forked from sclorg/postgresql-container
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
133 lines (119 loc) · 5.49 KB
/
Dockerfile
File metadata and controls
133 lines (119 loc) · 5.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
FROM {{ spec.s2i_base }}
# PostgreSQL image for OpenShift.
# Volumes:
# * /var/lib/pgsql/data - Database cluster for PostgreSQL
# Environment:
# * $POSTGRESQL_USER - Database user name
# * $POSTGRESQL_PASSWORD - User's password
# * $POSTGRESQL_DATABASE - Name of the database to create
# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres'
# PostgreSQL administrative account
ENV POSTGRESQL_VERSION={{ spec.version }} \
{% if spec.prod != "rhel8" or spec.prod != "rhel9" or spec.version == "10" %}
POSTGRESQL_PREV_VERSION={{ spec.prev_version }} \
{% endif %}
HOME=/var/lib/pgsql \
PGUSER=postgres \
APP_DATA=/opt/app-root
ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \
DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \
The image contains the client and server programs that you'll need to \
create, run, maintain and access a PostgreSQL DBMS server."
LABEL summary="$SUMMARY" \
description="$DESCRIPTION" \
io.k8s.description="$DESCRIPTION" \
io.k8s.display-name="PostgreSQL {{ spec.version }}" \
io.openshift.expose-services="5432:postgresql" \
io.openshift.tags="{{ spec.openshift_tags }}" \
io.openshift.s2i.assemble-user="26" \
name="{{ spec.img_name }}" \
com.redhat.component="{{ spec.redhat_component }}" \
{% if config.os.id == "rhel" and spec.prod != "rhel10" %}
version="1" \
{% elif spec.prod in ["c9s", "c10s"] %}
version="1" \
{% endif %}
{% if config.os.id == 'rhel' %}
com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#rhel" \
{% endif %}
usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 {{ spec.img_name }}" \
maintainer="SoftwareCollections.org <sclorg@redhat.com>"
EXPOSE 5432
COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions
# This image must forever use UID 26 for postgres user so our volumes are
# safe in the future. This should *never* change, the last test is there
# to make sure of that.
{% if spec.repo_enable_reason %}
{{ spec.repo_enable_reason }}
{% endif %}
{% if spec.prod == "c10s" or spec.prod == "rhel10" %}
RUN INSTALL_PKGS="rsync tar gettext-envsubst nss_wrapper-libs glibc-locale-source xz" && \
PSQL_PKGS="{{ spec.pkgs }}" && \
{% elif spec.prod == "rhel9" and spec.version == "13" %} \
RUN INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper-libs {{ spec.pkgs }}" && \
{% elif spec.prod == "rhel9" and spec.version in ["15", "16"] %}
RUN {{ spec.environment_setup }}
INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper-libs {{ spec.pkgs }}" && \
{% else %}
RUN {{ spec.environment_setup }}
INSTALL_PKGS="rsync tar gettext nss_wrapper-libs {{ spec.pkgs }}" && \
{% endif %}
{% if spec.version not in ["9.6", "10", "11"] %}
INSTALL_PKGS="$INSTALL_PKGS pgaudit" && \
{% if spec.prod != "c10s" %}
INSTALL_PKGS="$INSTALL_PKGS procps-ng util-linux postgresql-upgrade" && \
{% endif %}
{% endif %}
{% if spec.version == "16" %}
{% if spec.prod in ["c9s", "rhel9"] %}
INSTALL_PKGS="$INSTALL_PKGS pgvector" && \
{% endif %}
{% if spec.prod in ["c10s", "rhel10" ] %}
PSQL_PKGS="$PSQL_PKGS postgresql16-pgvector" && \
{% endif %}
{% endif %}
{% if spec.prod == "c10s" or spec.prod == "rhel10" %}
yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS $PSQL_PKGS && \
rpm -V $INSTALL_PKGS {{ spec.check_pkgs }} && \
{% else %}
yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \
rpm -V $INSTALL_PKGS && \
{% endif %}
postgres -V | grep -qe "$POSTGRESQL_VERSION\." && echo "Found VERSION $POSTGRESQL_VERSION" && \
{% if spec.post_install %}
{{ spec.post_install }}
{% endif %}
yum -y clean all --enablerepo='*' && \
localedef -f UTF-8 -i en_US en_US.UTF-8 && \
test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \
mkdir -p /var/lib/pgsql/data && \
mkdir -p /run/postgresql && \
/usr/libexec/fix-permissions /var/lib/pgsql /run/postgresql
# Get prefix path and path to scripts rather than hard-code them in scripts
ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \
ENABLED_COLLECTIONS={{ spec.enabled_collection }}
COPY root /
COPY ./s2i/bin/ $STI_SCRIPTS_PATH
# Hard links are not supported in Testing Farm approach during sync to guest
# operation system. Therefore tests are failing on error
# /usr/libexec/s2i/run no such file or directory
RUN ln -s /usr/bin/run-postgresql $STI_SCRIPTS_PATH/run
# Not using VOLUME statement since it's not working in OpenShift Online:
# https://github.com/sclorg/httpd-container/issues/30
# VOLUME ["/var/lib/pgsql/data"]
# S2I permission fixes
# --------------------
# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i
# build process would be executed as 'uid=26(postgres) gid=26(postgres)'.
# Such process wouldn't be able to execute the default 'assemble' script
# correctly (it transitively executes 'fix-permissions' script). So let's
# add the 'postgres' user into 'root' group here
#
# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build
# anyways) to assure that s2i process is actually able to _read_ the
# user-specified scripting.
RUN usermod -a -G root postgres && \
/usr/libexec/fix-permissions --read-only "$APP_DATA"
USER 26
ENTRYPOINT ["container-entrypoint"]
CMD ["run-postgresql"]