diff --git a/11/Dockerfile.c8s b/11/Dockerfile.c8s new file mode 100644 index 00000000..b10419e1 --- /dev/null +++ b/11/Dockerfile.c8s @@ -0,0 +1,82 @@ +FROM + +# PostgreSQL image for OpenShift. +# Volumes: +# * /var/lib/pgsql/data - Database cluster for PostgreSQL +# Environment: +# * $POSTGRESQL_USER - Database user name +# * $POSTGRESQL_PASSWORD - User's password +# * $POSTGRESQL_DATABASE - Name of the database to create +# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' +# PostgreSQL administrative account + +ENV POSTGRESQL_VERSION=11 \ + POSTGRESQL_PREV_VERSION=10 \ + HOME=/var/lib/pgsql \ + PGUSER=postgres \ + APP_DATA=/opt/app-root + +ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ + DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ +The image contains the client and server programs that you'll need to \ +create, run, maintain and access a PostgreSQL DBMS server." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="PostgreSQL 11" \ + io.openshift.expose-services="5432:postgresql" \ + io.openshift.tags="" \ + io.openshift.s2i.assemble-user="26" \ + name="" \ + com.redhat.component="" \ + version="1" \ + usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 " \ + maintainer="SoftwareCollections.org " + +EXPOSE 5432 + +COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions + +# This image must forever use UID 26 for postgres user so our volumes are +# safe in the future. This should *never* change, the last test is there +# to make sure of that. +RUN + INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper " && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + yum -y clean all --enablerepo='*' && \ + localedef -f UTF-8 -i en_US en_US.UTF-8 && \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ + mkdir -p /var/lib/pgsql/data && \ + /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql + +# Get prefix path and path to scripts rather than hard-code them in scripts +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ + ENABLED_COLLECTIONS= + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +# Not using VOLUME statement since it's not working in OpenShift Online: +# https://github.com/sclorg/httpd-container/issues/30 +# VOLUME ["/var/lib/pgsql/data"] + +# S2I permission fixes +# -------------------- +# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i +# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. +# Such process wouldn't be able to execute the default 'assemble' script +# correctly (it transitively executes 'fix-permissions' script). So let's +# add the 'postgres' user into 'root' group here +# +# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build +# anyways) to assure that s2i process is actually able to _read_ the +# user-specified scripting. +RUN usermod -a -G root postgres && \ + /usr/libexec/fix-permissions --read-only "$APP_DATA" + +USER 26 + +ENTRYPOINT ["container-entrypoint"] +CMD ["run-postgresql"] diff --git a/11/Dockerfile.c9s b/11/Dockerfile.c9s new file mode 100644 index 00000000..b10419e1 --- /dev/null +++ b/11/Dockerfile.c9s @@ -0,0 +1,82 @@ +FROM + +# PostgreSQL image for OpenShift. +# Volumes: +# * /var/lib/pgsql/data - Database cluster for PostgreSQL +# Environment: +# * $POSTGRESQL_USER - Database user name +# * $POSTGRESQL_PASSWORD - User's password +# * $POSTGRESQL_DATABASE - Name of the database to create +# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' +# PostgreSQL administrative account + +ENV POSTGRESQL_VERSION=11 \ + POSTGRESQL_PREV_VERSION=10 \ + HOME=/var/lib/pgsql \ + PGUSER=postgres \ + APP_DATA=/opt/app-root + +ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ + DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ +The image contains the client and server programs that you'll need to \ +create, run, maintain and access a PostgreSQL DBMS server." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="PostgreSQL 11" \ + io.openshift.expose-services="5432:postgresql" \ + io.openshift.tags="" \ + io.openshift.s2i.assemble-user="26" \ + name="" \ + com.redhat.component="" \ + version="1" \ + usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 " \ + maintainer="SoftwareCollections.org " + +EXPOSE 5432 + +COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions + +# This image must forever use UID 26 for postgres user so our volumes are +# safe in the future. This should *never* change, the last test is there +# to make sure of that. +RUN + INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper " && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + yum -y clean all --enablerepo='*' && \ + localedef -f UTF-8 -i en_US en_US.UTF-8 && \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ + mkdir -p /var/lib/pgsql/data && \ + /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql + +# Get prefix path and path to scripts rather than hard-code them in scripts +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ + ENABLED_COLLECTIONS= + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +# Not using VOLUME statement since it's not working in OpenShift Online: +# https://github.com/sclorg/httpd-container/issues/30 +# VOLUME ["/var/lib/pgsql/data"] + +# S2I permission fixes +# -------------------- +# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i +# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. +# Such process wouldn't be able to execute the default 'assemble' script +# correctly (it transitively executes 'fix-permissions' script). So let's +# add the 'postgres' user into 'root' group here +# +# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build +# anyways) to assure that s2i process is actually able to _read_ the +# user-specified scripting. +RUN usermod -a -G root postgres && \ + /usr/libexec/fix-permissions --read-only "$APP_DATA" + +USER 26 + +ENTRYPOINT ["container-entrypoint"] +CMD ["run-postgresql"] diff --git a/11/Dockerfile.fedora b/11/Dockerfile.fedora new file mode 100644 index 00000000..fc703f2b --- /dev/null +++ b/11/Dockerfile.fedora @@ -0,0 +1,82 @@ +FROM quay.io/fedora/s2i-core:35 + +# PostgreSQL image for OpenShift. +# Volumes: +# * /var/lib/psql/data - Database cluster for PostgreSQL +# Environment: +# * $POSTGRESQL_USER - Database user name +# * $POSTGRESQL_PASSWORD - User's password +# * $POSTGRESQL_DATABASE - Name of the database to create +# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' +# PostgreSQL administrative account + +ENV NAME=postgresql \ + VERSION=0 \ + ARCH=x86_64 \ + \ + POSTGRESQL_VERSION=11 \ + POSTGRESQL_PREV_VERSION=10 \ + HOME=/var/lib/pgsql \ + PGUSER=postgres \ + APP_DATA=/opt/app-root + +ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ + DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ +The image contains the client and server programs that you'll need to \ +create, run, maintain and access a PostgreSQL DBMS server." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="PostgreSQL 11" \ + io.openshift.expose-services="5432:postgresql" \ + io.openshift.tags="database,postgresql,postgresql11" \ + com.redhat.component="$NAME" \ + maintainer="SoftwareCollections.org " \ + name="fedora/$NAME-11" \ + version="0" \ + usage="docker run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 quay.io/fedora/$NAME-11" + +EXPOSE 5432 + +COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions + +# This image must forever use UID 26 for postgres user so our volumes are +# safe in the future. This should *never* change, the last test is there +# to make sure of that. +RUN INSTALL_PKGS="rsync tar gettext bind-utils postgresql-server postgresql-contrib nss_wrapper " && \ + INSTALL_PKGS+="findutils xz" && \ + dnf -y module enable postgresql:11 && \ + dnf -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + dnf clean all && \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ + mkdir -p /var/lib/pgsql/data && \ + /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql + +# Get prefix path and path to scripts rather than hard-code them in scripts +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +VOLUME ["/var/lib/pgsql/data"] + +# S2I permission fixes +# -------------------- +# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i +# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. +# Such process wouldn't be able to execute the default 'assemble' script +# correctly (it transitively executes 'fix-permissions' script). So let's +# add the 'postgres' user into 'root' group here +# +# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build +# anyways) to assure that s2i process is actually able to _read_ the +# user-specified scripting. +RUN usermod -a -G root postgres && \ + /usr/libexec/fix-permissions --read-only "$APP_DATA" + +USER 26 + +ENTRYPOINT ["container-entrypoint"] +CMD ["run-postgresql"] diff --git a/11/Dockerfile.rhel9 b/11/Dockerfile.rhel9 new file mode 100644 index 00000000..b10419e1 --- /dev/null +++ b/11/Dockerfile.rhel9 @@ -0,0 +1,82 @@ +FROM + +# PostgreSQL image for OpenShift. +# Volumes: +# * /var/lib/pgsql/data - Database cluster for PostgreSQL +# Environment: +# * $POSTGRESQL_USER - Database user name +# * $POSTGRESQL_PASSWORD - User's password +# * $POSTGRESQL_DATABASE - Name of the database to create +# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' +# PostgreSQL administrative account + +ENV POSTGRESQL_VERSION=11 \ + POSTGRESQL_PREV_VERSION=10 \ + HOME=/var/lib/pgsql \ + PGUSER=postgres \ + APP_DATA=/opt/app-root + +ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ + DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ +The image contains the client and server programs that you'll need to \ +create, run, maintain and access a PostgreSQL DBMS server." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="PostgreSQL 11" \ + io.openshift.expose-services="5432:postgresql" \ + io.openshift.tags="" \ + io.openshift.s2i.assemble-user="26" \ + name="" \ + com.redhat.component="" \ + version="1" \ + usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 " \ + maintainer="SoftwareCollections.org " + +EXPOSE 5432 + +COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions + +# This image must forever use UID 26 for postgres user so our volumes are +# safe in the future. This should *never* change, the last test is there +# to make sure of that. +RUN + INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper " && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + yum -y clean all --enablerepo='*' && \ + localedef -f UTF-8 -i en_US en_US.UTF-8 && \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ + mkdir -p /var/lib/pgsql/data && \ + /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql + +# Get prefix path and path to scripts rather than hard-code them in scripts +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ + ENABLED_COLLECTIONS= + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +# Not using VOLUME statement since it's not working in OpenShift Online: +# https://github.com/sclorg/httpd-container/issues/30 +# VOLUME ["/var/lib/pgsql/data"] + +# S2I permission fixes +# -------------------- +# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i +# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. +# Such process wouldn't be able to execute the default 'assemble' script +# correctly (it transitively executes 'fix-permissions' script). So let's +# add the 'postgres' user into 'root' group here +# +# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build +# anyways) to assure that s2i process is actually able to _read_ the +# user-specified scripting. +RUN usermod -a -G root postgres && \ + /usr/libexec/fix-permissions --read-only "$APP_DATA" + +USER 26 + +ENTRYPOINT ["container-entrypoint"] +CMD ["run-postgresql"] diff --git a/11/root/usr/share/container-scripts/postgresql/README.md b/11/root/usr/share/container-scripts/postgresql/README.md index e0980204..5d471aca 100644 --- a/11/root/usr/share/container-scripts/postgresql/README.md +++ b/11/root/usr/share/container-scripts/postgresql/README.md @@ -74,6 +74,13 @@ initialization by passing `-e VAR=VALUE` to the Docker run command. **`POSTGRESQL_ADMIN_PASSWORD`** Password for the `postgres` admin account (optional) +The following environment variables are optional, and only used when the database is initialzed + +**`POSTGRESQL_ENCODING`** + Database encoding. Default to UTF8 + +**`POSTGRESQL_LOCALE`** + Database locale. Default to en_US Alternatively, the following options are related to migration scenario: diff --git a/11/root/usr/share/container-scripts/postgresql/common.sh b/11/root/usr/share/container-scripts/postgresql/common.sh index 4e1bc94a..3f650680 100644 --- a/11/root/usr/share/container-scripts/postgresql/common.sh +++ b/11/root/usr/share/container-scripts/postgresql/common.sh @@ -189,7 +189,10 @@ initdb_wrapper () # Initialize the database cluster with utf8 support enabled by default. # This might affect performance, see: # http://www.postgresql.org/docs/11/static/locale.html - LANG=${LANG:-en_US.utf8} "$@" + ENCODING=${POSTGRESQL_ENCODING:-UTF8} + LOCALE=${POSTGRESQL_LOCALE:-en_US} + if [ ${LOCALE} == "C" ] ; then LANG=C; fi + LANG=${LANG:-$LOCALE.$ENCODING} "$@" -E $ENCODING } function initialize_database() { @@ -222,7 +225,16 @@ EOF function create_users() { if [[ ",$postinitdb_actions," = *,simple_db,* ]]; then createuser "$POSTGRESQL_USER" - createdb --owner="$POSTGRESQL_USER" "$POSTGRESQL_DATABASE" + + EXTRA_ARGS="" + if [ -v POSTGRESQL_ENCODING ]; then + EXTRA_ARGS="$EXTRA_ARGS -E $POSTGRESQL_ENCODING" + fi + if [ -v POSTGRESQL_LOCALE ]; then + EXTRA_ARGS="$EXTRA_ARGS -l $POSTGRESQL_LOCALE" + fi + + createdb $EXTRA_ARGS --owner="$POSTGRESQL_USER" "$POSTGRESQL_DATABASE" fi if [ -v POSTGRESQL_MASTER_USER ]; then diff --git a/12/Dockerfile b/12/Dockerfile new file mode 100644 index 00000000..bd5c7c9e --- /dev/null +++ b/12/Dockerfile @@ -0,0 +1,90 @@ +FROM quay.io/centos7/s2i-core-centos7 + +# PostgreSQL image for OpenShift. +# Volumes: +# * /var/lib/pgsql/data - Database cluster for PostgreSQL +# Environment: +# * $POSTGRESQL_USER - Database user name +# * $POSTGRESQL_PASSWORD - User's password +# * $POSTGRESQL_DATABASE - Name of the database to create +# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' +# PostgreSQL administrative account + +ENV POSTGRESQL_VERSION=12 \ + POSTGRESQL_PREV_VERSION=10 \ + HOME=/var/lib/pgsql \ + PGUSER=postgres \ + APP_DATA=/opt/app-root + +ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ + DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ +The image contains the client and server programs that you'll need to \ +create, run, maintain and access a PostgreSQL DBMS server." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="PostgreSQL 12" \ + io.openshift.expose-services="5432:postgresql" \ + io.openshift.tags="database,postgresql,postgresql12,rh-postgresql12" \ + io.openshift.s2i.assemble-user="26" \ + name="centos7/postgresql-12-centos7" \ + com.redhat.component="rh-postgresql12-container" \ + version="1" \ + usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 centos7/postgresql-12-centos7" \ + maintainer="SoftwareCollections.org " + +EXPOSE 5432 + +COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions + +# This image must forever use UID 26 for postgres user so our volumes are +# safe in the future. This should *never* change, the last test is there +# to make sure of that. +RUN yum install -y centos-release-scl-rh && \ + INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper rh-postgresql12 rh-postgresql12-postgresql-contrib rh-postgresql12-syspaths rh-postgresql10-postgresql-server" && \ + INSTALL_PKGS="$INSTALL_PKGS rh-postgresql12-pgaudit" && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + yum -y clean all --enablerepo='*' && \ + localedef -f UTF-8 -i en_US en_US.UTF-8 && \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ + mkdir -p /var/lib/pgsql/data && \ + /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql + +# Get prefix path and path to scripts rather than hard-code them in scripts +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ + ENABLED_COLLECTIONS=rh-postgresql12 + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +# When bash is started non-interactively, to run a shell script, for example it +# looks for this variable and source the content of this file. This will enable +# the SCL for all scripts without need to do 'scl enable'. +ENV BASH_ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + PROMPT_COMMAND=". ${CONTAINER_SCRIPTS_PATH}/scl_enable" + +# Not using VOLUME statement since it's not working in OpenShift Online: +# https://github.com/sclorg/httpd-container/issues/30 +# VOLUME ["/var/lib/pgsql/data"] + +# S2I permission fixes +# -------------------- +# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i +# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. +# Such process wouldn't be able to execute the default 'assemble' script +# correctly (it transitively executes 'fix-permissions' script). So let's +# add the 'postgres' user into 'root' group here +# +# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build +# anyways) to assure that s2i process is actually able to _read_ the +# user-specified scripting. +RUN usermod -a -G root postgres && \ + /usr/libexec/fix-permissions --read-only "$APP_DATA" + +USER 26 + +ENTRYPOINT ["container-entrypoint"] +CMD ["run-postgresql"] diff --git a/12/Dockerfile.c8s b/12/Dockerfile.c8s index 7251587e..bd5c7c9e 100644 --- a/12/Dockerfile.c8s +++ b/12/Dockerfile.c8s @@ -1,4 +1,4 @@ -FROM quay.io/sclorg/s2i-core-c8s:c8s +FROM quay.io/centos7/s2i-core-centos7 # PostgreSQL image for OpenShift. # Volumes: @@ -26,12 +26,12 @@ LABEL summary="$SUMMARY" \ io.k8s.description="$DESCRIPTION" \ io.k8s.display-name="PostgreSQL 12" \ io.openshift.expose-services="5432:postgresql" \ - io.openshift.tags="database,postgresql,postgresql12,postgresql-12" \ + io.openshift.tags="database,postgresql,postgresql12,rh-postgresql12" \ io.openshift.s2i.assemble-user="26" \ - name="sclorg/postgresql-12-c8s" \ - com.redhat.component="postgresql-12-container" \ + name="centos7/postgresql-12-centos7" \ + com.redhat.component="rh-postgresql12-container" \ version="1" \ - usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 sclorg/postgresql-12-c8s" \ + usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 centos7/postgresql-12-centos7" \ maintainer="SoftwareCollections.org " EXPOSE 5432 @@ -41,12 +41,11 @@ COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions # This image must forever use UID 26 for postgres user so our volumes are # safe in the future. This should *never* change, the last test is there # to make sure of that. -RUN yum -y module enable postgresql:12 && \ - INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper postgresql-server postgresql-contrib" && \ - INSTALL_PKGS="$INSTALL_PKGS pgaudit" && \ +RUN yum install -y centos-release-scl-rh && \ + INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper rh-postgresql12 rh-postgresql12-postgresql-contrib rh-postgresql12-syspaths rh-postgresql10-postgresql-server" && \ + INSTALL_PKGS="$INSTALL_PKGS rh-postgresql12-pgaudit" && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ - yum -y reinstall tzdata && \ yum -y clean all --enablerepo='*' && \ localedef -f UTF-8 -i en_US en_US.UTF-8 && \ test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ @@ -55,11 +54,18 @@ RUN yum -y module enable postgresql:12 && \ # Get prefix path and path to scripts rather than hard-code them in scripts ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ - ENABLED_COLLECTIONS= + ENABLED_COLLECTIONS=rh-postgresql12 COPY root / COPY ./s2i/bin/ $STI_SCRIPTS_PATH +# When bash is started non-interactively, to run a shell script, for example it +# looks for this variable and source the content of this file. This will enable +# the SCL for all scripts without need to do 'scl enable'. +ENV BASH_ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + PROMPT_COMMAND=". ${CONTAINER_SCRIPTS_PATH}/scl_enable" + # Not using VOLUME statement since it's not working in OpenShift Online: # https://github.com/sclorg/httpd-container/issues/30 # VOLUME ["/var/lib/pgsql/data"] diff --git a/12/Dockerfile.c9s b/12/Dockerfile.c9s new file mode 100644 index 00000000..bd5c7c9e --- /dev/null +++ b/12/Dockerfile.c9s @@ -0,0 +1,90 @@ +FROM quay.io/centos7/s2i-core-centos7 + +# PostgreSQL image for OpenShift. +# Volumes: +# * /var/lib/pgsql/data - Database cluster for PostgreSQL +# Environment: +# * $POSTGRESQL_USER - Database user name +# * $POSTGRESQL_PASSWORD - User's password +# * $POSTGRESQL_DATABASE - Name of the database to create +# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' +# PostgreSQL administrative account + +ENV POSTGRESQL_VERSION=12 \ + POSTGRESQL_PREV_VERSION=10 \ + HOME=/var/lib/pgsql \ + PGUSER=postgres \ + APP_DATA=/opt/app-root + +ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ + DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ +The image contains the client and server programs that you'll need to \ +create, run, maintain and access a PostgreSQL DBMS server." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="PostgreSQL 12" \ + io.openshift.expose-services="5432:postgresql" \ + io.openshift.tags="database,postgresql,postgresql12,rh-postgresql12" \ + io.openshift.s2i.assemble-user="26" \ + name="centos7/postgresql-12-centos7" \ + com.redhat.component="rh-postgresql12-container" \ + version="1" \ + usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 centos7/postgresql-12-centos7" \ + maintainer="SoftwareCollections.org " + +EXPOSE 5432 + +COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions + +# This image must forever use UID 26 for postgres user so our volumes are +# safe in the future. This should *never* change, the last test is there +# to make sure of that. +RUN yum install -y centos-release-scl-rh && \ + INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper rh-postgresql12 rh-postgresql12-postgresql-contrib rh-postgresql12-syspaths rh-postgresql10-postgresql-server" && \ + INSTALL_PKGS="$INSTALL_PKGS rh-postgresql12-pgaudit" && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + yum -y clean all --enablerepo='*' && \ + localedef -f UTF-8 -i en_US en_US.UTF-8 && \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ + mkdir -p /var/lib/pgsql/data && \ + /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql + +# Get prefix path and path to scripts rather than hard-code them in scripts +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ + ENABLED_COLLECTIONS=rh-postgresql12 + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +# When bash is started non-interactively, to run a shell script, for example it +# looks for this variable and source the content of this file. This will enable +# the SCL for all scripts without need to do 'scl enable'. +ENV BASH_ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + PROMPT_COMMAND=". ${CONTAINER_SCRIPTS_PATH}/scl_enable" + +# Not using VOLUME statement since it's not working in OpenShift Online: +# https://github.com/sclorg/httpd-container/issues/30 +# VOLUME ["/var/lib/pgsql/data"] + +# S2I permission fixes +# -------------------- +# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i +# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. +# Such process wouldn't be able to execute the default 'assemble' script +# correctly (it transitively executes 'fix-permissions' script). So let's +# add the 'postgres' user into 'root' group here +# +# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build +# anyways) to assure that s2i process is actually able to _read_ the +# user-specified scripting. +RUN usermod -a -G root postgres && \ + /usr/libexec/fix-permissions --read-only "$APP_DATA" + +USER 26 + +ENTRYPOINT ["container-entrypoint"] +CMD ["run-postgresql"] diff --git a/12/Dockerfile.fedora b/12/Dockerfile.fedora new file mode 100644 index 00000000..1fc8dfdb --- /dev/null +++ b/12/Dockerfile.fedora @@ -0,0 +1,83 @@ +FROM quay.io/fedora/s2i-core:35 + +# PostgreSQL image for OpenShift. +# Volumes: +# * /var/lib/psql/data - Database cluster for PostgreSQL +# Environment: +# * $POSTGRESQL_USER - Database user name +# * $POSTGRESQL_PASSWORD - User's password +# * $POSTGRESQL_DATABASE - Name of the database to create +# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' +# PostgreSQL administrative account + +ENV NAME=postgresql \ + VERSION=0 \ + ARCH=x86_64 \ + \ + POSTGRESQL_VERSION=12 \ + POSTGRESQL_PREV_VERSION=10 \ + HOME=/var/lib/pgsql \ + PGUSER=postgres \ + APP_DATA=/opt/app-root + +ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ + DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ +The image contains the client and server programs that you'll need to \ +create, run, maintain and access a PostgreSQL DBMS server." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="PostgreSQL 12" \ + io.openshift.expose-services="5432:postgresql" \ + io.openshift.tags="database,postgresql,postgresql12" \ + com.redhat.component="$NAME" \ + maintainer="SoftwareCollections.org " \ + name="fedora/$NAME-12" \ + version="0" \ + usage="docker run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 quay.io/fedora/$NAME-12" + +EXPOSE 5432 + +COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions + +# This image must forever use UID 26 for postgres user so our volumes are +# safe in the future. This should *never* change, the last test is there +# to make sure of that. +RUN INSTALL_PKGS="rsync tar gettext bind-utils postgresql-server postgresql-contrib nss_wrapper " && \ + INSTALL_PKGS+="findutils xz" && \ + INSTALL_PKGS+=" pgaudit" && \ + dnf -y module enable postgresql:12 && \ + dnf -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + dnf clean all && \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ + mkdir -p /var/lib/pgsql/data && \ + /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql + +# Get prefix path and path to scripts rather than hard-code them in scripts +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +VOLUME ["/var/lib/pgsql/data"] + +# S2I permission fixes +# -------------------- +# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i +# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. +# Such process wouldn't be able to execute the default 'assemble' script +# correctly (it transitively executes 'fix-permissions' script). So let's +# add the 'postgres' user into 'root' group here +# +# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build +# anyways) to assure that s2i process is actually able to _read_ the +# user-specified scripting. +RUN usermod -a -G root postgres && \ + /usr/libexec/fix-permissions --read-only "$APP_DATA" + +USER 26 + +ENTRYPOINT ["container-entrypoint"] +CMD ["run-postgresql"] diff --git a/12/Dockerfile.rhel9 b/12/Dockerfile.rhel9 new file mode 100644 index 00000000..bd5c7c9e --- /dev/null +++ b/12/Dockerfile.rhel9 @@ -0,0 +1,90 @@ +FROM quay.io/centos7/s2i-core-centos7 + +# PostgreSQL image for OpenShift. +# Volumes: +# * /var/lib/pgsql/data - Database cluster for PostgreSQL +# Environment: +# * $POSTGRESQL_USER - Database user name +# * $POSTGRESQL_PASSWORD - User's password +# * $POSTGRESQL_DATABASE - Name of the database to create +# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' +# PostgreSQL administrative account + +ENV POSTGRESQL_VERSION=12 \ + POSTGRESQL_PREV_VERSION=10 \ + HOME=/var/lib/pgsql \ + PGUSER=postgres \ + APP_DATA=/opt/app-root + +ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ + DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ +The image contains the client and server programs that you'll need to \ +create, run, maintain and access a PostgreSQL DBMS server." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="PostgreSQL 12" \ + io.openshift.expose-services="5432:postgresql" \ + io.openshift.tags="database,postgresql,postgresql12,rh-postgresql12" \ + io.openshift.s2i.assemble-user="26" \ + name="centos7/postgresql-12-centos7" \ + com.redhat.component="rh-postgresql12-container" \ + version="1" \ + usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 centos7/postgresql-12-centos7" \ + maintainer="SoftwareCollections.org " + +EXPOSE 5432 + +COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions + +# This image must forever use UID 26 for postgres user so our volumes are +# safe in the future. This should *never* change, the last test is there +# to make sure of that. +RUN yum install -y centos-release-scl-rh && \ + INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper rh-postgresql12 rh-postgresql12-postgresql-contrib rh-postgresql12-syspaths rh-postgresql10-postgresql-server" && \ + INSTALL_PKGS="$INSTALL_PKGS rh-postgresql12-pgaudit" && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + yum -y clean all --enablerepo='*' && \ + localedef -f UTF-8 -i en_US en_US.UTF-8 && \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ + mkdir -p /var/lib/pgsql/data && \ + /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql + +# Get prefix path and path to scripts rather than hard-code them in scripts +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ + ENABLED_COLLECTIONS=rh-postgresql12 + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +# When bash is started non-interactively, to run a shell script, for example it +# looks for this variable and source the content of this file. This will enable +# the SCL for all scripts without need to do 'scl enable'. +ENV BASH_ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + PROMPT_COMMAND=". ${CONTAINER_SCRIPTS_PATH}/scl_enable" + +# Not using VOLUME statement since it's not working in OpenShift Online: +# https://github.com/sclorg/httpd-container/issues/30 +# VOLUME ["/var/lib/pgsql/data"] + +# S2I permission fixes +# -------------------- +# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i +# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. +# Such process wouldn't be able to execute the default 'assemble' script +# correctly (it transitively executes 'fix-permissions' script). So let's +# add the 'postgres' user into 'root' group here +# +# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build +# anyways) to assure that s2i process is actually able to _read_ the +# user-specified scripting. +RUN usermod -a -G root postgres && \ + /usr/libexec/fix-permissions --read-only "$APP_DATA" + +USER 26 + +ENTRYPOINT ["container-entrypoint"] +CMD ["run-postgresql"] diff --git a/12/root/usr/share/container-scripts/postgresql/README.md b/12/root/usr/share/container-scripts/postgresql/README.md index f92d9665..a41d7839 100644 --- a/12/root/usr/share/container-scripts/postgresql/README.md +++ b/12/root/usr/share/container-scripts/postgresql/README.md @@ -74,6 +74,13 @@ initialization by passing `-e VAR=VALUE` to the Docker run command. **`POSTGRESQL_ADMIN_PASSWORD`** Password for the `postgres` admin account (optional) +The following environment variables are optional, and only used when the database is initialzed + +**`POSTGRESQL_ENCODING`** + Database encoding. Default to UTF8 + +**`POSTGRESQL_LOCALE`** + Database locale. Default to en_US Alternatively, the following options are related to migration scenario: diff --git a/12/root/usr/share/container-scripts/postgresql/common.sh b/12/root/usr/share/container-scripts/postgresql/common.sh index 4b968f5a..1154c08b 100644 --- a/12/root/usr/share/container-scripts/postgresql/common.sh +++ b/12/root/usr/share/container-scripts/postgresql/common.sh @@ -189,7 +189,10 @@ initdb_wrapper () # Initialize the database cluster with utf8 support enabled by default. # This might affect performance, see: # http://www.postgresql.org/docs/12/static/locale.html - LANG=${LANG:-en_US.utf8} "$@" + ENCODING=${POSTGRESQL_ENCODING:-UTF8} + LOCALE=${POSTGRESQL_LOCALE:-en_US} + if [ ${LOCALE} == "C" ] ; then LANG=C; fi + LANG=${LANG:-$LOCALE.$ENCODING} "$@" -E $ENCODING } function initialize_database() { @@ -222,7 +225,16 @@ EOF function create_users() { if [[ ",$postinitdb_actions," = *,simple_db,* ]]; then createuser "$POSTGRESQL_USER" - createdb --owner="$POSTGRESQL_USER" "$POSTGRESQL_DATABASE" + + EXTRA_ARGS="" + if [ -v POSTGRESQL_ENCODING ]; then + EXTRA_ARGS="$EXTRA_ARGS -E $POSTGRESQL_ENCODING" + fi + if [ -v POSTGRESQL_LOCALE ]; then + EXTRA_ARGS="$EXTRA_ARGS -l $POSTGRESQL_LOCALE" + fi + + createdb $EXTRA_ARGS --owner="$POSTGRESQL_USER" "$POSTGRESQL_DATABASE" fi if [ -v POSTGRESQL_MASTER_USER ]; then diff --git a/13/Dockerfile b/13/Dockerfile new file mode 100644 index 00000000..4ffeb76e --- /dev/null +++ b/13/Dockerfile @@ -0,0 +1,90 @@ +FROM quay.io/centos7/s2i-core-centos7 + +# PostgreSQL image for OpenShift. +# Volumes: +# * /var/lib/pgsql/data - Database cluster for PostgreSQL +# Environment: +# * $POSTGRESQL_USER - Database user name +# * $POSTGRESQL_PASSWORD - User's password +# * $POSTGRESQL_DATABASE - Name of the database to create +# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' +# PostgreSQL administrative account + +ENV POSTGRESQL_VERSION=13 \ + POSTGRESQL_PREV_VERSION=12 \ + HOME=/var/lib/pgsql \ + PGUSER=postgres \ + APP_DATA=/opt/app-root + +ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ + DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ +The image contains the client and server programs that you'll need to \ +create, run, maintain and access a PostgreSQL DBMS server." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="PostgreSQL 13" \ + io.openshift.expose-services="5432:postgresql" \ + io.openshift.tags="database,postgresql,postgresql13,rh-postgresql13" \ + io.openshift.s2i.assemble-user="26" \ + name="centos7/postgresql-13-centos7" \ + com.redhat.component="rh-postgresql13-container" \ + version="1" \ + usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 centos7/postgresql-13-centos7" \ + maintainer="SoftwareCollections.org " + +EXPOSE 5432 + +COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions + +# This image must forever use UID 26 for postgres user so our volumes are +# safe in the future. This should *never* change, the last test is there +# to make sure of that. +RUN yum install -y centos-release-scl-rh && \ + INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper rh-postgresql13 rh-postgresql13-postgresql-contrib rh-postgresql13-syspaths rh-postgresql12-postgresql-server" && \ + INSTALL_PKGS="$INSTALL_PKGS rh-postgresql13-pgaudit" && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + yum -y clean all --enablerepo='*' && \ + localedef -f UTF-8 -i en_US en_US.UTF-8 && \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ + mkdir -p /var/lib/pgsql/data && \ + /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql + +# Get prefix path and path to scripts rather than hard-code them in scripts +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ + ENABLED_COLLECTIONS=rh-postgresql13 + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +# When bash is started non-interactively, to run a shell script, for example it +# looks for this variable and source the content of this file. This will enable +# the SCL for all scripts without need to do 'scl enable'. +ENV BASH_ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + PROMPT_COMMAND=". ${CONTAINER_SCRIPTS_PATH}/scl_enable" + +# Not using VOLUME statement since it's not working in OpenShift Online: +# https://github.com/sclorg/httpd-container/issues/30 +# VOLUME ["/var/lib/pgsql/data"] + +# S2I permission fixes +# -------------------- +# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i +# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. +# Such process wouldn't be able to execute the default 'assemble' script +# correctly (it transitively executes 'fix-permissions' script). So let's +# add the 'postgres' user into 'root' group here +# +# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build +# anyways) to assure that s2i process is actually able to _read_ the +# user-specified scripting. +RUN usermod -a -G root postgres && \ + /usr/libexec/fix-permissions --read-only "$APP_DATA" + +USER 26 + +ENTRYPOINT ["container-entrypoint"] +CMD ["run-postgresql"] diff --git a/13/Dockerfile.c8s b/13/Dockerfile.c8s index e4e526a4..4ffeb76e 100644 --- a/13/Dockerfile.c8s +++ b/13/Dockerfile.c8s @@ -1,4 +1,4 @@ -FROM quay.io/sclorg/s2i-core-c8s:c8s +FROM quay.io/centos7/s2i-core-centos7 # PostgreSQL image for OpenShift. # Volumes: @@ -26,12 +26,12 @@ LABEL summary="$SUMMARY" \ io.k8s.description="$DESCRIPTION" \ io.k8s.display-name="PostgreSQL 13" \ io.openshift.expose-services="5432:postgresql" \ - io.openshift.tags="database,postgresql,postgresql13,postgresql-13" \ + io.openshift.tags="database,postgresql,postgresql13,rh-postgresql13" \ io.openshift.s2i.assemble-user="26" \ - name="sclorg/postgresql-13-c8s" \ - com.redhat.component="postgresql-13-container" \ + name="centos7/postgresql-13-centos7" \ + com.redhat.component="rh-postgresql13-container" \ version="1" \ - usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 sclorg/postgresql-13-c8s" \ + usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 centos7/postgresql-13-centos7" \ maintainer="SoftwareCollections.org " EXPOSE 5432 @@ -41,12 +41,11 @@ COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions # This image must forever use UID 26 for postgres user so our volumes are # safe in the future. This should *never* change, the last test is there # to make sure of that. -RUN yum -y module enable postgresql:13 && \ - INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper postgresql-server postgresql-contrib" && \ - INSTALL_PKGS="$INSTALL_PKGS pgaudit" && \ +RUN yum install -y centos-release-scl-rh && \ + INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper rh-postgresql13 rh-postgresql13-postgresql-contrib rh-postgresql13-syspaths rh-postgresql12-postgresql-server" && \ + INSTALL_PKGS="$INSTALL_PKGS rh-postgresql13-pgaudit" && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ - yum -y reinstall tzdata && \ yum -y clean all --enablerepo='*' && \ localedef -f UTF-8 -i en_US en_US.UTF-8 && \ test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ @@ -55,11 +54,18 @@ RUN yum -y module enable postgresql:13 && \ # Get prefix path and path to scripts rather than hard-code them in scripts ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ - ENABLED_COLLECTIONS= + ENABLED_COLLECTIONS=rh-postgresql13 COPY root / COPY ./s2i/bin/ $STI_SCRIPTS_PATH +# When bash is started non-interactively, to run a shell script, for example it +# looks for this variable and source the content of this file. This will enable +# the SCL for all scripts without need to do 'scl enable'. +ENV BASH_ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + PROMPT_COMMAND=". ${CONTAINER_SCRIPTS_PATH}/scl_enable" + # Not using VOLUME statement since it's not working in OpenShift Online: # https://github.com/sclorg/httpd-container/issues/30 # VOLUME ["/var/lib/pgsql/data"] diff --git a/13/Dockerfile.c9s b/13/Dockerfile.c9s index 69aa8ed2..4ffeb76e 100644 --- a/13/Dockerfile.c9s +++ b/13/Dockerfile.c9s @@ -1,4 +1,4 @@ -FROM quay.io/sclorg/s2i-core-c9s:c9s +FROM quay.io/centos7/s2i-core-centos7 # PostgreSQL image for OpenShift. # Volumes: @@ -26,12 +26,12 @@ LABEL summary="$SUMMARY" \ io.k8s.description="$DESCRIPTION" \ io.k8s.display-name="PostgreSQL 13" \ io.openshift.expose-services="5432:postgresql" \ - io.openshift.tags="database,postgresql,postgresql13,postgresql-13" \ + io.openshift.tags="database,postgresql,postgresql13,rh-postgresql13" \ io.openshift.s2i.assemble-user="26" \ - name="sclorg/postgresql-13-c9s" \ - com.redhat.component="postgresql-13-container" \ + name="centos7/postgresql-13-centos7" \ + com.redhat.component="rh-postgresql13-container" \ version="1" \ - usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 sclorg/postgresql-13-c9s" \ + usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 centos7/postgresql-13-centos7" \ maintainer="SoftwareCollections.org " EXPOSE 5432 @@ -41,9 +41,9 @@ COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions # This image must forever use UID 26 for postgres user so our volumes are # safe in the future. This should *never* change, the last test is there # to make sure of that. -RUN { yum -y module enable postgresql:13 || :; } && \ - INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper postgresql-server postgresql-contrib" && \ - INSTALL_PKGS="$INSTALL_PKGS pgaudit" && \ +RUN yum install -y centos-release-scl-rh && \ + INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper rh-postgresql13 rh-postgresql13-postgresql-contrib rh-postgresql13-syspaths rh-postgresql12-postgresql-server" && \ + INSTALL_PKGS="$INSTALL_PKGS rh-postgresql13-pgaudit" && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ yum -y clean all --enablerepo='*' && \ @@ -54,11 +54,18 @@ RUN { yum -y module enable postgresql:13 || :; } && \ # Get prefix path and path to scripts rather than hard-code them in scripts ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ - ENABLED_COLLECTIONS= + ENABLED_COLLECTIONS=rh-postgresql13 COPY root / COPY ./s2i/bin/ $STI_SCRIPTS_PATH +# When bash is started non-interactively, to run a shell script, for example it +# looks for this variable and source the content of this file. This will enable +# the SCL for all scripts without need to do 'scl enable'. +ENV BASH_ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + PROMPT_COMMAND=". ${CONTAINER_SCRIPTS_PATH}/scl_enable" + # Not using VOLUME statement since it's not working in OpenShift Online: # https://github.com/sclorg/httpd-container/issues/30 # VOLUME ["/var/lib/pgsql/data"] diff --git a/13/Dockerfile.fedora b/13/Dockerfile.fedora new file mode 100644 index 00000000..1bdfea34 --- /dev/null +++ b/13/Dockerfile.fedora @@ -0,0 +1,83 @@ +FROM quay.io/fedora/s2i-core:35 + +# PostgreSQL image for OpenShift. +# Volumes: +# * /var/lib/psql/data - Database cluster for PostgreSQL +# Environment: +# * $POSTGRESQL_USER - Database user name +# * $POSTGRESQL_PASSWORD - User's password +# * $POSTGRESQL_DATABASE - Name of the database to create +# * $POSTGRESQL_ADMIN_PASSWORD (Optional) - Password for the 'postgres' +# PostgreSQL administrative account + +ENV NAME=postgresql \ + VERSION=0 \ + ARCH=x86_64 \ + \ + POSTGRESQL_VERSION=13 \ + POSTGRESQL_PREV_VERSION=12 \ + HOME=/var/lib/pgsql \ + PGUSER=postgres \ + APP_DATA=/opt/app-root + +ENV SUMMARY="PostgreSQL is an advanced Object-Relational database management system" \ + DESCRIPTION="PostgreSQL is an advanced Object-Relational database management system (DBMS). \ +The image contains the client and server programs that you'll need to \ +create, run, maintain and access a PostgreSQL DBMS server." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="PostgreSQL 13" \ + io.openshift.expose-services="5432:postgresql" \ + io.openshift.tags="database,postgresql,postgresql13" \ + com.redhat.component="$NAME" \ + maintainer="SoftwareCollections.org " \ + name="fedora/$NAME-13" \ + version="0" \ + usage="docker run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 quay.io/fedora/$NAME-13" + +EXPOSE 5432 + +COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions + +# This image must forever use UID 26 for postgres user so our volumes are +# safe in the future. This should *never* change, the last test is there +# to make sure of that. +RUN INSTALL_PKGS="rsync tar gettext bind-utils postgresql-server postgresql-contrib nss_wrapper " && \ + INSTALL_PKGS+="findutils xz" && \ + INSTALL_PKGS+=" pgaudit" && \ + dnf -y module enable postgresql:13 && \ + dnf -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + dnf clean all && \ + test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ + mkdir -p /var/lib/pgsql/data && \ + /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql + +# Get prefix path and path to scripts rather than hard-code them in scripts +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql + +COPY root / +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +VOLUME ["/var/lib/pgsql/data"] + +# S2I permission fixes +# -------------------- +# 1. unless specified otherwise (or - equivalently - we are in OpenShift), s2i +# build process would be executed as 'uid=26(postgres) gid=26(postgres)'. +# Such process wouldn't be able to execute the default 'assemble' script +# correctly (it transitively executes 'fix-permissions' script). So let's +# add the 'postgres' user into 'root' group here +# +# 2. we call fix-permissions on $APP_DATA here directly (UID=0 during build +# anyways) to assure that s2i process is actually able to _read_ the +# user-specified scripting. +RUN usermod -a -G root postgres && \ + /usr/libexec/fix-permissions --read-only "$APP_DATA" + +USER 26 + +ENTRYPOINT ["container-entrypoint"] +CMD ["run-postgresql"] diff --git a/13/Dockerfile.rhel9 b/13/Dockerfile.rhel9 index 23d2a439..4ffeb76e 100644 --- a/13/Dockerfile.rhel9 +++ b/13/Dockerfile.rhel9 @@ -1,4 +1,4 @@ -FROM ubi9/s2i-core +FROM quay.io/centos7/s2i-core-centos7 # PostgreSQL image for OpenShift. # Volumes: @@ -26,13 +26,12 @@ LABEL summary="$SUMMARY" \ io.k8s.description="$DESCRIPTION" \ io.k8s.display-name="PostgreSQL 13" \ io.openshift.expose-services="5432:postgresql" \ - io.openshift.tags="database,postgresql,postgresql13,postgresql-13" \ + io.openshift.tags="database,postgresql,postgresql13,rh-postgresql13" \ io.openshift.s2i.assemble-user="26" \ - name="rhel9/postgresql-13" \ - com.redhat.component="postgresql-13-container" \ + name="centos7/postgresql-13-centos7" \ + com.redhat.component="rh-postgresql13-container" \ version="1" \ - com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#rhel" \ - usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 rhel9/postgresql-13" \ + usage="podman run -d --name postgresql_database -e POSTGRESQL_USER=user -e POSTGRESQL_PASSWORD=pass -e POSTGRESQL_DATABASE=db -p 5432:5432 centos7/postgresql-13-centos7" \ maintainer="SoftwareCollections.org " EXPOSE 5432 @@ -42,12 +41,11 @@ COPY root/usr/libexec/fix-permissions /usr/libexec/fix-permissions # This image must forever use UID 26 for postgres user so our volumes are # safe in the future. This should *never* change, the last test is there # to make sure of that. -RUN { yum -y module enable postgresql:13 || :; } && \ - INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper postgresql-server postgresql-contrib" && \ - INSTALL_PKGS="$INSTALL_PKGS pgaudit" && \ +RUN yum install -y centos-release-scl-rh && \ + INSTALL_PKGS="rsync tar gettext bind-utils nss_wrapper rh-postgresql13 rh-postgresql13-postgresql-contrib rh-postgresql13-syspaths rh-postgresql12-postgresql-server" && \ + INSTALL_PKGS="$INSTALL_PKGS rh-postgresql13-pgaudit" && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ - yum -y reinstall tzdata && \ yum -y clean all --enablerepo='*' && \ localedef -f UTF-8 -i en_US en_US.UTF-8 && \ test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \ @@ -56,11 +54,18 @@ RUN { yum -y module enable postgresql:13 || :; } && \ # Get prefix path and path to scripts rather than hard-code them in scripts ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \ - ENABLED_COLLECTIONS= + ENABLED_COLLECTIONS=rh-postgresql13 COPY root / COPY ./s2i/bin/ $STI_SCRIPTS_PATH +# When bash is started non-interactively, to run a shell script, for example it +# looks for this variable and source the content of this file. This will enable +# the SCL for all scripts without need to do 'scl enable'. +ENV BASH_ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + ENV=${CONTAINER_SCRIPTS_PATH}/scl_enable \ + PROMPT_COMMAND=". ${CONTAINER_SCRIPTS_PATH}/scl_enable" + # Not using VOLUME statement since it's not working in OpenShift Online: # https://github.com/sclorg/httpd-container/issues/30 # VOLUME ["/var/lib/pgsql/data"] diff --git a/13/root/usr/share/container-scripts/postgresql/README.md b/13/root/usr/share/container-scripts/postgresql/README.md index fb1dbfa2..06db9796 100644 --- a/13/root/usr/share/container-scripts/postgresql/README.md +++ b/13/root/usr/share/container-scripts/postgresql/README.md @@ -74,6 +74,13 @@ initialization by passing `-e VAR=VALUE` to the Docker run command. **`POSTGRESQL_ADMIN_PASSWORD`** Password for the `postgres` admin account (optional) +The following environment variables are optional, and only used when the database is initialzed + +**`POSTGRESQL_ENCODING`** + Database encoding. Default to UTF8 + +**`POSTGRESQL_LOCALE`** + Database locale. Default to en_US Alternatively, the following options are related to migration scenario: diff --git a/13/root/usr/share/container-scripts/postgresql/common.sh b/13/root/usr/share/container-scripts/postgresql/common.sh index 8c8b2dd6..cfd18967 100644 --- a/13/root/usr/share/container-scripts/postgresql/common.sh +++ b/13/root/usr/share/container-scripts/postgresql/common.sh @@ -189,7 +189,10 @@ initdb_wrapper () # Initialize the database cluster with utf8 support enabled by default. # This might affect performance, see: # http://www.postgresql.org/docs/13/static/locale.html - LANG=${LANG:-en_US.utf8} "$@" + ENCODING=${POSTGRESQL_ENCODING:-UTF8} + LOCALE=${POSTGRESQL_LOCALE:-en_US} + if [ ${LOCALE} == "C" ] ; then LANG=C; fi + LANG=${LANG:-$LOCALE.$ENCODING} "$@" -E $ENCODING } function initialize_database() { @@ -222,7 +225,16 @@ EOF function create_users() { if [[ ",$postinitdb_actions," = *,simple_db,* ]]; then createuser "$POSTGRESQL_USER" - createdb --owner="$POSTGRESQL_USER" "$POSTGRESQL_DATABASE" + + EXTRA_ARGS="" + if [ -v POSTGRESQL_ENCODING ]; then + EXTRA_ARGS="$EXTRA_ARGS -E $POSTGRESQL_ENCODING" + fi + if [ -v POSTGRESQL_LOCALE ]; then + EXTRA_ARGS="$EXTRA_ARGS -l $POSTGRESQL_LOCALE" + fi + + createdb $EXTRA_ARGS --owner="$POSTGRESQL_USER" "$POSTGRESQL_DATABASE" fi if [ -v POSTGRESQL_MASTER_USER ]; then diff --git a/common b/common index a7862f18..2869270a 160000 --- a/common +++ b/common @@ -1 +1 @@ -Subproject commit a7862f18b1162855d1e56bf24a3410001b984327 +Subproject commit 2869270a2c36924d76dd34eef9a91623005a7596