rpi-postgres/start at master · tacoman667/rpi-postgres · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
#!/bin/bash

# Props to https://github.com/whatever4711/rpi-postgresql
# I needed to borrow this for mine

set -e

# set this env variable to true to enable a line in the
# pg_hba.conf file to trust samenet.  this can be used to connect
# from other containers on the same host without authentication
PSQL_TRUST_LOCALNET=${PSQL_TRUST_LOCALNET:-false}

DB_NAME=${DB_NAME:-}
DB_USER=${DB_USER:-}
DB_PASS=${DB_PASS:-}
DB_UNACCENT=${DB_UNACCENT:false}

# by default postgresql will start up as a standalone instance.
# set this environment variable to master, slave or snapshot to use replication features.
# "snapshot" will create a point in time backup of a master instance.
PSQL_MODE=${PSQL_MODE:-standalone}

REPLICATION_USER=${REPLICATION_USER:-}
REPLICATION_PASS=${REPLICATION_PASS:-}
REPLICATION_HOST=${REPLICATION_HOST:-}
REPLICATION_PORT=${REPLICATION_PORT:-5432}

# set this env variable to "require" to enable encryption and "verify-full" for verification.
PSQL_SSLMODE=${PSQL_SSLMODE:-disable}

## Adapt uid and gid for ${PG_USER}:${PG_USER}
USERMAP_ORIG_UID=$(id -u ${PG_USER})
USERMAP_ORIG_GID=$(id -g ${PG_USER})
USERMAP_GID=${USERMAP_GID:-${USERMAP_UID:-$USERMAP_ORIG_GID}}
USERMAP_UID=${USERMAP_UID:-$USERMAP_ORIG_UID}
if [[ ${USERMAP_UID} != ${USERMAP_ORIG_UID} ]] || [[ ${USERMAP_GID} != ${USERMAP_ORIG_GID} ]]; then
  echo "Adapting uid and gid for ${PG_USER}:${PG_USER} to $USERMAP_UID:$USERMAP_GID"
  groupmod -g ${USERMAP_GID} ${PG_USER}
  sed -i -e "s/:${USERMAP_ORIG_UID}:${USERMAP_GID}:/:${USERMAP_UID}:${USERMAP_GID}:/" /etc/passwd
fi

# fix ownership of ${PG_CONFDIR} (may be necessary if USERMAP_* was set)
chown -R ${PG_USER}:${PG_USER} ${PG_CONFDIR}

# fix permissions and ownership of ${PG_HOME}
mkdir -p -m 0700 ${PG_HOME}
chown -R ${PG_USER}:${PG_USER} ${PG_HOME}

# fix permissions and ownership of /run/postgresql
mkdir -p -m 0755 /run/postgresql /run/postgresql/${PG_VERSION}-main.pg_stat_tmp
chown -R ${PG_USER}:${PG_USER} /run/postgresql
chmod g+s /run/postgresql

if [[ ${PSQL_SSLMODE} == disable ]]; then
  sed 's/ssl = true/#ssl = true/' -i ${PG_CONFDIR}/postgresql.conf
fi

# Change DSM from `posix' to `sysv' if we are inside an lx-brand container
if [[ $(uname -v) == "BrandZ virtual linux" ]]; then
  sed 's/\(dynamic_shared_memory_type = \)posix/\1sysv/' \
    -i ${PG_CONFDIR}/postgresql.conf
fi

# listen on all interfaces
cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
listen_addresses = '*'
EOF

if [[ ${PSQL_TRUST_LOCALNET} == true ]]; then
  echo "Enabling trust samenet in pg_hba.conf..."
  cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
host    all             all             samenet                 trust
EOF
fi

# allow remote connections to postgresql database
cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
host    all             all             0.0.0.0/0               md5
EOF

# allow replication connections to the database
if [[ -n ${REPLICATION_USER} ]]; then
  if [[ ${PSQL_SSLMODE} == disable ]]; then
    cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
host    replication     $REPLICATION_USER       0.0.0.0/0               md5
EOF
  else
    cat >> ${PG_CONFDIR}/pg_hba.conf <<EOF
hostssl replication     $REPLICATION_USER       0.0.0.0/0               md5
EOF
  fi
fi

if [[ ${PSQL_MODE} == master ]]; then
  if [[ -n ${REPLICATION_USER} ]]; then
    echo "Supporting hot standby..."
    cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
wal_level = hot_standby
max_wal_senders = 3
checkpoint_segments = 8
wal_keep_segments = 8
EOF
  fi
fi

cd ${PG_HOME}

# initialize PostgreSQL data directory
if [[ ! -d ${PG_DATADIR} ]]; then
  if [[ ${PSQL_MODE} == slave || ${PSQL_MODE} == snapshot ]]; then
    echo "Replicating database..."
    if [[ ${PSQL_MODE} == snapshot ]]; then
      sudo -Hu ${PG_USER} \
        PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
        -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -w -x -v -P
    elif [[ ${PSQL_MODE} == slave ]]; then
      # Setup streaming replication.
      sudo -Hu ${PG_USER} \
        PGPASSWORD=$REPLICATION_PASS ${PG_BINDIR}/pg_basebackup -D ${PG_DATADIR} \
        -h ${REPLICATION_HOST} -p ${REPLICATION_PORT} -U ${REPLICATION_USER} -w -v -P
      echo "Setting up hot standby configuration..."
      cat >> ${PG_CONFDIR}/postgresql.conf <<EOF
hot_standby = on
EOF
      sudo -Hu ${PG_USER} touch ${PG_DATADIR}/recovery.conf
      cat >> ${PG_DATADIR}/recovery.conf <<EOF
standby_mode = 'on'
primary_conninfo = 'host=${REPLICATION_HOST} port=${REPLICATION_PORT} user=${REPLICATION_USER} password=${REPLICATION_PASS} sslmode=${PSQL_SSLMODE}'
trigger_file = '/tmp/postgresql.trigger'
EOF
    fi

  else
    # check if we need to perform data migration
    PG_OLD_VERSION=$(find ${PG_HOME}/[0-9].[0-9]/main -maxdepth 1 -name PG_VERSION 2>/dev/null | sort -r | head -n1 | cut -d'/' -f5)

    echo "Initializing database..."
    sudo -Hu ${PG_USER} ${PG_BINDIR}/initdb --pgdata=${PG_DATADIR} \
      --username=${PG_USER} --encoding=unicode --auth=trust >/dev/null
  fi
fi

if [[ -n ${PG_OLD_VERSION} ]]; then
  echo "Migrating postgresql ${PG_OLD_VERSION} data..."
  PG_OLD_CONFDIR="/etc/postgresql/${PG_OLD_VERSION}/main"
  PG_OLD_BINDIR="/usr/lib/postgresql/${PG_OLD_VERSION}/bin"
  PG_OLD_DATADIR="${PG_HOME}/${PG_OLD_VERSION}/main"

  # backup ${PG_OLD_DATADIR} to avoid data loss
  PG_BKP_SUFFIX=$(date +%Y%m%d%H%M%S)
  echo "Backing up ${PG_OLD_DATADIR} to ${PG_OLD_DATADIR}.${PG_BKP_SUFFIX}..."
  cp -a ${PG_OLD_DATADIR} ${PG_OLD_DATADIR}.${PG_BKP_SUFFIX}

  echo "Installing postgresql-${PG_OLD_VERSION}..."
  apt-get update
  apt-get install postgresql-${PG_OLD_VERSION} postgresql-client-${PG_OLD_VERSION}
  rm -rf /var/lib/apt/lists/*

  # migrate ${PG_OLD_VERSION} data
  echo "Migration in progress. This could take a while, please be patient..."
  sudo -Hu ${PG_USER} ${PG_BINDIR}/pg_upgrade \
    -b ${PG_OLD_BINDIR} -B ${PG_BINDIR} \
    -d ${PG_OLD_DATADIR} -D ${PG_DATADIR} \
    -o "-c config_file=${PG_OLD_CONFDIR}/postgresql.conf" \
    -O "-c config_file=${PG_CONFDIR}/postgresql.conf" >/dev/null
fi

# Hot standby (slave and snapshot) servers can ignore the following code.
if [[ ${PSQL_MODE} == standalone || ${PSQL_MODE} == master ]]; then
  if [[ -n ${REPLICATION_USER} ]]; then
    if [[ -z ${REPLICATION_PASS} ]]; then
      echo ""
      echo "WARNING: "
      echo "  Please specify a password for replication user \"${REPLICATION_USER}\". Skipping user creation..."
      echo ""
      DB_USER=
    else
      echo "Creating user \"${REPLICATION_USER}\"..."
      echo "CREATE ROLE ${REPLICATION_USER} WITH REPLICATION LOGIN ENCRYPTED PASSWORD '${REPLICATION_PASS}';" |
        sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
    fi
  fi

  if [[ -n ${DB_USER} ]]; then
    if [[ -z ${DB_PASS} ]]; then
      echo ""
      echo "WARNING: "
      echo "  Please specify a password for \"${DB_USER}\". Skipping user creation..."
      echo ""
      DB_USER=
    else
      echo "Creating user \"${DB_USER}\"..."
      echo "CREATE ROLE ${DB_USER} with LOGIN CREATEDB PASSWORD '${DB_PASS}';" |
        sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
    fi
  fi

  if [[ -n ${DB_NAME} ]]; then
    for db in $(awk -F',' '{for (i = 1 ; i <= NF ; i++) print $i}' <<< "${DB_NAME}"); do
      echo "Creating database \"${db}\"..."
      echo "CREATE DATABASE ${db};" | \
        sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
          -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null

      if [[ ${DB_UNACCENT} == true ]]; then
        echo "Installing unaccent extension..."
        echo "CREATE EXTENSION IF NOT EXISTS unaccent;" | \
          sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single ${db} \
            -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
      fi

      if [[ -n ${DB_USER} ]]; then
        echo "Granting access to database \"${db}\" for user \"${DB_USER}\"..."
        echo "GRANT ALL PRIVILEGES ON DATABASE ${db} to ${DB_USER};" |
          sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
            -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
      fi
    done
  fi
fi

echo "Starting PostgreSQL server..."
exec start-stop-daemon --start --chuid ${PG_USER}:${PG_USER} --exec ${PG_BINDIR}/postgres -- \
  -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf