSTGRESQL_LIBRARIES ]; then - echo "shared_preload_libraries='${POSTGRESQL_LIBRARIES}'" >> "${POSTGRESQL_CONFIG_FILE}" - fi -} - - -# New config is generated every time a container is created. It only contains -# additional custom settings and is included from $PGDATA/postgresql.conf. -function generate_postgresql_config() { - envsubst \ - < "${CONTAINER_SCRIPTS_PATH}/openshift-custom-postgresql.conf.template" \ - > "${POSTGRESQL_CONFIG_FILE}" - - if [ "${ENABLE_REPLICATION}" == "true" ]; then - envsubst \ - < "${CONTAINER_SCRIPTS_PATH}/openshift-custom-postgresql-replication.conf.template" \ - >> "${POSTGRESQL_CONFIG_FILE}" - fi - - if should_hack_data_sync_retry ; then - echo "data_sync_retry = on" >>"${POSTGRESQL_CONFIG_FILE}" - fi - - # For easier debugging, allow users to log to stderr (will be visible - # in the pod logs) using a single variable - # https://github.com/sclorg/postgresql-container/issues/353 - if [ -n "${POSTGRESQL_LOG_DESTINATION:-}" ] ; then - echo "log_destination = 'stderr'" >>"${POSTGRESQL_CONFIG_FILE}" - echo "logging_collector = on" >>"${POSTGRESQL_CONFIG_FILE}" - echo "log_directory = '$(dirname "${POSTGRESQL_LOG_DESTINATION}")'" >>"${POSTGRESQL_CONFIG_FILE}" - echo "log_filename = '$(basename "${POSTGRESQL_LOG_DESTINATION}")'" >>"${POSTGRESQL_CONFIG_FILE}" - fi - - generate_postgresql_libraries_config - ( - shopt -s nullglob - for conf in "${APP_DATA}"/src/postgresql-cfg/*.conf; do - echo include \'${conf}\' >> "${POSTGRESQL_CONFIG_FILE}" - done - ) -} - -function generate_postgresql_recovery_config() { - envsubst \ - < "${CONTAINER_SCRIPTS_PATH}/openshift-custom-recovery.conf.template" \ - > "${POSTGRESQL_RECOVERY_FILE}" -} - -# Generate passwd file based on current uid -function generate_passwd_file() { - export USER_ID=$(id -u) - export GROUP_ID=$(id -g) - grep -v -e ^postgres -e ^$USER_ID -e ^$(id -un) /etc/passwd > "$HOME/passwd" - echo "postgres:x:${USER_ID}:${GROUP_ID}:PostgreSQL Server:${HOME}:/bin/bash" >> "$HOME/passwd" - export LD_PRELOAD=libnss_wrapper.so - export NSS_WRAPPER_PASSWD=${HOME}/passwd - export NSS_WRAPPER_GROUP=/etc/group -} - -initdb_wrapper () -{ - # Initialize the database cluster with utf8 support enabled by default. - # This might affect performance, see: - # http://www.postgresql.org/docs/10/static/locale.html - LANG=${LANG:-en_US.utf8} "$@" -} - -function initialize_database() { - initdb_wrapper initdb - - # PostgreSQL configuration. - cat >> "$PGDATA/postgresql.conf" <> "$PGDATA/pg_hba.conf" < /dev/null; then - rm -rf "$PGDATA/postmaster.pid" - fi - - optimized=false - old_raw_version=${POSTGRESQL_PREV_VERSION//\./} - new_raw_version=${POSTGRESQL_VERSION//\./} - - if test "$old_raw_version" = 92; then - old_collection=postgresql92 - else - old_collection=rh-postgresql$old_raw_version - fi - - # Backward compatibility for RHEL/CentOS 7 - source /etc/os-release - - if [[ $VERSION_ID -lt 8 ]]; then - old_pgengine=/opt/rh/$old_collection/root/usr/bin - new_pgengine=/opt/rh/rh-postgresql${new_raw_version}/root/usr/bin - else - old_pgengine=/usr/lib64/pgsql/postgresql-$old_raw_version/bin - new_pgengine=/usr/bin - fi - - PGDATA_new="${PGDATA}-new" - - printf >&2 "\n========== \$PGDATA upgrade: %s -> %s ==========\n\n" \ - "$POSTGRESQL_PREV_VERSION" \ - "$POSTGRESQL_VERSION" - - info_msg () { printf >&2 "\n===> $*\n\n" ;} - - # pg_upgrade writes logs to cwd, so go to the persistent storage first - cd "$HOME"/data - - # disable this because of scl_source, 'set +u' just makes the code ugly - # anyways - set +u - - # we need to have the old SCL enabled, otherwise the $old_pgengine is not - # working. The scl_source script doesn't pay attention to non-zero exit - # statuses, so use 'set +e'. - set +e - source scl_source enable $old_collection - set -e - - case $POSTGRESQL_UPGRADE in - copy) # we accept this - ;; - hardlink) - optimized=: - ;; - *) - echo >&2 "Unsupported value: \$POSTGRESQL_UPGRADE=$POSTGRESQL_UPGRADE" - false - ;; - esac - - # boot up data directory with old postgres once again to make sure - # it was shut down properly, otherwise the upgrade process fails - info_msg "Starting old postgresql once again for a clean shutdown..." - "${old_pgengine}/pg_ctl" start -w --timeout 86400 -o "-h 127.0.0.1''" - info_msg "Waiting for postgresql to be ready for shutdown again..." - "${old_pgengine}/pg_isready" -h 127.0.0.1 - info_msg "Shutting down old postgresql cleanly..." - "${old_pgengine}/pg_ctl" stop - - # Ensure $PGDATA_new doesn't exist yet, so we can immediately remove it if - # there's some problem. - test ! -e "$PGDATA_new" - - # initialize the database - info_msg "Initialize new data directory; we will migrate to that." - initdb_cmd=( initdb_wrapper "$new_pgengine"/initdb "$PGDATA_new" ) - eval "\${initdb_cmd[@]} ${POSTGRESQL_UPGRADE_INITDB_OPTIONS-}" || \ - { rm -rf "$PGDATA_new" ; false ; } - - upgrade_cmd=( - "$new_pgengine"/pg_upgrade - "--old-bindir=$old_pgengine" - "--new-bindir=$new_pgengine" - "--old-datadir=$PGDATA" - "--new-datadir=$PGDATA_new" - ) - - # Dangerous --link option, we loose $DATADIR if something goes wrong. - ! $optimized || upgrade_cmd+=(--link) - - # User-specififed options for pg_upgrade. - eval "upgrade_cmd+=(${POSTGRESQL_UPGRADE_PGUPGRADE_OPTIONS-})" - - # On non-intel arches the data_sync_retry set to on - sed -i -e 's/data_sync_retry/#data_sync_retry/' "${POSTGRESQL_CONFIG_FILE}" - - # the upgrade - info_msg "Starting the pg_upgrade process." - - # Once we stop support for PostgreSQL 9.4, we don't need - # REDHAT_PGUPGRADE_FROM_RHEL hack as we don't upgrade from 9.2 -- that means - # that we don't need to fiddle with unix_socket_director{y,ies} option. - REDHAT_PGUPGRADE_FROM_RHEL=1 \ - "${upgrade_cmd[@]}" || { cat $(find "$PGDATA_new"/.. -name pg_upgrade_server.log) ; rm -rf "$PGDATA_new" && false ; } - - # Move the important configuration and remove old data. This is highly - # careless, but we can't do more for this over-automatized process. - info_msg "Swap the old and new PGDATA and cleanup." - mv "$PGDATA"/*.conf "$PGDATA_new" - rm -rf "$PGDATA" - mv "$PGDATA_new" "$PGDATA" - - # Get back the option we changed above - sed -i -e 's/#data_sync_retry/data_sync_retry/' "${POSTGRESQL_CONFIG_FILE}" - - info_msg "Upgrade DONE." -) - - -# Run right after container startup, when the data volume is already initialized -# (not initialized by this container run) and thus there exists a chance that -# the data was generated by incompatible PostgreSQL major version. -try_pgupgrade () -{ - local versionfile="$PGDATA"/PG_VERSION version upgrade_available - - # This file always exists. - test -f "$versionfile" - version=$(cat "$versionfile") - - # If we don't support pg_upgrade, skip. - test -z "${POSTGRESQL_PREV_VERSION-}" && return 0 - - if test "$POSTGRESQL_VERSION" = "$version"; then - # No need to call pg_upgrade. - - # Mistakenly requests upgrade? If not, just start the DB. - test -z "${POSTGRESQL_UPGRADE-}" && return 0 - - # Make _sure_ we have this safety-belt here, otherwise our users would - # just specify '-e POSTGRESQL_UPGRADE=hardlink' permanently, even for - # re-deployment cases when upgrade is not needed. Setting such - # unfortunate default could mean that pg_upgrade might (after some user - # mistake) migrate (or even destruct, especially with --link) the old data - # directory with limited rollback options, if any. - echo >&2 - echo >&2 "== WARNING!! ==" - echo >&2 "PostgreSQL server version matches the datadir PG_VERSION." - echo >&2 "The \$POSTGRESQL_UPGRADE makes no sense and you probably" - echo >&2 "made some mistake, keeping the variable set you might" - echo >&2 "risk a data loss in future!" - echo >&2 "===============" - echo >&2 - - # Exit here, but allow _really explicit_ foot-shot. - ${POSTGRESQL_UPGRADE_FORCE-false} - return 0 - fi - - # At this point in code we know that PG_VERSION doesn't match the PostgreSQL - # server major version; this might mean that user either (a) mistakenly - # deploys from a bad image, or (b) user wants to perform upgrade. For the - # upgrade we require explicit request -- just to avoid disasters in (a)-cases. - - if test -z "${POSTGRESQL_UPGRADE-}"; then - echo >&2 "Incompatible data directory. This container image provides" - echo >&2 "PostgreSQL '$POSTGRESQL_VERSION', but data directory is of" - echo >&2 "version '$version'." - echo >&2 - echo >&2 "This image supports automatic data directory upgrade from" - echo >&2 "'$POSTGRESQL_PREV_VERSION', please _carefully_ consult image documentation" - echo >&2 "about how to use the '\$POSTGRESQL_UPGRADE' startup option." - # We could wait for postgresql startup failure (there's no risk of data dir - # corruption), but fail rather early. - false - fi - - # We support pg_upgrade process only from previous version of this container - # (upgrade to N to N+1 is possible, so e.g. 9.4 to 9.5). - if test "$POSTGRESQL_PREV_VERSION" != "$version"; then - echo >&2 "With this container image you can only upgrade from data directory" - echo >&2 "of version '$POSTGRESQL_PREV_VERSION', not '$version'." - false - fi - - run_pgupgrade -} - -# get_matched_files PATTERN DIR [DIR ...] -# --------------------------------------- -# Print all basenames for files matching PATTERN in DIRs. -get_matched_files () -{ - local pattern=$1 dir - shift - for dir; do - test -d "$dir" || continue - find -L "$dir" -maxdepth 1 -type f -name "$pattern" -printf "%f\n" - done -} - -# process_extending_files DIR [DIR ...] -# ------------------------------------- -# Source all *.sh files in DIRs in alphabetical order, but if the file exists in -# more then one DIR, source only the first occurrence (first found wins). -process_extending_files() -{ - local filename dir - while read filename ; do - for dir in "$@"; do - local file="$dir/$filename" - if test -f "$file"; then - echo "=> sourcing $file ..." - source "$file" - set -e # ensure that users don't mistakenly change this - break - fi - done - done <<<"$(get_matched_files '*.sh' "$@" | sort -u)" -} - -create_extensions() -{ - if [ -v POSTGRESQL_EXTENSIONS ]; then - for EXT in $POSTGRESQL_EXTENSIONS; do - psql -c "CREATE EXTENSION IF NOT EXISTS ${EXT};" - done - fi -} diff --git a/10/root/usr/share/container-scripts/postgresql/openshift-custom-postgresql-replication.conf.template b/10/root/usr/share/container-scripts/postgresql/openshift-custom-postgresql-replication.conf.template deleted file mode 100644 index ef04eaae..00000000 --- a/10/root/usr/share/container-scripts/postgresql/openshift-custom-postgresql-replication.conf.template +++ /dev/null @@ -1,7 +0,0 @@ -# required on master for replication -wal_level = hot_standby # minimal, archive, hot_standby, or logical -max_wal_senders = 6 # max number of walsender processes -wal_keep_segments = 400 # in logfile segments, 16MB each; 0 disables - -# required on replicas for replication -hot_standby = on diff --git a/10/root/usr/share/container-scripts/postgresql/openshift-custom-postgresql.conf.template b/10/root/usr/share/container-scripts/postgresql/openshift-custom-postgresql.conf.template deleted file mode 100644 index 3c2bc7f3..00000000 --- a/10/root/usr/share/container-scripts/postgresql/openshift-custom-postgresql.conf.template +++ /dev/null @@ -1,21 +0,0 @@ -# -# Custom OpenShift configuration. -# -# NOTE: This file is rewritten every time the container is started! -# Changes to this file will be overwritten. -# - -# Listen on all interfaces. -listen_addresses = '*' - -# Determines the maximum number of concurrent connections to the database server. Default: 100 -max_connections = ${POSTGRESQL_MAX_CONNECTIONS} - -# Allow each connection to use a prepared transaction -max_prepared_transactions = ${POSTGRESQL_MAX_PREPARED_TRANSACTIONS} - -# Sets the amount of memory the database server uses for shared memory buffers. Default: 32MB -shared_buffers = ${POSTGRESQL_SHARED_BUFFERS} - -# Sets the planner's assumption about the effective size of the disk cache that is available to a single query -effective_cache_size = ${POSTGRESQL_EFFECTIVE_CACHE_SIZE} diff --git a/10/root/usr/share/container-scripts/postgresql/openshift-custom-recovery.conf.template b/10/root/usr/share/container-scripts/postgresql/openshift-custom-recovery.conf.template deleted file mode 100644 index 26d56693..00000000 --- a/10/root/usr/share/container-scripts/postgresql/openshift-custom-recovery.conf.template +++ /dev/null @@ -1,9 +0,0 @@ -# -# Custom OpenShift configuration. -# -# NOTE: This file is rewritten every time the container is started! -# Changes to this file will be overwritten. -# - -standby_mode = on -primary_conninfo = 'host=${MASTER_FQDN} port=5432 user=${POSTGRESQL_MASTER_USER} password=${POSTGRESQL_MASTER_PASSWORD}' diff --git a/10/root/usr/share/container-scripts/postgresql/scl_enable b/10/root/usr/share/container-scripts/postgresql/scl_enable deleted file mode 100644 index 1d967f9b..00000000 --- a/10/root/usr/share/container-scripts/postgresql/scl_enable +++ /dev/null @@ -1,3 +0,0 @@ -# This will make scl collection binaries work out of box. -unset BASH_ENV PROMPT_COMMAND ENV -source scl_source enable $ENABLED_COLLECTIONS diff --git a/10/root/usr/share/container-scripts/postgresql/start/set_passwords.sh b/10/root/usr/share/container-scripts/postgresql/start/set_passwords.sh deleted file mode 100644 index 60d70e36..00000000 --- a/10/root/usr/share/container-scripts/postgresql/start/set_passwords.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -_psql () { psql --set ON_ERROR_STOP=1 "$@" ; } - -if [[ ",$postinitdb_actions," = *,simple_db,* ]]; then -_psql --set=username="$POSTGRESQL_USER" \ - --set=password="$POSTGRESQL_PASSWORD" \ -<<< "ALTER USER :\"username\" WITH ENCRYPTED PASSWORD :'password';" -fi - -if [ -v POSTGRESQL_MASTER_USER ]; then -_psql --set=masteruser="$POSTGRESQL_MASTER_USER" \ - --set=masterpass="$POSTGRESQL_MASTER_PASSWORD" \ -<<'EOF' -ALTER USER :"masteruser" WITH REPLICATION; -ALTER USER :"masteruser" WITH ENCRYPTED PASSWORD :'masterpass'; -EOF -fi - -if [ -v POSTGRESQL_ADMIN_PASSWORD ]; then -_psql --set=adminpass="$POSTGRESQL_ADMIN_PASSWORD" \ -<<<"ALTER USER \"postgres\" WITH ENCRYPTED PASSWORD :'adminpass';" -fi diff --git a/10/s2i/bin/assemble b/10/s2i/bin/assemble deleted file mode 100755 index 6ed8f7aa..00000000 --- a/10/s2i/bin/assemble +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -set -o errexit -set -o nounset -set -o pipefail - -shopt -s dotglob -echo "---> Installing application source ..." - - -mv /tmp/src/* ./ - -# Fix source directory permissions -/usr/libexec/fix-permissions --read-only ./ diff --git a/10/s2i/bin/usage b/10/s2i/bin/usage deleted file mode 100755 index 9f413123..00000000 --- a/10/s2i/bin/usage +++ /dev/null @@ -1 +0,0 @@ -groff -t -man -ETascii /help.1 diff --git a/10/test b/10/test deleted file mode 120000 index 419df4f9..00000000 --- a/10/test +++ /dev/null @@ -1 +0,0 @@ -../test \ No newline at end of file