From 695160e45d278b9630df6139256f6f734a7fb736 Mon Sep 17 00:00:00 2001 From: Thibault Jamet Date: Thu, 15 Mar 2018 14:10:14 +0100 Subject: [PATCH 1/2] Add healthcheck Add a customizable healthcheck This healthcheck consists of 3 steps: - Check if the entrypoint script is still running - Check if postgres is ready to accept connections - Check if postgres can respond to a query Every step is logged and can be investigated. Signed-off-by: Thibault Jamet --- Dockerfile-alpine.template | 3 ++- Dockerfile-debian.template | 3 ++- docker-common.sh | 25 +++++++++++++++++++ docker-entrypoint.sh | 26 ++++---------------- docker-healthcheck.sh | 50 ++++++++++++++++++++++++++++++++++++++ update.sh | 4 +-- 6 files changed, 86 insertions(+), 25 deletions(-) create mode 100644 docker-common.sh create mode 100755 docker-healthcheck.sh diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index a302b4f8bb..d902a3c60f 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -144,9 +144,10 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-*.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +HEALTHCHECK CMD ["docker-healthcheck.sh"] EXPOSE 5432 CMD ["postgres"] diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index a66cab06c1..9b1042ae32 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -126,9 +126,10 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-*.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +HEALTHCHECK CMD ["docker-healthcheck.sh"] EXPOSE 5432 CMD ["postgres"] diff --git a/docker-common.sh b/docker-common.sh new file mode 100644 index 0000000000..f47406d0c0 --- /dev/null +++ b/docker-common.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +LOCK_PATH=/tmp/docker-entrypoint.lock + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index a30e6f759a..a4b07b67e9 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,27 +1,10 @@ #!/usr/bin/env bash set -e +source /usr/local/bin/docker-common.sh -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} +if [ "$(id -u)" != '0' ]; then + touch ${LOCK_PATH} +fi if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" @@ -142,4 +125,5 @@ if [ "$1" = 'postgres' ]; then fi fi +rm -f ${LOCK_PATH} > /dev/null || : exec "$@" diff --git a/docker-healthcheck.sh b/docker-healthcheck.sh new file mode 100755 index 0000000000..ae42ee6003 --- /dev/null +++ b/docker-healthcheck.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +source /usr/local/bin/docker-common.sh + +# docker-entrypoint starts an postgres temporarily +# ensure the entrypoint script is over +if [ -e ${LOCK_PATH} ]; then + echo "Entrypoint is still running" + exit 1 +fi + +echo "Entrypoint has finished" + +file_env 'POSTGRES_USER' 'postgres' +file_env 'POSTGRES_DB' "$POSTGRES_USER" +file_env 'POSTGRES_PASSWORD' +file_env 'POSTGRES_HEALTH_QUERY' "SELECT 'uptime: ' || now() - pg_postmaster_start_time();" + +pg_isready=(pg_isready) + +if [ "${POSTGRES_USER}" != "" ]; then + pg_isready+=(--username "${POSTGRES_USER}") +fi + +if [ "${POSTGRES_DB}" != "" ]; then + pg_isready+=(--dbname "${POSTGRES_DB}") +fi + +${pg_isready[@]} || exit 1 + +echo "Postgres accepts connections" + +if [ "${POSTGRES_HEALTH_QUERY}" != "" ]; then + health=(psql -t -v ON_ERROR_STOP=1) + + if [ "${POSTGRES_USER}" != "" ]; then + health+=(--username "${POSTGRES_USER}") + fi + + if [ "${POSTGRES_PASSWORD}" != "" ]; then + export PGPASWORD=${POSTGRES_PASSWORD} + fi + + if [ "${POSTGRES_DB}" != "" ]; then + health+=(--dbname "${POSTGRES_DB}") + fi + echo ${POSTGRES_HEALTH_QUERY} | ${health[@]} || exit 1 + echo "Health query succeed" +fi + +exit 0 diff --git a/update.sh b/update.sh index cc8df80244..814b159de8 100755 --- a/update.sh +++ b/update.sh @@ -47,7 +47,7 @@ for version in "${versions[@]}"; do ( set -x - cp docker-entrypoint.sh "$version/" + cp docker-*.sh "$version/" sed -e 's/%%PG_MAJOR%%/'"$version"'/g;' \ -e 's/%%PG_VERSION%%/'"$fullVersion"'/g' \ -e 's/%%DEBIAN_SUITE%%/'"$suite"'/g' \ @@ -78,7 +78,7 @@ for version in "${versions[@]}"; do fi ( set -x - cp docker-entrypoint.sh "$version/$variant/" + cp docker-*.sh "$version/$variant/" sed -i 's/gosu/su-exec/g' "$version/$variant/docker-entrypoint.sh" sed -e 's/%%PG_MAJOR%%/'"$version"'/g' \ -e 's/%%PG_VERSION%%/'"$srcVersion"'/g' \ From 52b6d80bfc394fdb6bb0e2bc7f6143bdd2f77ed3 Mon Sep 17 00:00:00 2001 From: Thibault Jamet Date: Thu, 15 Mar 2018 14:44:40 +0100 Subject: [PATCH 2/2] Update all images with new template Signed-off-by: Thibault Jamet --- 10/Dockerfile | 3 +- 10/alpine/Dockerfile | 3 +- 10/alpine/docker-common.sh | 25 ++++++++++++++++ 10/alpine/docker-entrypoint.sh | 26 ++++------------ 10/alpine/docker-healthcheck.sh | 50 +++++++++++++++++++++++++++++++ 10/docker-common.sh | 25 ++++++++++++++++ 10/docker-entrypoint.sh | 26 ++++------------ 10/docker-healthcheck.sh | 50 +++++++++++++++++++++++++++++++ 9.3/Dockerfile | 3 +- 9.3/alpine/.Dockerfile.swp | Bin 0 -> 16384 bytes 9.3/alpine/Dockerfile | 3 +- 9.3/alpine/docker-common.sh | 25 ++++++++++++++++ 9.3/alpine/docker-entrypoint.sh | 26 ++++------------ 9.3/alpine/docker-healthcheck.sh | 50 +++++++++++++++++++++++++++++++ 9.3/docker-common.sh | 25 ++++++++++++++++ 9.3/docker-entrypoint.sh | 26 ++++------------ 9.3/docker-healthcheck.sh | 50 +++++++++++++++++++++++++++++++ 9.4/Dockerfile | 3 +- 9.4/alpine/Dockerfile | 3 +- 9.4/alpine/docker-common.sh | 25 ++++++++++++++++ 9.4/alpine/docker-entrypoint.sh | 26 ++++------------ 9.4/alpine/docker-healthcheck.sh | 50 +++++++++++++++++++++++++++++++ 9.4/docker-common.sh | 25 ++++++++++++++++ 9.4/docker-entrypoint.sh | 26 ++++------------ 9.4/docker-healthcheck.sh | 50 +++++++++++++++++++++++++++++++ 9.5/Dockerfile | 3 +- 9.5/alpine/Dockerfile | 3 +- 9.5/alpine/docker-common.sh | 25 ++++++++++++++++ 9.5/alpine/docker-entrypoint.sh | 26 ++++------------ 9.5/alpine/docker-healthcheck.sh | 50 +++++++++++++++++++++++++++++++ 9.5/docker-common.sh | 25 ++++++++++++++++ 9.5/docker-entrypoint.sh | 26 ++++------------ 9.5/docker-healthcheck.sh | 50 +++++++++++++++++++++++++++++++ 9.6/Dockerfile | 3 +- 9.6/alpine/Dockerfile | 3 +- 9.6/alpine/docker-common.sh | 25 ++++++++++++++++ 9.6/alpine/docker-entrypoint.sh | 26 ++++------------ 9.6/alpine/docker-healthcheck.sh | 50 +++++++++++++++++++++++++++++++ 9.6/docker-common.sh | 25 ++++++++++++++++ 9.6/docker-entrypoint.sh | 26 ++++------------ 9.6/docker-healthcheck.sh | 50 +++++++++++++++++++++++++++++++ 41 files changed, 820 insertions(+), 220 deletions(-) create mode 100644 10/alpine/docker-common.sh create mode 100755 10/alpine/docker-healthcheck.sh create mode 100644 10/docker-common.sh create mode 100755 10/docker-healthcheck.sh create mode 100644 9.3/alpine/.Dockerfile.swp create mode 100644 9.3/alpine/docker-common.sh create mode 100755 9.3/alpine/docker-healthcheck.sh create mode 100644 9.3/docker-common.sh create mode 100755 9.3/docker-healthcheck.sh create mode 100644 9.4/alpine/docker-common.sh create mode 100755 9.4/alpine/docker-healthcheck.sh create mode 100644 9.4/docker-common.sh create mode 100755 9.4/docker-healthcheck.sh create mode 100644 9.5/alpine/docker-common.sh create mode 100755 9.5/alpine/docker-healthcheck.sh create mode 100644 9.5/docker-common.sh create mode 100755 9.5/docker-healthcheck.sh create mode 100644 9.6/alpine/docker-common.sh create mode 100755 9.6/alpine/docker-healthcheck.sh create mode 100644 9.6/docker-common.sh create mode 100755 9.6/docker-healthcheck.sh diff --git a/10/Dockerfile b/10/Dockerfile index 8804367ba8..5bf7be268a 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -125,9 +125,10 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-*.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +HEALTHCHECK CMD ["docker-healthcheck.sh"] EXPOSE 5432 CMD ["postgres"] diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index bef2ba0b8e..bbf4982c9d 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -142,9 +142,10 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-*.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +HEALTHCHECK CMD ["docker-healthcheck.sh"] EXPOSE 5432 CMD ["postgres"] diff --git a/10/alpine/docker-common.sh b/10/alpine/docker-common.sh new file mode 100644 index 0000000000..f47406d0c0 --- /dev/null +++ b/10/alpine/docker-common.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +LOCK_PATH=/tmp/docker-entrypoint.lock + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index ffd2ed501c..333cecb9c1 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -1,27 +1,10 @@ #!/usr/bin/env bash set -e +source /usr/local/bin/docker-common.sh -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} +if [ "$(id -u)" != '0' ]; then + touch ${LOCK_PATH} +fi if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" @@ -142,4 +125,5 @@ if [ "$1" = 'postgres' ]; then fi fi +rm -f ${LOCK_PATH} > /dev/null || : exec "$@" diff --git a/10/alpine/docker-healthcheck.sh b/10/alpine/docker-healthcheck.sh new file mode 100755 index 0000000000..ae42ee6003 --- /dev/null +++ b/10/alpine/docker-healthcheck.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +source /usr/local/bin/docker-common.sh + +# docker-entrypoint starts an postgres temporarily +# ensure the entrypoint script is over +if [ -e ${LOCK_PATH} ]; then + echo "Entrypoint is still running" + exit 1 +fi + +echo "Entrypoint has finished" + +file_env 'POSTGRES_USER' 'postgres' +file_env 'POSTGRES_DB' "$POSTGRES_USER" +file_env 'POSTGRES_PASSWORD' +file_env 'POSTGRES_HEALTH_QUERY' "SELECT 'uptime: ' || now() - pg_postmaster_start_time();" + +pg_isready=(pg_isready) + +if [ "${POSTGRES_USER}" != "" ]; then + pg_isready+=(--username "${POSTGRES_USER}") +fi + +if [ "${POSTGRES_DB}" != "" ]; then + pg_isready+=(--dbname "${POSTGRES_DB}") +fi + +${pg_isready[@]} || exit 1 + +echo "Postgres accepts connections" + +if [ "${POSTGRES_HEALTH_QUERY}" != "" ]; then + health=(psql -t -v ON_ERROR_STOP=1) + + if [ "${POSTGRES_USER}" != "" ]; then + health+=(--username "${POSTGRES_USER}") + fi + + if [ "${POSTGRES_PASSWORD}" != "" ]; then + export PGPASWORD=${POSTGRES_PASSWORD} + fi + + if [ "${POSTGRES_DB}" != "" ]; then + health+=(--dbname "${POSTGRES_DB}") + fi + echo ${POSTGRES_HEALTH_QUERY} | ${health[@]} || exit 1 + echo "Health query succeed" +fi + +exit 0 diff --git a/10/docker-common.sh b/10/docker-common.sh new file mode 100644 index 0000000000..f47406d0c0 --- /dev/null +++ b/10/docker-common.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +LOCK_PATH=/tmp/docker-entrypoint.lock + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index a30e6f759a..a4b07b67e9 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -1,27 +1,10 @@ #!/usr/bin/env bash set -e +source /usr/local/bin/docker-common.sh -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} +if [ "$(id -u)" != '0' ]; then + touch ${LOCK_PATH} +fi if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" @@ -142,4 +125,5 @@ if [ "$1" = 'postgres' ]; then fi fi +rm -f ${LOCK_PATH} > /dev/null || : exec "$@" diff --git a/10/docker-healthcheck.sh b/10/docker-healthcheck.sh new file mode 100755 index 0000000000..ae42ee6003 --- /dev/null +++ b/10/docker-healthcheck.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +source /usr/local/bin/docker-common.sh + +# docker-entrypoint starts an postgres temporarily +# ensure the entrypoint script is over +if [ -e ${LOCK_PATH} ]; then + echo "Entrypoint is still running" + exit 1 +fi + +echo "Entrypoint has finished" + +file_env 'POSTGRES_USER' 'postgres' +file_env 'POSTGRES_DB' "$POSTGRES_USER" +file_env 'POSTGRES_PASSWORD' +file_env 'POSTGRES_HEALTH_QUERY' "SELECT 'uptime: ' || now() - pg_postmaster_start_time();" + +pg_isready=(pg_isready) + +if [ "${POSTGRES_USER}" != "" ]; then + pg_isready+=(--username "${POSTGRES_USER}") +fi + +if [ "${POSTGRES_DB}" != "" ]; then + pg_isready+=(--dbname "${POSTGRES_DB}") +fi + +${pg_isready[@]} || exit 1 + +echo "Postgres accepts connections" + +if [ "${POSTGRES_HEALTH_QUERY}" != "" ]; then + health=(psql -t -v ON_ERROR_STOP=1) + + if [ "${POSTGRES_USER}" != "" ]; then + health+=(--username "${POSTGRES_USER}") + fi + + if [ "${POSTGRES_PASSWORD}" != "" ]; then + export PGPASWORD=${POSTGRES_PASSWORD} + fi + + if [ "${POSTGRES_DB}" != "" ]; then + health+=(--dbname "${POSTGRES_DB}") + fi + echo ${POSTGRES_HEALTH_QUERY} | ${health[@]} || exit 1 + echo "Health query succeed" +fi + +exit 0 diff --git a/9.3/Dockerfile b/9.3/Dockerfile index 3f8b5c0807..c52456c412 100644 --- a/9.3/Dockerfile +++ b/9.3/Dockerfile @@ -126,9 +126,10 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-*.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +HEALTHCHECK CMD ["docker-healthcheck.sh"] EXPOSE 5432 CMD ["postgres"] diff --git a/9.3/alpine/.Dockerfile.swp b/9.3/alpine/.Dockerfile.swp new file mode 100644 index 0000000000000000000000000000000000000000..3b3c5cc45a8baf4608d07d2c76ea277ef3cede04 GIT binary patch literal 16384 zcmeHOS!^Un8SVr^a1ICwFYrQb+r;*=-93lr@FY&;*v{@I>$T-0i2#K|2nj)mcwj+D2#5p=yhTF5_g8n%;q_kR z1w~`&^GsL&b^Z0%e^rfDc;M(VtLp^?f43;g!_hY$e$o1ka_EWp;Q> z1pEJOfKCf^FR)E-e~Ps9W5W#^4&O0EWE(9vZYP#*2OYx+>}?)to@+&Bv}=Tch+7dC z#;jg8OfPhOZY)ZYrt9%b^)-4o;=qUl0~|==rdGdMDVK_JtBFyg>loda=rt?~pWd2Ke)X7+i_p3k>s&&RUQ)}Hs-l|9SlXr*|vL zYrwC8uK*{3JAuExOHp0`o&yr#PT(fs{LPB;1K|6>=YXexyMXI}f83-fe+PaF`~>(8 z@EouXtN~Tv_ctoa?|@$bKL?%#o&uf#xU|pCEyTn3ve@VZcI^r z1-t^h2z(QG9(Wq~3~&Z$0}lc#z#O0fV}JsD_nnIJb>JD`Dc~&70UidHf%|}4fgfG3 zD93^K0O#MKD1QWA16~Hc415v@fEKU}+yuOEouW(vUwylxd>+^VP67*n0UQKw0ImmK zN7Ch4;9p42=m4$JU-HDvRm;-Y?YA@Br3l%iv13L?l=!{t6{o#PMi(($-}VxR8)0k9 z4*aIu+Ul5oVtRU8_j#9{P^b;FyUiviifnFf#41nMy?;wNjziHf4AT#MVRv+gTdwKrLDZs)DMq;6((-F4r@aA|>GU>^ILAE} zs$qm?Y`1Y&rBc+u7P>g23A(Ei3(fU4Oi`BTvh1s%MDHZL)Y=zef zmeVwA)q1^FD%Py}Y*QI$N$8j{XX^fZjRUqH_f$63q0zX0i!I90P0O{j9cCmVlDBU9 zlcI%9*EZ@fEo$~@0wF>zNnD3Wrs*F^K*!wX%=JZVdfrf(c8aMJQ+^l)_OvSBjA>dJ zK}OEZ$$sS(q5OrFxSlhoPPF`FKC;_s1vIZ4sqiHc&s*=dc+9jFmcGzMVzJ45-LMS0 zFn3JfH`_Yek}GG^;$+lv6+P4S^8!?-MW{Jtr&P1dX1!RbS=Dl(Qm@*x)skJP)Oe{> zoSCgw%2?aUi;SX`a3S8zIAjA?JCbq6&xD?9yRo;M3x}D+0ZlgNPdYNwck%*amjdDh3C2TYao@@o>EdRqfpwX3NcM@sjkz7ua%kG=gh#tH=7Oa@P zaNG!;2k5jXxkC*@!sss8K21VvM5Y~Qy`s15TW1?>GA+DFgBT&V+t^nVE9>j4Tbr9l z7q`}r%$F)vc5qV&zu%1@MpjPBRZD2SLEUm2{T{)g{kT%Y+Ducvd?m}Idc%D(JR9G{JQc-Yt zY`UI6Q~B1W`AfdCDH=a?Bn^N6Aws{9b~uYML;LLzFUFGC^>CHXPtIgT<6~p7?e!nR z-MAh2<-G+1&pgV>$Hqc>a6?;z>5^0Ksfh;T#L@;^1qo*3BoK(Bs|$_B8c1EiB7Qo7 z961d7l4@_vuQISaCYh&ZFVY+o*$!uZ5Q9sJ?|?W6xi3UMCd`KlJjV>PF^`Q&>;gSjESl9~rBtd|rdes$Evs6u)=M)prE;@U;P|YWwo`7_3Ql=;rdF-MEoqiZ z^+K^(XgU?Eu&32*=B%h!^%C51blG2tqE)POX9gY3TBcPk)yrnVsW@mv@4jzH;xT#Kwj<)wFvnG+uPi@SF5WTJ=xq`YFO8Ww`9Rk(M3%3Zdx7`lC{e+XHg*~o?zLy z&8AubzLGUWKcJf?C6=jWRB9#>x{NT~u8)WX)~f3>ZLQZ=qt~fAk$*iBbhxUF^^D)1 zH+PT#J_4gRL=X2ojTXohljI4SA#5^9?qhHM)S7Spb?6NsbJU|O>}4X+*@4N_1= zxOZ4A7MenIo!&H3;sJrCx>s%KTp{478Kv3`>e5QJFG8dBrco<2&|gN7POMQX?V$isLk2&?{B0N( zyj9Ug1DRlEk(pp>K1@}PGwm9p!7NksoN`6EcWq@ktJ^5+6*RQtb{eD?n(IPh&L(zKbFOn-$tyT0PhE$M122m#PR2VPXRG-5}=s=9PkqGHQ+RG5;zLX z04i`Ja1OEiD*(mxj{+3WzkxXY&%mp|4}lkf=YcN(9|t^DDcZhCPW?y0@4i?)ht$2ZmP?Pp{*Nhy2(3q^NvaquH5DcmO+0j8Xnns2FmK5cIm1CRB zOKcxKZ6Gyc4mci&DOLDb zcZsQ8v<6MGL=)PFBK6+{CZ|O%Q^kRgjNd)wxdMK{7NQsY225c5C&a-y;Kcfe^n(XZ zAP31N4^AFX2iFWSd4vpR_QSE^j2#7x$Q5-${B~@>bxTXKTnXc*aN%1aQtTvti&%?1 zii-G(@(=_5nmP^F3!Fd#G|Q?p(?W$Drf%D80Z6eyrWrVqpfdjh<%_$DR;XH%+Seo$`yO71sl==uFt3i1q&rM~>hpX(Q zI!!6=0y5QmQr4;n8j=XPYZ~Vmaz~Vd(~|r#j@aa(Nj7=HPbq|L`rK<$)Xq6^fWmhR zNlu6+GG0N1{4SgPpg$f$$~3SliG+(}MPHn#WfGQ@5#(i4Nm?kQ7Hxq<9(gw_4=u7P zgZW*p8$_N=|Dvt5+E9|W_ZoS)F49i)(@jcy$axJEb<#|6R+6PrK!g-ZRu-C_;b)l~ z8ZOFGHN85>CJhl#CT6IhC4?EeLq(KXp#pOH;WEoPA&k!i(6oHwtp_3X%t&tkn0e3% zF)J1d%lD+E(exqKZM$}xP7pdUKE53!aa$(Su&>p5`BPP7;az?R%8c5BY~Tn0=L9ip zAXz4J0Db;ITf1BgB*`iHhf(%sng;-bBw1NTwtt>I>mrq2E!~u98>t#Pi*&2&H-o{x z!WJcn=g3|U79%sPrJ|58+1^B~;|hvuwFril_Mu$dG}478v=T~HA%5F-L+B|yw&;99 z_O5BH%UPGW6T3c=)T9R};N=KVhzVIMaT{TnqX`o#ZZ{iT_6lJ>Z{fGYbX-CTY#iq$7oLE~0}*l!plu8ji3cHYSkUPNz7Z!Ob_pUuXvIdcP-$SX(^D@88mh@7 z?%SLc*hjHq7=yQkU^YfBYZB2m2EN}Z2ey))9Y&;w9DQZH&nc8V%eeAms0hhVad&%e zR)&4KTIQJ=7A(f;jnA4<(1G^ENb-DjN;z;w@@9@U{+A<`i;m^3chG{VzNvE-)bH$E N$sy;ZPj#_F{tLGT+1mgB literal 0 HcmV?d00001 diff --git a/9.3/alpine/Dockerfile b/9.3/alpine/Dockerfile index 12cb52e87a..49897c57b3 100644 --- a/9.3/alpine/Dockerfile +++ b/9.3/alpine/Dockerfile @@ -169,9 +169,10 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-*.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +HEALTHCHECK CMD ["docker-healthcheck.sh"] EXPOSE 5432 CMD ["postgres"] diff --git a/9.3/alpine/docker-common.sh b/9.3/alpine/docker-common.sh new file mode 100644 index 0000000000..f47406d0c0 --- /dev/null +++ b/9.3/alpine/docker-common.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +LOCK_PATH=/tmp/docker-entrypoint.lock + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + diff --git a/9.3/alpine/docker-entrypoint.sh b/9.3/alpine/docker-entrypoint.sh index 4bc72cb6b4..a686e54705 100755 --- a/9.3/alpine/docker-entrypoint.sh +++ b/9.3/alpine/docker-entrypoint.sh @@ -1,27 +1,10 @@ #!/usr/bin/env bash set -e +source /usr/local/bin/docker-common.sh -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} +if [ "$(id -u)" != '0' ]; then + touch ${LOCK_PATH} +fi if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" @@ -142,4 +125,5 @@ if [ "$1" = 'postgres' ]; then fi fi +rm -f ${LOCK_PATH} > /dev/null || : exec "$@" diff --git a/9.3/alpine/docker-healthcheck.sh b/9.3/alpine/docker-healthcheck.sh new file mode 100755 index 0000000000..ae42ee6003 --- /dev/null +++ b/9.3/alpine/docker-healthcheck.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +source /usr/local/bin/docker-common.sh + +# docker-entrypoint starts an postgres temporarily +# ensure the entrypoint script is over +if [ -e ${LOCK_PATH} ]; then + echo "Entrypoint is still running" + exit 1 +fi + +echo "Entrypoint has finished" + +file_env 'POSTGRES_USER' 'postgres' +file_env 'POSTGRES_DB' "$POSTGRES_USER" +file_env 'POSTGRES_PASSWORD' +file_env 'POSTGRES_HEALTH_QUERY' "SELECT 'uptime: ' || now() - pg_postmaster_start_time();" + +pg_isready=(pg_isready) + +if [ "${POSTGRES_USER}" != "" ]; then + pg_isready+=(--username "${POSTGRES_USER}") +fi + +if [ "${POSTGRES_DB}" != "" ]; then + pg_isready+=(--dbname "${POSTGRES_DB}") +fi + +${pg_isready[@]} || exit 1 + +echo "Postgres accepts connections" + +if [ "${POSTGRES_HEALTH_QUERY}" != "" ]; then + health=(psql -t -v ON_ERROR_STOP=1) + + if [ "${POSTGRES_USER}" != "" ]; then + health+=(--username "${POSTGRES_USER}") + fi + + if [ "${POSTGRES_PASSWORD}" != "" ]; then + export PGPASWORD=${POSTGRES_PASSWORD} + fi + + if [ "${POSTGRES_DB}" != "" ]; then + health+=(--dbname "${POSTGRES_DB}") + fi + echo ${POSTGRES_HEALTH_QUERY} | ${health[@]} || exit 1 + echo "Health query succeed" +fi + +exit 0 diff --git a/9.3/docker-common.sh b/9.3/docker-common.sh new file mode 100644 index 0000000000..f47406d0c0 --- /dev/null +++ b/9.3/docker-common.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +LOCK_PATH=/tmp/docker-entrypoint.lock + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + diff --git a/9.3/docker-entrypoint.sh b/9.3/docker-entrypoint.sh index c96fea538d..63f0d64f33 100755 --- a/9.3/docker-entrypoint.sh +++ b/9.3/docker-entrypoint.sh @@ -1,27 +1,10 @@ #!/usr/bin/env bash set -e +source /usr/local/bin/docker-common.sh -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} +if [ "$(id -u)" != '0' ]; then + touch ${LOCK_PATH} +fi if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" @@ -142,4 +125,5 @@ if [ "$1" = 'postgres' ]; then fi fi +rm -f ${LOCK_PATH} > /dev/null || : exec "$@" diff --git a/9.3/docker-healthcheck.sh b/9.3/docker-healthcheck.sh new file mode 100755 index 0000000000..ae42ee6003 --- /dev/null +++ b/9.3/docker-healthcheck.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +source /usr/local/bin/docker-common.sh + +# docker-entrypoint starts an postgres temporarily +# ensure the entrypoint script is over +if [ -e ${LOCK_PATH} ]; then + echo "Entrypoint is still running" + exit 1 +fi + +echo "Entrypoint has finished" + +file_env 'POSTGRES_USER' 'postgres' +file_env 'POSTGRES_DB' "$POSTGRES_USER" +file_env 'POSTGRES_PASSWORD' +file_env 'POSTGRES_HEALTH_QUERY' "SELECT 'uptime: ' || now() - pg_postmaster_start_time();" + +pg_isready=(pg_isready) + +if [ "${POSTGRES_USER}" != "" ]; then + pg_isready+=(--username "${POSTGRES_USER}") +fi + +if [ "${POSTGRES_DB}" != "" ]; then + pg_isready+=(--dbname "${POSTGRES_DB}") +fi + +${pg_isready[@]} || exit 1 + +echo "Postgres accepts connections" + +if [ "${POSTGRES_HEALTH_QUERY}" != "" ]; then + health=(psql -t -v ON_ERROR_STOP=1) + + if [ "${POSTGRES_USER}" != "" ]; then + health+=(--username "${POSTGRES_USER}") + fi + + if [ "${POSTGRES_PASSWORD}" != "" ]; then + export PGPASWORD=${POSTGRES_PASSWORD} + fi + + if [ "${POSTGRES_DB}" != "" ]; then + health+=(--dbname "${POSTGRES_DB}") + fi + echo ${POSTGRES_HEALTH_QUERY} | ${health[@]} || exit 1 + echo "Health query succeed" +fi + +exit 0 diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 125ba689b2..d1c98cef53 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -126,9 +126,10 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-*.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +HEALTHCHECK CMD ["docker-healthcheck.sh"] EXPOSE 5432 CMD ["postgres"] diff --git a/9.4/alpine/Dockerfile b/9.4/alpine/Dockerfile index d586e054cc..d75eac3c57 100644 --- a/9.4/alpine/Dockerfile +++ b/9.4/alpine/Dockerfile @@ -142,9 +142,10 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-*.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +HEALTHCHECK CMD ["docker-healthcheck.sh"] EXPOSE 5432 CMD ["postgres"] diff --git a/9.4/alpine/docker-common.sh b/9.4/alpine/docker-common.sh new file mode 100644 index 0000000000..f47406d0c0 --- /dev/null +++ b/9.4/alpine/docker-common.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +LOCK_PATH=/tmp/docker-entrypoint.lock + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index 4bc72cb6b4..a686e54705 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -1,27 +1,10 @@ #!/usr/bin/env bash set -e +source /usr/local/bin/docker-common.sh -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} +if [ "$(id -u)" != '0' ]; then + touch ${LOCK_PATH} +fi if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" @@ -142,4 +125,5 @@ if [ "$1" = 'postgres' ]; then fi fi +rm -f ${LOCK_PATH} > /dev/null || : exec "$@" diff --git a/9.4/alpine/docker-healthcheck.sh b/9.4/alpine/docker-healthcheck.sh new file mode 100755 index 0000000000..ae42ee6003 --- /dev/null +++ b/9.4/alpine/docker-healthcheck.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +source /usr/local/bin/docker-common.sh + +# docker-entrypoint starts an postgres temporarily +# ensure the entrypoint script is over +if [ -e ${LOCK_PATH} ]; then + echo "Entrypoint is still running" + exit 1 +fi + +echo "Entrypoint has finished" + +file_env 'POSTGRES_USER' 'postgres' +file_env 'POSTGRES_DB' "$POSTGRES_USER" +file_env 'POSTGRES_PASSWORD' +file_env 'POSTGRES_HEALTH_QUERY' "SELECT 'uptime: ' || now() - pg_postmaster_start_time();" + +pg_isready=(pg_isready) + +if [ "${POSTGRES_USER}" != "" ]; then + pg_isready+=(--username "${POSTGRES_USER}") +fi + +if [ "${POSTGRES_DB}" != "" ]; then + pg_isready+=(--dbname "${POSTGRES_DB}") +fi + +${pg_isready[@]} || exit 1 + +echo "Postgres accepts connections" + +if [ "${POSTGRES_HEALTH_QUERY}" != "" ]; then + health=(psql -t -v ON_ERROR_STOP=1) + + if [ "${POSTGRES_USER}" != "" ]; then + health+=(--username "${POSTGRES_USER}") + fi + + if [ "${POSTGRES_PASSWORD}" != "" ]; then + export PGPASWORD=${POSTGRES_PASSWORD} + fi + + if [ "${POSTGRES_DB}" != "" ]; then + health+=(--dbname "${POSTGRES_DB}") + fi + echo ${POSTGRES_HEALTH_QUERY} | ${health[@]} || exit 1 + echo "Health query succeed" +fi + +exit 0 diff --git a/9.4/docker-common.sh b/9.4/docker-common.sh new file mode 100644 index 0000000000..f47406d0c0 --- /dev/null +++ b/9.4/docker-common.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +LOCK_PATH=/tmp/docker-entrypoint.lock + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index c96fea538d..63f0d64f33 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -1,27 +1,10 @@ #!/usr/bin/env bash set -e +source /usr/local/bin/docker-common.sh -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} +if [ "$(id -u)" != '0' ]; then + touch ${LOCK_PATH} +fi if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" @@ -142,4 +125,5 @@ if [ "$1" = 'postgres' ]; then fi fi +rm -f ${LOCK_PATH} > /dev/null || : exec "$@" diff --git a/9.4/docker-healthcheck.sh b/9.4/docker-healthcheck.sh new file mode 100755 index 0000000000..ae42ee6003 --- /dev/null +++ b/9.4/docker-healthcheck.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +source /usr/local/bin/docker-common.sh + +# docker-entrypoint starts an postgres temporarily +# ensure the entrypoint script is over +if [ -e ${LOCK_PATH} ]; then + echo "Entrypoint is still running" + exit 1 +fi + +echo "Entrypoint has finished" + +file_env 'POSTGRES_USER' 'postgres' +file_env 'POSTGRES_DB' "$POSTGRES_USER" +file_env 'POSTGRES_PASSWORD' +file_env 'POSTGRES_HEALTH_QUERY' "SELECT 'uptime: ' || now() - pg_postmaster_start_time();" + +pg_isready=(pg_isready) + +if [ "${POSTGRES_USER}" != "" ]; then + pg_isready+=(--username "${POSTGRES_USER}") +fi + +if [ "${POSTGRES_DB}" != "" ]; then + pg_isready+=(--dbname "${POSTGRES_DB}") +fi + +${pg_isready[@]} || exit 1 + +echo "Postgres accepts connections" + +if [ "${POSTGRES_HEALTH_QUERY}" != "" ]; then + health=(psql -t -v ON_ERROR_STOP=1) + + if [ "${POSTGRES_USER}" != "" ]; then + health+=(--username "${POSTGRES_USER}") + fi + + if [ "${POSTGRES_PASSWORD}" != "" ]; then + export PGPASWORD=${POSTGRES_PASSWORD} + fi + + if [ "${POSTGRES_DB}" != "" ]; then + health+=(--dbname "${POSTGRES_DB}") + fi + echo ${POSTGRES_HEALTH_QUERY} | ${health[@]} || exit 1 + echo "Health query succeed" +fi + +exit 0 diff --git a/9.5/Dockerfile b/9.5/Dockerfile index 1eb3221c25..4e6e5cbf7e 100644 --- a/9.5/Dockerfile +++ b/9.5/Dockerfile @@ -126,9 +126,10 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-*.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +HEALTHCHECK CMD ["docker-healthcheck.sh"] EXPOSE 5432 CMD ["postgres"] diff --git a/9.5/alpine/Dockerfile b/9.5/alpine/Dockerfile index c43a9af2f6..80f535e600 100644 --- a/9.5/alpine/Dockerfile +++ b/9.5/alpine/Dockerfile @@ -142,9 +142,10 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-*.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +HEALTHCHECK CMD ["docker-healthcheck.sh"] EXPOSE 5432 CMD ["postgres"] diff --git a/9.5/alpine/docker-common.sh b/9.5/alpine/docker-common.sh new file mode 100644 index 0000000000..f47406d0c0 --- /dev/null +++ b/9.5/alpine/docker-common.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +LOCK_PATH=/tmp/docker-entrypoint.lock + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 4bc72cb6b4..a686e54705 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -1,27 +1,10 @@ #!/usr/bin/env bash set -e +source /usr/local/bin/docker-common.sh -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} +if [ "$(id -u)" != '0' ]; then + touch ${LOCK_PATH} +fi if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" @@ -142,4 +125,5 @@ if [ "$1" = 'postgres' ]; then fi fi +rm -f ${LOCK_PATH} > /dev/null || : exec "$@" diff --git a/9.5/alpine/docker-healthcheck.sh b/9.5/alpine/docker-healthcheck.sh new file mode 100755 index 0000000000..ae42ee6003 --- /dev/null +++ b/9.5/alpine/docker-healthcheck.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +source /usr/local/bin/docker-common.sh + +# docker-entrypoint starts an postgres temporarily +# ensure the entrypoint script is over +if [ -e ${LOCK_PATH} ]; then + echo "Entrypoint is still running" + exit 1 +fi + +echo "Entrypoint has finished" + +file_env 'POSTGRES_USER' 'postgres' +file_env 'POSTGRES_DB' "$POSTGRES_USER" +file_env 'POSTGRES_PASSWORD' +file_env 'POSTGRES_HEALTH_QUERY' "SELECT 'uptime: ' || now() - pg_postmaster_start_time();" + +pg_isready=(pg_isready) + +if [ "${POSTGRES_USER}" != "" ]; then + pg_isready+=(--username "${POSTGRES_USER}") +fi + +if [ "${POSTGRES_DB}" != "" ]; then + pg_isready+=(--dbname "${POSTGRES_DB}") +fi + +${pg_isready[@]} || exit 1 + +echo "Postgres accepts connections" + +if [ "${POSTGRES_HEALTH_QUERY}" != "" ]; then + health=(psql -t -v ON_ERROR_STOP=1) + + if [ "${POSTGRES_USER}" != "" ]; then + health+=(--username "${POSTGRES_USER}") + fi + + if [ "${POSTGRES_PASSWORD}" != "" ]; then + export PGPASWORD=${POSTGRES_PASSWORD} + fi + + if [ "${POSTGRES_DB}" != "" ]; then + health+=(--dbname "${POSTGRES_DB}") + fi + echo ${POSTGRES_HEALTH_QUERY} | ${health[@]} || exit 1 + echo "Health query succeed" +fi + +exit 0 diff --git a/9.5/docker-common.sh b/9.5/docker-common.sh new file mode 100644 index 0000000000..f47406d0c0 --- /dev/null +++ b/9.5/docker-common.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +LOCK_PATH=/tmp/docker-entrypoint.lock + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index c96fea538d..63f0d64f33 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -1,27 +1,10 @@ #!/usr/bin/env bash set -e +source /usr/local/bin/docker-common.sh -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} +if [ "$(id -u)" != '0' ]; then + touch ${LOCK_PATH} +fi if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" @@ -142,4 +125,5 @@ if [ "$1" = 'postgres' ]; then fi fi +rm -f ${LOCK_PATH} > /dev/null || : exec "$@" diff --git a/9.5/docker-healthcheck.sh b/9.5/docker-healthcheck.sh new file mode 100755 index 0000000000..ae42ee6003 --- /dev/null +++ b/9.5/docker-healthcheck.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +source /usr/local/bin/docker-common.sh + +# docker-entrypoint starts an postgres temporarily +# ensure the entrypoint script is over +if [ -e ${LOCK_PATH} ]; then + echo "Entrypoint is still running" + exit 1 +fi + +echo "Entrypoint has finished" + +file_env 'POSTGRES_USER' 'postgres' +file_env 'POSTGRES_DB' "$POSTGRES_USER" +file_env 'POSTGRES_PASSWORD' +file_env 'POSTGRES_HEALTH_QUERY' "SELECT 'uptime: ' || now() - pg_postmaster_start_time();" + +pg_isready=(pg_isready) + +if [ "${POSTGRES_USER}" != "" ]; then + pg_isready+=(--username "${POSTGRES_USER}") +fi + +if [ "${POSTGRES_DB}" != "" ]; then + pg_isready+=(--dbname "${POSTGRES_DB}") +fi + +${pg_isready[@]} || exit 1 + +echo "Postgres accepts connections" + +if [ "${POSTGRES_HEALTH_QUERY}" != "" ]; then + health=(psql -t -v ON_ERROR_STOP=1) + + if [ "${POSTGRES_USER}" != "" ]; then + health+=(--username "${POSTGRES_USER}") + fi + + if [ "${POSTGRES_PASSWORD}" != "" ]; then + export PGPASWORD=${POSTGRES_PASSWORD} + fi + + if [ "${POSTGRES_DB}" != "" ]; then + health+=(--dbname "${POSTGRES_DB}") + fi + echo ${POSTGRES_HEALTH_QUERY} | ${health[@]} || exit 1 + echo "Health query succeed" +fi + +exit 0 diff --git a/9.6/Dockerfile b/9.6/Dockerfile index a6d04c356e..f57f3225dd 100644 --- a/9.6/Dockerfile +++ b/9.6/Dockerfile @@ -126,9 +126,10 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-*.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +HEALTHCHECK CMD ["docker-healthcheck.sh"] EXPOSE 5432 CMD ["postgres"] diff --git a/9.6/alpine/Dockerfile b/9.6/alpine/Dockerfile index 7cfe22a923..73bc51864c 100644 --- a/9.6/alpine/Dockerfile +++ b/9.6/alpine/Dockerfile @@ -142,9 +142,10 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-*.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] +HEALTHCHECK CMD ["docker-healthcheck.sh"] EXPOSE 5432 CMD ["postgres"] diff --git a/9.6/alpine/docker-common.sh b/9.6/alpine/docker-common.sh new file mode 100644 index 0000000000..f47406d0c0 --- /dev/null +++ b/9.6/alpine/docker-common.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +LOCK_PATH=/tmp/docker-entrypoint.lock + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 4bc72cb6b4..a686e54705 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -1,27 +1,10 @@ #!/usr/bin/env bash set -e +source /usr/local/bin/docker-common.sh -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} +if [ "$(id -u)" != '0' ]; then + touch ${LOCK_PATH} +fi if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" @@ -142,4 +125,5 @@ if [ "$1" = 'postgres' ]; then fi fi +rm -f ${LOCK_PATH} > /dev/null || : exec "$@" diff --git a/9.6/alpine/docker-healthcheck.sh b/9.6/alpine/docker-healthcheck.sh new file mode 100755 index 0000000000..ae42ee6003 --- /dev/null +++ b/9.6/alpine/docker-healthcheck.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +source /usr/local/bin/docker-common.sh + +# docker-entrypoint starts an postgres temporarily +# ensure the entrypoint script is over +if [ -e ${LOCK_PATH} ]; then + echo "Entrypoint is still running" + exit 1 +fi + +echo "Entrypoint has finished" + +file_env 'POSTGRES_USER' 'postgres' +file_env 'POSTGRES_DB' "$POSTGRES_USER" +file_env 'POSTGRES_PASSWORD' +file_env 'POSTGRES_HEALTH_QUERY' "SELECT 'uptime: ' || now() - pg_postmaster_start_time();" + +pg_isready=(pg_isready) + +if [ "${POSTGRES_USER}" != "" ]; then + pg_isready+=(--username "${POSTGRES_USER}") +fi + +if [ "${POSTGRES_DB}" != "" ]; then + pg_isready+=(--dbname "${POSTGRES_DB}") +fi + +${pg_isready[@]} || exit 1 + +echo "Postgres accepts connections" + +if [ "${POSTGRES_HEALTH_QUERY}" != "" ]; then + health=(psql -t -v ON_ERROR_STOP=1) + + if [ "${POSTGRES_USER}" != "" ]; then + health+=(--username "${POSTGRES_USER}") + fi + + if [ "${POSTGRES_PASSWORD}" != "" ]; then + export PGPASWORD=${POSTGRES_PASSWORD} + fi + + if [ "${POSTGRES_DB}" != "" ]; then + health+=(--dbname "${POSTGRES_DB}") + fi + echo ${POSTGRES_HEALTH_QUERY} | ${health[@]} || exit 1 + echo "Health query succeed" +fi + +exit 0 diff --git a/9.6/docker-common.sh b/9.6/docker-common.sh new file mode 100644 index 0000000000..f47406d0c0 --- /dev/null +++ b/9.6/docker-common.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +LOCK_PATH=/tmp/docker-entrypoint.lock + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index c96fea538d..63f0d64f33 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -1,27 +1,10 @@ #!/usr/bin/env bash set -e +source /usr/local/bin/docker-common.sh -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} +if [ "$(id -u)" != '0' ]; then + touch ${LOCK_PATH} +fi if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" @@ -142,4 +125,5 @@ if [ "$1" = 'postgres' ]; then fi fi +rm -f ${LOCK_PATH} > /dev/null || : exec "$@" diff --git a/9.6/docker-healthcheck.sh b/9.6/docker-healthcheck.sh new file mode 100755 index 0000000000..ae42ee6003 --- /dev/null +++ b/9.6/docker-healthcheck.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +source /usr/local/bin/docker-common.sh + +# docker-entrypoint starts an postgres temporarily +# ensure the entrypoint script is over +if [ -e ${LOCK_PATH} ]; then + echo "Entrypoint is still running" + exit 1 +fi + +echo "Entrypoint has finished" + +file_env 'POSTGRES_USER' 'postgres' +file_env 'POSTGRES_DB' "$POSTGRES_USER" +file_env 'POSTGRES_PASSWORD' +file_env 'POSTGRES_HEALTH_QUERY' "SELECT 'uptime: ' || now() - pg_postmaster_start_time();" + +pg_isready=(pg_isready) + +if [ "${POSTGRES_USER}" != "" ]; then + pg_isready+=(--username "${POSTGRES_USER}") +fi + +if [ "${POSTGRES_DB}" != "" ]; then + pg_isready+=(--dbname "${POSTGRES_DB}") +fi + +${pg_isready[@]} || exit 1 + +echo "Postgres accepts connections" + +if [ "${POSTGRES_HEALTH_QUERY}" != "" ]; then + health=(psql -t -v ON_ERROR_STOP=1) + + if [ "${POSTGRES_USER}" != "" ]; then + health+=(--username "${POSTGRES_USER}") + fi + + if [ "${POSTGRES_PASSWORD}" != "" ]; then + export PGPASWORD=${POSTGRES_PASSWORD} + fi + + if [ "${POSTGRES_DB}" != "" ]; then + health+=(--dbname "${POSTGRES_DB}") + fi + echo ${POSTGRES_HEALTH_QUERY} | ${health[@]} || exit 1 + echo "Health query succeed" +fi + +exit 0