github.com/rkt/rkt@v1.30.1-0.20200224141603-171c416fac02/Documentation/examples/build-container/postgres/postgres-prestart.sh

github.com/rkt/rkt@v1.30.1-0.20200224141603-171c416fac02/Documentation/examples/build-container/postgres/postgres-prestart.sh (about)

     1  #!/bin/bash
     2  
     3  # Adapted from
     4  # https://github.com/docker-library/postgres/blob/b84ddd1/10/docker-entrypoint.sh
     5  # which is under MIT license.
     6  #
     7  # We don't do `exec "$@"` at the end because this script will be executed as a
     8  # pre-start hook (see `acbuild --debug set-event-handler pre-start` in
     9  # `build-postgres.sh`)
    10  
    11  set -e
    12  
    13  # usage: file_env VAR [DEFAULT]
    14  #    ie: file_env 'XYZ_DB_PASSWORD' 'example'
    15  # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
    16  #  "$XYZ_DB_PASSWORD" from a file)
    17  file_env() {
    18  	local var="$1"
    19  	local fileVar="${var}_FILE"
    20  	local def="${2:-}"
    21  	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
    22  		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
    23  		exit 1
    24  	fi
    25  	local val="$def"
    26  	if [ "${!var:-}" ]; then
    27  		val="${!var}"
    28  	elif [ "${!fileVar:-}" ]; then
    29  		val="$(< "${!fileVar}")"
    30  	fi
    31  	export "$var"="$val"
    32  	unset "$fileVar"
    33  }
    34  
    35  if [ "${1:0:1}" = '-' ]; then
    36  	set -- postgres "$@"
    37  fi
    38  
    39  # allow the container to be started with `--user`
    40  if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
    41  	mkdir -p "$PGDATA"
    42  	chown -R postgres "$PGDATA"
    43  	chmod 700 "$PGDATA"
    44  
    45  	mkdir -p /var/run/postgresql
    46  	chown -R postgres /var/run/postgresql
    47  	chmod 775 /var/run/postgresql
    48  
    49  	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
    50  	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
    51  		mkdir -p "$POSTGRES_INITDB_XLOGDIR"
    52  		chown -R postgres "$POSTGRES_INITDB_XLOGDIR"
    53  		chmod 700 "$POSTGRES_INITDB_XLOGDIR"
    54  	fi
    55  
    56  	exec su postgres -c ""$BASH_SOURCE" "$@""
    57  fi
    58  
    59  if [ "$1" = 'postgres' ]; then
    60  	mkdir -p "$PGDATA"
    61  	chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
    62  	chmod 700 "$PGDATA" 2>/dev/null || :
    63  
    64  	# look specifically for PG_VERSION, as it is expected in the DB dir
    65  	if [ ! -s "$PGDATA/PG_VERSION" ]; then
    66  		file_env 'POSTGRES_INITDB_ARGS'
    67  		if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
    68  			export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
    69  		fi
    70  		eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
    71  
    72  		# check password first so we can output the warning before postgres
    73  		# messes it up
    74  		file_env 'POSTGRES_PASSWORD'
    75  		if [ "$POSTGRES_PASSWORD" ]; then
    76  			pass="PASSWORD '$POSTGRES_PASSWORD'"
    77  			authMethod=md5
    78  		else
    79  			# The - option suppresses leading tabs but *not* spaces. :)
    80  			cat >&2 <<-'EOWARN'
    81  				****************************************************
    82  				WARNING: No password has been set for the database.
    83  				         This will allow anyone with access to the
    84  				         Postgres port to access your database. In
    85  				         rkt's default configuration, this is
    86  				         effectively any other container on the same
    87  				         system.
    88  				         Use "--set-env POSTGRES_PASSWORD=password" to set
    89  				         it in "rkt run".
    90  				****************************************************
    91  			EOWARN
    92  
    93  			pass=
    94  			authMethod=trust
    95  		fi
    96  
    97  		{
    98  			echo
    99  			echo "host all all all $authMethod"
   100  		} >> "$PGDATA/pg_hba.conf"
   101  
   102  		# internal start of server in order to allow set-up using psql-client
   103  		# does not listen on external TCP/IP and waits until start finishes
   104  		PGUSER="${PGUSER:-postgres}" \
   105  		pg_ctl -D "$PGDATA" \
   106  			-o "-c listen_addresses='localhost'" \
   107  			-w start
   108  
   109  		file_env 'POSTGRES_USER' 'postgres'
   110  		file_env 'POSTGRES_DB' "$POSTGRES_USER"
   111  
   112  		psql=( psql -v ON_ERROR_STOP=1 )
   113  
   114  		if [ "$POSTGRES_DB" != 'postgres' ]; then
   115  			"${psql[@]}" --username postgres <<-EOSQL
   116  				CREATE DATABASE "$POSTGRES_DB" ;
   117  			EOSQL
   118  			echo
   119  		fi
   120  
   121  		if [ "$POSTGRES_USER" = 'postgres' ]; then
   122  			op='ALTER'
   123  		else
   124  			op='CREATE'
   125  		fi
   126  		"${psql[@]}" --username postgres <<-EOSQL
   127  			$op USER "$POSTGRES_USER" WITH SUPERUSER $pass ;
   128  		EOSQL
   129  		echo
   130  
   131  		psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" )
   132  
   133  		if [ -f /customize.sql ]; then
   134  			echo "Using file /customize.sql to configure database"
   135  			"${psql[@]}" -f /customize.sql
   136  		fi
   137  
   138  		PGUSER="${PGUSER:-postgres}" \
   139  		pg_ctl -D "$PGDATA" -m fast -w stop
   140  
   141  		# configure postgres to listen on every interface
   142  		sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /var/lib/postgresql/data/postgresql.conf
   143  
   144  		echo
   145  		echo 'PostgreSQL init process complete; ready for start up.'
   146  		echo
   147  	fi
   148  fi