Initial import

Author: robertauer

Dockerfile

@@ -0,0 +1,24 @@
+FROM registry.cloudogu.com/official/base:3.6-1
+MAINTAINER Sebastian Sdorra <[email protected]>
+
+# install postgresql and gosu
+# Note: the current postgresql version from alpine is installed
+# https://pkgs.alpinelinux.org/packages?name=postgresql&branch=v3.6&repo=&arch=x86_64
+RUN apk add --update postgresql \
+ && curl -o /usr/local/bin/gosu -sSL "https://github.com/tianon/gosu/releases/download/1.2/gosu-amd64" \
+ && chmod +x /usr/local/bin/gosu \
+ && rm -rf /var/cache/apk/*
+
+ENV LANG en_US.utf8
+ENV PGDATA /var/lib/postgresql
+
+COPY resources/ /
+
+# VOLUMES
+VOLUME "/var/lib/postgresql"
+
+# MYSQL PORT
+EXPOSE 5432
+
+# FIRE IT UP
+CMD ["/bin/bash", "/startup.sh"]

dogu.json

@@ -0,0 +1,41 @@
+{
+  "Name": "official/postgresql",
+  "Version": "9.6.5-1",
+  "DisplayName": "PostgreSQL",
+  "Description": "PostgreSQL Database.",
+  "Url": "https://www.postgresql.org/",
+  "Category": "Base",
+  "Tags": [
+    "database",
+    "db"
+  ],
+  "Logo": "https://cloudogu.com/images/dogus/postgresql.png",
+  "Image": "registry.cloudogu.com/official/postgresql",
+  "Volumes": [
+    {
+      "Name": "data",
+      "Path": "/var/lib/postgresql",
+      "Owner": "1000",
+      "Group": "1000"
+    }
+  ],
+  "ExposedCommands": [
+    {
+      "Name": "service-account-create",
+      "Description": "Creates a new service account",
+      "Command": "/create-sa.sh"
+    },{
+      "Name": "pre-upgrade",
+      "Command": "/pre-upgrade.sh"
+    }
+  ],
+  "HealthChecks": [
+    {
+      "Type": "tcp",
+      "Port": 5432
+    },
+    {
+      "Type": "state"
+    }
+  ]
+}

resources/create-sa.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+set -o pipefail
+
+{
+    SERVICE="$1"
+    if [ X"${SERVICE}" = X"" ]; then
+        echo "usage create-sa.sh servicename"
+        exit 1
+    fi
+
+    # create random schema suffix and password
+    ID=$(doguctl random -l 6 | tr '[:upper:]' '[:lower:]')
+    USER="${SERVICE}_${ID}"
+    PASSWORD=$(doguctl random)
+    DATABASE="${USER}"
+    SCHEMA="${USER}"
+
+    # connection user
+    ADMIN_USERNAME=$(doguctl config user)
+
+    # create role
+    psql -U "${ADMIN_USERNAME}" -c "CREATE USER ${USER} WITH PASSWORD '${PASSWORD}';"
+
+    # create database
+    psql -U "${ADMIN_USERNAME}" -c "CREATE DATABASE ${DATABASE} OWNER ${USER};"
+
+} >/dev/null 2>&1
+
+# print details
+echo "database: ${DATABASE}"
+echo "username: ${USER}"
+echo "password: ${PASSWORD}"

resources/pre-upgrade.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+set -o pipefail
+
+pg_dumpall -U postgres -f "${PGDATA}"/postgresqlFullBackup.dump

resources/startup.sh

@@ -0,0 +1,120 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+set -o pipefail
+
+function mask2cidr() {
+  NBITS=0
+  IFS=.
+  for DEC in $1 ; do
+    case $DEC in
+      255) let NBITS+=8;;
+      254) let NBITS+=7 ; break ;;
+      252) let NBITS+=6 ; break ;;
+      248) let NBITS+=5 ; break ;;
+      240) let NBITS+=4 ; break ;;
+      224) let NBITS+=3 ; break ;;
+      192) let NBITS+=2 ; break ;;
+      128) let NBITS+=1 ; break ;;
+      0);;
+      *) echo "Error: ${DEC} is not recognised"; exit 1
+    esac
+  done
+  echo "${NBITS}"
+}
+
+function create_hba() {
+  echo '# generated, do not override'
+  echo '# "local" is for Unix domain socket connections only'
+  echo 'local   all             all                                     trust'
+  echo '# IPv4 local connections:'
+  echo 'host    all             all             127.0.0.1/32            trust'
+  echo '# IPv6 local connections:'
+  echo 'host    all             all             ::1/128                 trust'
+  echo '# container networks'
+  for NETWITHMASK in $(netstat -nr | tail -n +3 | grep -v '^0' | awk '{print $1"/"$3}'); do
+    NET=$(echo "${NETWITHMASK}" | awk -F'/' '{print $1}')
+    MASK=$(echo "${NETWITHMASK}" | awk -F'/' '{print $2}')
+    CIDR=$(mask2cidr "$MASK")
+    echo "host    all             all             ${NET}/${CIDR}  password"
+  done
+}
+
+function initializePostgreSQL() {
+
+    # set stage for health check
+    doguctl state installing
+
+    # install database
+    gosu postgres initdb
+
+    # postgres user
+    POSTGRES_USER="postgres"
+
+    # store the user
+    doguctl config user "${POSTGRES_USER}"
+
+    # create random password
+    POSTGRES_PASSWORD=$(doguctl random)
+
+    # store the password encrypted
+    doguctl config -e password "${POSTGRES_PASSWORD}"
+
+    # open port
+    sed -ri "s/^#(listen_addresses\s*=\s*)\S+/\1'*'/" "$PGDATA"/postgresql.conf
+
+    # set generated password
+    echo "ALTER USER ${POSTGRES_USER} WITH SUPERUSER PASSWORD '${POSTGRES_PASSWORD}';" | 2>/dev/null 1>&2 gosu postgres postgres --single -jE
+
+    # create /run/postgresql
+    mkdir -p /run/postgresql
+    chown postgres:postgres /run/postgresql
+
+    # generate pg_hba.conf
+    create_hba > "${PGDATA}"/pg_hba.conf
+}
+
+function waitForPostgreSQLStartup() {
+  while ! pg_isready > /dev/null; do
+    # Postgres is not ready yet to accept connections
+    sleep 0.1
+  done
+}
+
+function waitForPostgreSQLShutdown() {
+  while pgrep -x postgres > /dev/null ; do
+    # Postgres is still running
+    sleep 0.1
+  done
+}
+
+chown -R postgres "$PGDATA"
+if [ -z "$(ls -A "$PGDATA")" ]; then
+  initializePostgreSQL
+elif [ -e "${PGDATA}"/postgresqlFullBackup.dump ]; then
+  # Moving backup and emptying PGDATA directory
+  mv "${PGDATA}"/postgresqlFullBackup.dump /tmp/postgresqlFullBackup.dump
+  # New PostgreSQL version requires completely empty folder
+  rm -rf "${PGDATA:?}"/*
+  rm -rf "${PGDATA:?}"/.[^.] .??*
+
+  initializePostgreSQL
+
+  echo "Restoring database dump..."
+  # Start postgres to restore backup
+  gosu postgres postgres &
+  PID=$!
+  waitForPostgreSQLStartup
+  # Restore backup
+  psql -U postgres -f /tmp/postgresqlFullBackup.dump postgres
+  rm /tmp/postgresqlFullBackup.dump
+  # Kill postgres
+  kill ${PID}
+  waitForPostgreSQLShutdown
+fi
+
+# set stage for health check
+doguctl state ready
+
+# start database
+exec gosu postgres postgres

spec/goss/goss.yaml

@@ -0,0 +1,35 @@
+file:
+  /create-sa.sh:
+    exists: true
+    mode: "0755"
+    owner: root
+    group: root
+    filetype: file
+  /startup.sh:
+    exists: true
+    mode: "0755"
+    owner: root
+    group: root
+    filetype: file
+  /usr/local/bin/gosu:
+    exists: true
+    mode: "0755"
+    owner: root
+    group: root
+    filetype: file
+  /var/lib/postgresql:
+    exists: true
+    mode: "0700"
+    owner: postgres
+    filetype: directory
+package:
+  postgresql:
+    installed: true
+port:
+  tcp:5432:
+    listening: true
+    ip:
+    - 0.0.0.0
+process:
+  postgres:
+    running: true