From bce2f5b26fde6f642e90b796a4afd3d2af3c8bd2 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 16 Nov 2020 14:53:00 +0000 Subject: [PATCH] 11.10.0-debian-10-r4 release --- bitnami/postgresql/11/debian-10/Dockerfile | 2 +- .../rootfs/opt/bitnami/scripts/libautoctl.sh | 307 ++++++++++++++++++ .../opt/bitnami/scripts/postgresql-env.sh | 18 + .../bitnami/scripts/postgresql/run-autoctl.sh | 30 ++ bitnami/postgresql/README.md | 2 +- 5 files changed, 357 insertions(+), 2 deletions(-) create mode 100644 bitnami/postgresql/11/debian-10/rootfs/opt/bitnami/scripts/libautoctl.sh create mode 100755 bitnami/postgresql/11/debian-10/rootfs/opt/bitnami/scripts/postgresql/run-autoctl.sh diff --git a/bitnami/postgresql/11/debian-10/Dockerfile b/bitnami/postgresql/11/debian-10/Dockerfile index 218e1f616b43..45092cb56212 100644 --- a/bitnami/postgresql/11/debian-10/Dockerfile +++ b/bitnami/postgresql/11/debian-10/Dockerfile @@ -24,7 +24,7 @@ COPY rootfs / RUN /opt/bitnami/scripts/postgresql/postunpack.sh RUN /opt/bitnami/scripts/locales/add-extra-locales.sh ENV BITNAMI_APP_NAME="postgresql" \ - BITNAMI_IMAGE_VERSION="11.10.0-debian-10-r3" \ + BITNAMI_IMAGE_VERSION="11.10.0-debian-10-r4" \ LANG="en_US.UTF-8" \ LANGUAGE="en_US:en" \ NSS_WRAPPER_LIB="/opt/bitnami/common/lib/libnss_wrapper.so" \ diff --git a/bitnami/postgresql/11/debian-10/rootfs/opt/bitnami/scripts/libautoctl.sh b/bitnami/postgresql/11/debian-10/rootfs/opt/bitnami/scripts/libautoctl.sh new file mode 100644 index 000000000000..874998c9b33c --- /dev/null +++ b/bitnami/postgresql/11/debian-10/rootfs/opt/bitnami/scripts/libautoctl.sh @@ -0,0 +1,307 @@ +#!/bin/bash +# +# Bitnami pg_auto_failover library + +# shellcheck disable=SC1091 +# shellcheck disable=SC1090 + +# Load PostgreSQL library +. /opt/bitnami/scripts/libpostgresql.sh + +######################## +# Change pg_hba.conf so it allows access from replication users +# Globals: +# POSTGRESQL_* +# Arguments: +# None +# Returns: +# None +######################### +autoctl_configure_pghba() { + local replication_auth="trust" + if [[ -n "${POSTGRESQL_REPLICATION_PASSWORD}" ]]; then + replication_auth="md5" + fi + + cat <"${POSTGRESQL_PGHBA_FILE}" +local all all trust +EOF + + if [[ "${POSTGRESQL_AUTOCTL_MODE}" = "monitor" ]]; then + cat <>"${POSTGRESQL_PGHBA_FILE}" +host pg_auto_failover autoctl_node 0.0.0.0/0 ${replication_auth} +EOF + elif [[ "${POSTGRESQL_AUTOCTL_MODE}" = "postgres" ]]; then + cat <>"${POSTGRESQL_PGHBA_FILE}" +host all all 0.0.0.0/0 ${replication_auth} +host all all ::/0 ${replication_auth} +host replication pgautofailover_replicator 0.0.0.0/0 ${replication_auth} +EOF + fi + + cp "${POSTGRESQL_PGHBA_FILE}" "${POSTGRESQL_DATA_DIR}/pg_hba.conf" +} + +######################## +# Configure the auth parameters +# Globals: +# POSTGRESQL_* +# Arguments: +# None +# Returns: +# None +######################### +autoctl_configure_auth() { + info "Configuring auth parameters for (${POSTGRESQL_DATA_DIR})..." + + if [[ -f ${POSTGRESQL_DATA_DIR}/.autoctl_initialized ]]; then + info "Auth parameters are already configured, restoring from existing data" + else + postgresql_start_bg + + if [[ -n "${POSTGRESQL_REPLICATION_PASSWORD}" ]]; then + info "Changing replication passwords" + + local -r escaped_password="${POSTGRESQL_REPLICATION_PASSWORD//\'/\'\'}" + if [[ "${POSTGRESQL_AUTOCTL_MODE}" = "monitor" ]]; then + echo "ALTER USER autoctl_node WITH PASSWORD '${escaped_password}';" | postgresql_execute + elif [[ "${POSTGRESQL_AUTOCTL_MODE}" = "postgres" ]]; then + echo "ALTER USER pgautofailover_replicator WITH PASSWORD '${escaped_password}';" | postgresql_execute + pg_autoctl config set --pgdata "${POSTGRESQL_DATA_DIR}" replication.password "${POSTGRESQL_REPLICATION_PASSWORD}" + fi + fi + + if [[ "${POSTGRESQL_AUTOCTL_MODE}" = "postgres" ]]; then + info "Adding users auth configurations..." + [[ -n "${POSTGRESQL_DATABASE}" ]] && [[ "$POSTGRESQL_DATABASE" != "postgres" ]] && postgresql_create_custom_database + if [[ "$POSTGRESQL_USERNAME" = "postgres" ]]; then + postgresql_alter_postgres_user "$POSTGRESQL_PASSWORD" + else + if [[ -n "$POSTGRESQL_POSTGRES_PASSWORD" ]]; then + postgresql_alter_postgres_user "$POSTGRESQL_POSTGRES_PASSWORD" + fi + postgresql_create_admin_user + fi + fi + + postgresql_stop + fi +} + +######################## +# Create a monitor +# Globals: +# POSTGRESQL_* +# Arguments: +# None +# Returns: +# None +######################### +autoctl_create_monitor() { + local -r default_hostname=${1:?default_hostname is required} + + "${POSTGRESQL_BIN_DIR}/pg_autoctl" create monitor \ + --auth md5 \ + --pgdata "${POSTGRESQL_DATA_DIR}" \ + --no-ssl \ + --hostname "${POSTGRESQL_AUTOCTL_HOSTNAME:-$default_hostname}" +} + +######################## +# Build monitor URI +# Globals: +# POSTGRESQL_* +# Arguments: +# None +# Returns: +# None +######################### +monitor_connection_string() { + echo "postgres://autoctl_node:${POSTGRESQL_REPLICATION_PASSWORD}@${POSTGRESQL_AUTOCTL_MONITOR_HOST}/pg_auto_failover?connect_timeout=2" +} + +######################## +# Create a postgress node +# Globals: +# POSTGRESQL_* +# Arguments: +# None +# Returns: +# None +######################### +autoctl_create_postgres() { + local -r default_hostname=${1:?default_hostname is required} + + PGPASSWORD="${POSTGRESQL_REPLICATION_PASSWORD}" "${POSTGRESQL_BIN_DIR}/pg_autoctl" create postgres \ + --auth md5 \ + --pgdata "${POSTGRESQL_DATA_DIR}" \ + --no-ssl \ + --monitor "$(monitor_connection_string)" \ + --name "${POSTGRESQL_AUTOCTL_HOSTNAME:-$default_hostname}" \ + --hostname "${POSTGRESQL_AUTOCTL_HOSTNAME:-$default_hostname}" + + pg_autoctl config set --pgdata "${POSTGRESQL_DATA_DIR}" pg_autoctl.monitor "$(monitor_connection_string)" + wait_until_can_connect "$(monitor_connection_string)" +} + +######################## +# Create postgresql data dir using pg_autoclt +# Globals: +# POSTGRESQL_* +# Arguments: +# None +# Returns: +# None +######################### +autoctl_create_node() { + info "Creating ${POSTGRESQL_AUTOCTL_MODE} data directory (${POSTGRESQL_DATA_DIR})..." + + if [[ -f ${POSTGRESQL_DATA_DIR}/.autoctl_initialized ]]; then + info "A ${POSTGRESQL_AUTOCTL_MODE} data directory (${POSTGRESQL_DATA_DIR}) already exists, restoring from existing data" + else + info "Cleaning dbinit initialization files ${POSTGRESQL_DATA_DIR}..." + rm -rf "${POSTGRESQL_DATA_DIR:?}"/* + + local -r default_hostname="$(hostname --fqdn)" + if [[ "${POSTGRESQL_AUTOCTL_MODE}" = "monitor" ]]; then + autoctl_create_monitor "${default_hostname}" + elif [[ "${POSTGRESQL_AUTOCTL_MODE}" = "postgres" ]]; then + autoctl_create_postgres "${default_hostname}" + else + error "autoctl does not support ${POSTGRESQL_AUTOCTL_MODE}" + exit 1 + fi + fi +} + +######################## +# Add pgautofailover extension to shared_preload_libraries property in postgresql.conf +# Globals: +# POSTGRESQL_* +# Arguments: +# None +# Returns: +# None +######################### +autoctl_configure_pgautofailover() { + info "Load pgautofailover through POSTGRESQL_SHARED_PRELOAD_LIBRARIES env var..." + if [[ -f ${POSTGRESQL_DATA_DIR}/.autoctl_initialized ]]; then + info "The pgautofailover is already loaded, restoring from existing config" + else + local preload_libraries + if [[ -n "${POSTGRESQL_SHARED_PRELOAD_LIBRARIES}" ]]; then + preload_libraries="${POSTGRESQL_SHARED_PRELOAD_LIBRARIES},pgautofailover" + else + preload_libraries="pgautofailover" + fi + + postgresql_set_property "shared_preload_libraries" "${preload_libraries}" + fi +} + +######################## +# Add pgbackrest extension's configuration file and directories +# Globals: +# POSTGRESQL_* +# Arguments: +# None +# Returns: +# None +######################### +autoctl_configure_pgbackrest() { + if [[ -f ${POSTGRESQL_DATA_DIR}/.autoctl_initialized ]]; then + info "The pgbackrest is already configured" + else + info "Configuring pgbackrest..." + debug "Ensuring pgbackrest expected directories/files exist..." + for dir in "${POSTGRESQL_PGBACKREST_LOGS_DIR}" "${POSTGRESQL_PGBACKREST_BACKUPS_DIR}" "${POSTGRESQL_PGBACKREST_SPOOL_DIR}"; do + ensure_dir_exists "${dir}" + am_i_root && chown "${POSTGRESQL_DAEMON_USER}:${POSTGRESQL_DAEMON_GROUP}" "${dir}" + done + + cat <>"${POSTGRESQL_PGBACKREST_CONF_FILE}" +[global] +repo1-path=${POSTGRESQL_PGBACKREST_BACKUPS_DIR} +repo1-cipher-pass=${POSTGRESQL_REPLICATION_PASSWORD} +repo1-cipher-type=aes-256-cbc +repo1-retention-diff=1 +repo1-retention-full=2 +process-max=2 +log-path=${POSTGRESQL_PGBACKREST_LOGS_DIR} +log-level-console=info +log-level-file=debug +archive-async=y +spool-path=${POSTGRESQL_PGBACKREST_SPOOL_DIR} +start-fast=y +[testdb] +pg1-path=${POSTGRESQL_DATA_DIR} +EOF + fi +} + +######################## +# Initialize a monitor or postgress node using pg_autoctl command. +# Globals: +# POSTGRESQL_* +# Arguments: +# None +# Returns: +# None +######################### +autoctl_initialize() { + info "Initializing ${POSTGRESQL_AUTOCTL_MODE} data directory..." + + postgresql_unrestrict_pghba + autoctl_create_node + autoctl_configure_pgautofailover + autoctl_configure_pgbackrest + + if [[ ! -f ${POSTGRESQL_DATA_DIR}/.autoctl_initialized ]]; then + info "Moving configuration files to (${POSTGRESQL_DATA_DIR})..." + + cp "${POSTGRESQL_CONF_FILE}" "${POSTGRESQL_DATA_DIR}/postgresql.conf" + mkdir -p "${POSTGRESQL_DATA_DIR}/conf.d" + fi + + autoctl_configure_auth + autoctl_configure_pghba + + touch "${POSTGRESQL_DATA_DIR}/.autoctl_initialized" + info "Done initializing ${POSTGRESQL_AUTOCTL_MODE} data directory..." +} + +######################## +# Wait until a node is ready to accepts connection. +# Globals: +# POSTGRESQL_* +# Arguments: +# - $1 node hostname +# Returns: +# None +######################### +wait_until_can_connect() { + local connection_string="$1" + + check_postgresql_connection() { + psql "$connection_string" -c 'select version()' > /dev/null 2>&1 + } + + info "Wait until node is available..." + if ! retry_while "check_postgresql_connection"; then + error "Could not connect to the postgresql" + return 1 + fi +} + +######################## +# Change pg_hba.conf so only password-based authentication is allowed +# Globals: +# POSTGRESQL_* +# Arguments: +# None +# Returns: +# None +######################### +postgresql_unrestrict_pghba() { + replace_in_file "$POSTGRESQL_PGHBA_FILE" "md5" "trust" false +} diff --git a/bitnami/postgresql/11/debian-10/rootfs/opt/bitnami/scripts/postgresql-env.sh b/bitnami/postgresql/11/debian-10/rootfs/opt/bitnami/scripts/postgresql-env.sh index 87b7547f5dce..066a50b2da91 100644 --- a/bitnami/postgresql/11/debian-10/rootfs/opt/bitnami/scripts/postgresql-env.sh +++ b/bitnami/postgresql/11/debian-10/rootfs/opt/bitnami/scripts/postgresql-env.sh @@ -79,6 +79,10 @@ postgresql_env_vars=( POSTGRESQL_PGHBA_REMOVE_FILTERS POSTGRESQL_USERNAME_CONNECTION_LIMIT POSTGRESQL_POSTGRES_CONNECTION_LIMIT + POSTGRESQL_AUTOCTL_CONF_DIR + POSTGRESQL_AUTOCTL_MODE + POSTGRESQL_AUTOCTL_MONITOR_HOST + POSTGRESQL_AUTOCTL_HOSTNAME POSTGRES_DATA_DIR PGDATA POSTGRES_SHUTDOWN_MODE @@ -298,6 +302,20 @@ export POSTGRESQL_USERNAME_CONNECTION_LIMIT="${POSTGRESQL_USERNAME_CONNECTION_LI POSTGRESQL_POSTGRES_CONNECTION_LIMIT="${POSTGRESQL_POSTGRES_CONNECTION_LIMIT:-"${POSTGRES_POSTGRES_CONNECTION_LIMIT:-}"}" export POSTGRESQL_POSTGRES_CONNECTION_LIMIT="${POSTGRESQL_POSTGRES_CONNECTION_LIMIT:-}" +# pgAutoFailover settings +export POSTGRESQL_AUTOCTL_VOLUME_DIR="${POSTGRESQL_VOLUME_DIR}/pgautoctl" +export POSTGRESQL_AUTOCTL_CONF_DIR="${POSTGRESQL_AUTOCTL_CONF_DIR:-${POSTGRESQL_AUTOCTL_VOLUME_DIR}/.config}" +export POSTGRESQL_AUTOCTL_MODE="${POSTGRESQL_AUTOCTL_MODE:-postgres}" +export POSTGRESQL_AUTOCTL_MONITOR_HOST="${POSTGRESQL_AUTOCTL_MONITOR_HOST:-monitor}" +export POSTGRESQL_AUTOCTL_HOSTNAME="${POSTGRESQL_AUTOCTL_HOSTNAME:-$(hostname --fqdn)}" + +# pgBackRest settings +export POSTGRESQL_PGBACKREST_VOLUME_DIR="${POSTGRESQL_VOLUME_DIR}/pgbackrest" +export POSTGRESQL_PGBACKREST_LOGS_DIR="${POSTGRESQL_PGBACKREST_VOLUME_DIR}/logs" +export POSTGRESQL_PGBACKREST_BACKUPS_DIR="${POSTGRESQL_PGBACKREST_VOLUME_DIR}/backups" +export POSTGRESQL_PGBACKREST_SPOOL_DIR="${POSTGRESQL_PGBACKREST_VOLUME_DIR}/spool" +export POSTGRESQL_PGBACKREST_CONF_FILE="${POSTGRESQL_DATA_DIR}/pgbackrest.conf" + # Internal export POSTGRESQL_FIRST_BOOT="yes" export NSS_WRAPPER_LIB="/opt/bitnami/common/lib/libnss_wrapper.so" diff --git a/bitnami/postgresql/11/debian-10/rootfs/opt/bitnami/scripts/postgresql/run-autoctl.sh b/bitnami/postgresql/11/debian-10/rootfs/opt/bitnami/scripts/postgresql/run-autoctl.sh new file mode 100755 index 000000000000..9f0a50214e85 --- /dev/null +++ b/bitnami/postgresql/11/debian-10/rootfs/opt/bitnami/scripts/postgresql/run-autoctl.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purpose + +# Load libraries +. /opt/bitnami/scripts/libpostgresql.sh +. /opt/bitnami/scripts/libautoctl.sh +. /opt/bitnami/scripts/libos.sh + +# Load PostgreSQL environment variables +. /opt/bitnami/scripts/postgresql-env.sh + +export HOME="${POSTGRESQL_AUTOCTL_VOLUME_DIR}" + +autoctl_initialize + +flags=("run" "--pgdata" "${POSTGRESQL_DATA_DIR}") +cmd=$(command -v pg_autoctl) + +info "** Starting PostgreSQL autoctl_node (Mode: $POSTGRESQL_AUTOCTL_MODE) **" +if am_i_root; then + exec gosu "$POSTGRESQL_DAEMON_USER" "${cmd}" "${flags[@]}" +else + PGPASSWORD=${POSTGRESQL_REPLICATION_PASSWORD} exec "${cmd}" "${flags[@]}" +fi diff --git a/bitnami/postgresql/README.md b/bitnami/postgresql/README.md index 436feacd8f91..468af6e6313c 100644 --- a/bitnami/postgresql/README.md +++ b/bitnami/postgresql/README.md @@ -46,7 +46,7 @@ Learn more about the Bitnami tagging policy and the difference between rolling t * [`13`, `13-debian-10`, `13.1.0`, `13.1.0-debian-10-r3` (13/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/13.1.0-debian-10-r3/13/debian-10/Dockerfile) * [`12`, `12-debian-10`, `12.5.0`, `12.5.0-debian-10-r3` (12/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/12.5.0-debian-10-r3/12/debian-10/Dockerfile) -* [`11`, `11-debian-10`, `11.10.0`, `11.10.0-debian-10-r3`, `latest` (11/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/11.10.0-debian-10-r3/11/debian-10/Dockerfile) +* [`11`, `11-debian-10`, `11.10.0`, `11.10.0-debian-10-r4`, `latest` (11/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/11.10.0-debian-10-r4/11/debian-10/Dockerfile) * [`10`, `10-debian-10`, `10.15.0`, `10.15.0-debian-10-r3` (10/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/10.15.0-debian-10-r3/10/debian-10/Dockerfile) * [`9.6`, `9.6-debian-10`, `9.6.20`, `9.6.20-debian-10-r3` (9.6/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/9.6.20-debian-10-r3/9.6/debian-10/Dockerfile)