From c9ac91c9fbafdd01a2943a8edd414b36fc6155d5 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Thu, 8 May 2025 18:41:27 +0200 Subject: [PATCH] [bitnami/postgresql] Release 14.18.0-debian-12-r0 (#80950) Signed-off-by: Bitnami Bot --- bitnami/postgresql/14/debian-12/Dockerfile | 10 +-- .../opt/bitnami/.bitnami_components.json | 2 +- .../rootfs/opt/bitnami/scripts/libautoctl.sh | 2 +- .../opt/bitnami/scripts/libpostgresql.sh | 71 +++++++++++++++++-- .../opt/bitnami/scripts/postgresql-env.sh | 16 +++++ .../postgresql/14/debian-12/tags-info.yaml | 2 +- bitnami/postgresql/README.md | 4 ++ 7 files changed, 92 insertions(+), 15 deletions(-) diff --git a/bitnami/postgresql/14/debian-12/Dockerfile b/bitnami/postgresql/14/debian-12/Dockerfile index 6e74ec1d10ed..c2fbf65a486d 100644 --- a/bitnami/postgresql/14/debian-12/Dockerfile +++ b/bitnami/postgresql/14/debian-12/Dockerfile @@ -10,14 +10,14 @@ ARG WITH_ALL_LOCALES="no" LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2025-05-05T19:10:57Z" \ + org.opencontainers.image.created="2025-05-08T16:16:00Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/postgresql/README.md" \ - org.opencontainers.image.ref.name="14.17.0-debian-12-r18" \ + org.opencontainers.image.ref.name="14.18.0-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/postgresql" \ org.opencontainers.image.title="postgresql" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="14.17.0" + org.opencontainers.image.version="14.18.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -30,7 +30,7 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libbsd0 libbz2-1.0 libedit2 libffi8 libgcc-s1 libgmp10 libgnutls30 libhogweed6 libicu72 libidn2-0 libldap-2.5-0 liblz4-1 liblzma5 libmd0 libncurses6 libnettle8 libp11-kit0 libpcre3 libreadline8 libsasl2-2 libsqlite3-0 libssl3 libstdc++6 libtasn1-6 libtinfo6 libunistring2 libuuid1 libxml2 libxslt1.1 libzstd1 locales procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \ COMPONENTS=( \ - "postgresql-14.17.0-14-linux-${OS_ARCH}-debian-12" \ + "postgresql-14.18.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ @@ -54,7 +54,7 @@ RUN echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen && locale-gen COPY rootfs / RUN /opt/bitnami/scripts/postgresql/postunpack.sh RUN /opt/bitnami/scripts/locales/add-extra-locales.sh -ENV APP_VERSION="14.17.0" \ +ENV APP_VERSION="14.18.0" \ BITNAMI_APP_NAME="postgresql" \ LANG="en_US.UTF-8" \ LANGUAGE="en_US:en" \ diff --git a/bitnami/postgresql/14/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/postgresql/14/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index e9ea2da0c40f..298361c99af9 100644 --- a/bitnami/postgresql/14/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/postgresql/14/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "14.17.0-14" + "version": "14.18.0-0" } } \ No newline at end of file diff --git a/bitnami/postgresql/14/debian-12/rootfs/opt/bitnami/scripts/libautoctl.sh b/bitnami/postgresql/14/debian-12/rootfs/opt/bitnami/scripts/libautoctl.sh index 48bfc247df8f..f2af15066bcc 100644 --- a/bitnami/postgresql/14/debian-12/rootfs/opt/bitnami/scripts/libautoctl.sh +++ b/bitnami/postgresql/14/debian-12/rootfs/opt/bitnami/scripts/libautoctl.sh @@ -74,7 +74,7 @@ autoctl_configure_auth() { if [[ "${POSTGRESQL_AUTOCTL_MODE}" = "postgres" ]]; then info "Adding users auth configurations..." - [[ -n "${POSTGRESQL_DATABASE}" ]] && [[ "$POSTGRESQL_DATABASE" != "postgres" ]] && postgresql_create_custom_database + [[ -n "$POSTGRESQL_DATABASE" ]] && [[ "$POSTGRESQL_DATABASE" != "postgres" ]] && postgresql_create_custom_database "$POSTGRESQL_DATABASE" if [[ "$POSTGRESQL_USERNAME" = "postgres" ]]; then postgresql_alter_postgres_user "$POSTGRESQL_PASSWORD" else diff --git a/bitnami/postgresql/14/debian-12/rootfs/opt/bitnami/scripts/libpostgresql.sh b/bitnami/postgresql/14/debian-12/rootfs/opt/bitnami/scripts/libpostgresql.sh index fa0a7bbdf94a..21fe2f7bb520 100644 --- a/bitnami/postgresql/14/debian-12/rootfs/opt/bitnami/scripts/libpostgresql.sh +++ b/bitnami/postgresql/14/debian-12/rootfs/opt/bitnami/scripts/libpostgresql.sh @@ -83,6 +83,9 @@ postgresql_validate() { if [[ -n "$POSTGRESQL_USERNAME" ]] && [[ "$POSTGRESQL_USERNAME" != "postgres" ]] && [[ -n "$POSTGRESQL_PASSWORD" ]] && [[ -z "$POSTGRESQL_DATABASE" ]]; then print_validation_error "In order to use a custom PostgreSQL user you need to set the environment variable POSTGRESQL_DATABASE as well" fi + if is_boolean_yes "$POSTGRESQL_SR_CHECK" && [[ -z "$POSTGRESQL_SR_CHECK_PASSWORD" ]]; then + empty_password_error "POSTGRESQL_SR_CHECK_PASSWORD" + fi fi if [[ -n "$POSTGRESQL_REPLICATION_MODE" ]]; then if [[ "$POSTGRESQL_REPLICATION_MODE" = "master" ]]; then @@ -124,6 +127,12 @@ postgresql_validate() { empty_password_error "You can not set POSTGRESQL_LDAP_URL and POSTGRESQL_LDAP_SERVER at the same time. Check your LDAP configuration." fi + if ! is_yes_no_value "$POSTGRESQL_SR_CHECK"; then + print_validation_error "The values allowed for POSTGRESQL_SR_CHECK are: yes or no" + elif is_boolean_yes "$POSTGRESQL_SR_CHECK" && [[ -z "$POSTGRESQL_SR_CHECK_USERNAME" || -z "$POSTGRESQL_SR_CHECK_DATABASE" ]]; then + print_validation_error "The environment variables POSTGRESQL_SR_CHECK_USERNAME and POSTGRESQL_SR_CHECK_DATABASE are required when using the SR_CHECK feature" + fi + if ! is_yes_no_value "$POSTGRESQL_ENABLE_TLS"; then print_validation_error "The values allowed for POSTGRESQL_ENABLE_TLS are: yes or no" elif is_boolean_yes "$POSTGRESQL_ENABLE_TLS"; then @@ -311,7 +320,7 @@ postgresql_restrict_pghba() { } ######################## -# Change pg_hba.conf so it allows access from replication users +# Change pg_hba.conf so it allows access from replication user # Globals: # POSTGRESQL_* # Arguments: @@ -330,6 +339,26 @@ host replication all ::/0 ${replication_ EOF } +######################## +# Change pg_hba.conf so it allows access from sr_check user +# Globals: +# POSTGRESQL_* +# Arguments: +# None +# Returns: +# None +######################### +postgresql_add_sr_check_user_to_pghba() { + local sr_check_auth="trust" + if [[ -n "$POSTGRESQL_SR_CHECK_PASSWORD" ]]; then + sr_check_auth="md5" + fi + cat <>"$POSTGRESQL_PGHBA_FILE" +host $POSTGRESQL_SR_CHECK_DATABASE $POSTGRESQL_SR_CHECK_USERNAME 0.0.0.0/0 ${sr_check_auth} +host $POSTGRESQL_SR_CHECK_DATABASE $POSTGRESQL_SR_CHECK_USERNAME ::/0 ${sr_check_auth} +EOF +} + ######################## # Change a PostgreSQL configuration file by setting a property # Globals: @@ -354,7 +383,7 @@ postgresql_set_property() { } ######################## -# Create a user for master-slave replication +# Create a user for primary-replica replication # Globals: # POSTGRESQL_* # Arguments: @@ -370,6 +399,29 @@ postgresql_create_replication_user() { echo "CREATE ROLE \"$POSTGRESQL_REPLICATION_USER\" REPLICATION LOGIN ENCRYPTED PASSWORD '$escaped_password'" | postgresql_execute "" "postgres" "$postgres_password" } +######################## +# Create a user for Stream Replication checks +# Globals: +# POSTGRESQL_* +# Arguments: +# None +# Returns: +# None +######################### +postgresql_create_sr_check_user() { + local -r escaped_password="${POSTGRESQL_SR_CHECK_PASSWORD//\'/\'\'}" + local -r postgres_password="${POSTGRESQL_POSTGRES_PASSWORD:-$POSTGRESQL_PASSWORD}" + + if [[ -n "$POSTGRESQL_REPLICATION_USER" ]] && [[ "$POSTGRESQL_SR_CHECK_USERNAME" == "$POSTGRESQL_REPLICATION_USER" ]]; then + debug "The SR_CHECK username is the same as the replication user, skipping creation" + else + info "Creating sr-check user $POSTGRESQL_SR_CHECK_USERNAME" + echo "CREATE ROLE \"${POSTGRESQL_SR_CHECK_USERNAME}\" WITH LOGIN PASSWORD '${escaped_password}';" | postgresql_execute "" "postgres" "$postgres_password" + fi + info "Granting access to \"${POSTGRESQL_SR_CHECK_USERNAME}\" to the database \"${POSTGRESQL_SR_CHECK_DATABASE}\"" + echo "GRANT CONNECT ON DATABASE \"${POSTGRESQL_SR_CHECK_DATABASE}\" TO \"${POSTGRESQL_SR_CHECK_USERNAME}\"\;" | postgresql_execute "" "postgres" "$postgres_password" +} + ######################## # Change postgresql.conf by setting replication parameters # Globals: @@ -522,12 +574,13 @@ postgresql_create_admin_user() { # Globals: # POSTGRESQL_* # Arguments: -# None +# $1 - Database name # Returns: # None ######################### postgresql_create_custom_database() { - echo "CREATE DATABASE \"$POSTGRESQL_DATABASE\"" | postgresql_execute "" "postgres" "" + local -r db_name="${1:?missing database}" + echo "CREATE DATABASE \"$db_name\"" | postgresql_execute "" "postgres" "" } ######################## @@ -650,7 +703,8 @@ postgresql_initialize() { if [[ "$POSTGRESQL_REPLICATION_MODE" = "master" ]]; then postgresql_master_init_db postgresql_start_bg "false" - [[ -n "${POSTGRESQL_DATABASE}" ]] && [[ "$POSTGRESQL_DATABASE" != "postgres" ]] && postgresql_create_custom_database + [[ -n "$POSTGRESQL_DATABASE" ]] && [[ "$POSTGRESQL_DATABASE" != "postgres" ]] && postgresql_create_custom_database "$POSTGRESQL_DATABASE" + is_boolean_yes "$POSTGRESQL_SR_CHECK" && [[ "$POSTGRESQL_SR_CHECK_DATABASE" != "postgres" ]] && postgresql_create_custom_database "$POSTGRESQL_SR_CHECK_DATABASE" if [[ "$POSTGRESQL_USERNAME" = "postgres" ]]; then postgresql_alter_postgres_user "$POSTGRESQL_PASSWORD" else @@ -660,16 +714,17 @@ postgresql_initialize() { postgresql_create_admin_user fi is_boolean_yes "$create_pghba_file" && postgresql_restrict_pghba + is_boolean_yes "$POSTGRESQL_SR_CHECK" && postgresql_create_sr_check_user [[ -n "$POSTGRESQL_REPLICATION_USER" ]] && ! $skip_replication && postgresql_create_replication_user is_boolean_yes "$create_conf_file" && ! $skip_replication && postgresql_configure_replication_parameters - is_boolean_yes "$create_pghba_file" && ! $skip_replication && postgresql_configure_synchronous_replication + is_boolean_yes "$create_pghba_file" && ! $skip_replication && postgresql_configure_synchronous_replication is_boolean_yes "$create_conf_file" && postgresql_configure_fsync is_boolean_yes "$create_conf_file" && is_boolean_yes "$POSTGRESQL_ENABLE_TLS" && postgresql_configure_tls [[ -n "$POSTGRESQL_REPLICATION_USER" ]] && is_boolean_yes "$create_pghba_file" && ! $skip_replication && postgresql_add_replication_to_pghba else postgresql_slave_init_db is_boolean_yes "$create_pghba_file" && postgresql_restrict_pghba - is_boolean_yes "$create_conf_file" && ! $skip_replication && postgresql_configure_replication_parameters + is_boolean_yes "$create_conf_file" && ! $skip_replication && postgresql_configure_replication_parameters is_boolean_yes "$create_conf_file" && postgresql_configure_fsync is_boolean_yes "$create_conf_file" && is_boolean_yes "$POSTGRESQL_ENABLE_TLS" && postgresql_configure_tls ! $skip_replication && postgresql_configure_recovery @@ -677,6 +732,8 @@ postgresql_initialize() { fi # TLS Modifications on pghba need to be performed after properly configuring postgresql.conf file is_boolean_yes "$create_pghba_file" && is_boolean_yes "$POSTGRESQL_ENABLE_TLS" && [[ -n $POSTGRESQL_TLS_CA_FILE ]] && postgresql_tls_auth_configuration + # Allow access from sr_check user + is_boolean_yes "$create_pghba_file" && is_boolean_yes "$POSTGRESQL_SR_CHECK" && postgresql_add_sr_check_user_to_pghba is_boolean_yes "$create_conf_file" && [[ -n "$POSTGRESQL_SHARED_PRELOAD_LIBRARIES" ]] && postgresql_set_property "shared_preload_libraries" "$POSTGRESQL_SHARED_PRELOAD_LIBRARIES" is_boolean_yes "$create_conf_file" && postgresql_configure_logging diff --git a/bitnami/postgresql/14/debian-12/rootfs/opt/bitnami/scripts/postgresql-env.sh b/bitnami/postgresql/14/debian-12/rootfs/opt/bitnami/scripts/postgresql-env.sh index afa1d535573c..14f952eb98d7 100644 --- a/bitnami/postgresql/14/debian-12/rootfs/opt/bitnami/scripts/postgresql-env.sh +++ b/bitnami/postgresql/14/debian-12/rootfs/opt/bitnami/scripts/postgresql-env.sh @@ -45,6 +45,9 @@ postgresql_env_vars=( POSTGRESQL_REPLICATION_USER POSTGRESQL_REPLICATION_USE_PASSFILE POSTGRESQL_REPLICATION_PASSFILE_PATH + POSTGRESQL_SR_CHECK + POSTGRESQL_SR_CHECK_USERNAME + POSTGRESQL_SR_CHECK_DATABASE POSTGRESQL_SYNCHRONOUS_COMMIT_MODE POSTGRESQL_FSYNC POSTGRESQL_USERNAME @@ -65,6 +68,7 @@ postgresql_env_vars=( POSTGRESQL_PASSWORD POSTGRESQL_POSTGRES_PASSWORD POSTGRESQL_REPLICATION_PASSWORD + POSTGRESQL_SR_CHECK_PASSWORD POSTGRESQL_INITSCRIPTS_PASSWORD POSTGRESQL_ENABLE_TLS POSTGRESQL_TLS_CERT_FILE @@ -116,6 +120,9 @@ postgresql_env_vars=( POSTGRES_ALLOW_REMOTE_CONNECTIONS POSTGRES_REPLICATION_MODE POSTGRES_REPLICATION_USER + POSTGRES_SR_CHECK + POSTGRES_SR_CHECK_USER + POSTGRES_SR_CHECK_DATABASE POSTGRES_SYNCHRONOUS_COMMIT_MODE POSTGRES_FSYNC POSTGRES_USERNAME @@ -138,6 +145,7 @@ postgresql_env_vars=( POSTGRES_PASSWORD POSTGRES_POSTGRES_PASSWORD POSTGRES_REPLICATION_PASSWORD + POSTGRES_SR_CHECK_PASSWORD POSTGRES_INITSCRIPTS_PASSWORD POSTGRES_ENABLE_TLS POSTGRES_TLS_CERT_FILE @@ -237,6 +245,12 @@ POSTGRESQL_REPLICATION_USER="${POSTGRESQL_REPLICATION_USER:-"${POSTGRES_REPLICAT export POSTGRESQL_REPLICATION_USER="${POSTGRESQL_REPLICATION_USER:-}" export POSTGRESQL_REPLICATION_USE_PASSFILE="${POSTGRESQL_REPLICATION_USE_PASSFILE:-no}" export POSTGRESQL_REPLICATION_PASSFILE_PATH="${POSTGRESQL_REPLICATION_PASSFILE_PATH:-${POSTGRESQL_CONF_DIR}/.pgpass}" +POSTGRESQL_SR_CHECK="${POSTGRESQL_SR_CHECK:-"${POSTGRES_SR_CHECK:-}"}" +export POSTGRESQL_SR_CHECK="${POSTGRESQL_SR_CHECK:-no}" +POSTGRESQL_SR_CHECK_USERNAME="${POSTGRESQL_SR_CHECK_USERNAME:-"${POSTGRES_SR_CHECK_USER:-}"}" +export POSTGRESQL_SR_CHECK_USERNAME="${POSTGRESQL_SR_CHECK_USERNAME:-sr_check_user}" +POSTGRESQL_SR_CHECK_DATABASE="${POSTGRESQL_SR_CHECK_DATABASE:-"${POSTGRES_SR_CHECK_DATABASE:-}"}" +export POSTGRESQL_SR_CHECK_DATABASE="${POSTGRESQL_SR_CHECK_DATABASE:-postgres}" POSTGRESQL_SYNCHRONOUS_COMMIT_MODE="${POSTGRESQL_SYNCHRONOUS_COMMIT_MODE:-"${POSTGRES_SYNCHRONOUS_COMMIT_MODE:-}"}" export POSTGRESQL_SYNCHRONOUS_COMMIT_MODE="${POSTGRESQL_SYNCHRONOUS_COMMIT_MODE:-on}" POSTGRESQL_FSYNC="${POSTGRESQL_FSYNC:-"${POSTGRES_FSYNC:-}"}" @@ -279,6 +293,8 @@ POSTGRESQL_POSTGRES_PASSWORD="${POSTGRESQL_POSTGRES_PASSWORD:-"${POSTGRES_POSTGR export POSTGRESQL_POSTGRES_PASSWORD="${POSTGRESQL_POSTGRES_PASSWORD:-}" POSTGRESQL_REPLICATION_PASSWORD="${POSTGRESQL_REPLICATION_PASSWORD:-"${POSTGRES_REPLICATION_PASSWORD:-}"}" export POSTGRESQL_REPLICATION_PASSWORD="${POSTGRESQL_REPLICATION_PASSWORD:-}" +POSTGRESQL_SR_CHECK_PASSWORD="${POSTGRESQL_SR_CHECK_PASSWORD:-"${POSTGRES_SR_CHECK_PASSWORD:-}"}" +export POSTGRESQL_SR_CHECK_PASSWORD="${POSTGRESQL_SR_CHECK_PASSWORD:-}" POSTGRESQL_INITSCRIPTS_PASSWORD="${POSTGRESQL_INITSCRIPTS_PASSWORD:-"${POSTGRES_INITSCRIPTS_PASSWORD:-}"}" export POSTGRESQL_INITSCRIPTS_PASSWORD="${POSTGRESQL_INITSCRIPTS_PASSWORD:-$POSTGRESQL_PASSWORD}" POSTGRESQL_ENABLE_TLS="${POSTGRESQL_ENABLE_TLS:-"${POSTGRES_ENABLE_TLS:-}"}" diff --git a/bitnami/postgresql/14/debian-12/tags-info.yaml b/bitnami/postgresql/14/debian-12/tags-info.yaml index b5a1639b9de4..c8e5ee6480e9 100644 --- a/bitnami/postgresql/14/debian-12/tags-info.yaml +++ b/bitnami/postgresql/14/debian-12/tags-info.yaml @@ -1,4 +1,4 @@ rolling-tags: - "14" - 14-debian-12 -- 14.17.0 +- 14.18.0 diff --git a/bitnami/postgresql/README.md b/bitnami/postgresql/README.md index 1513a9961b8c..71e45ec77252 100644 --- a/bitnami/postgresql/README.md +++ b/bitnami/postgresql/README.md @@ -195,6 +195,9 @@ docker-compose up -d | `POSTGRESQL_REPLICATION_USER` | PostgreSQL replication user | `nil` | | `POSTGRESQL_REPLICATION_USE_PASSFILE` | Use PGPASSFILE instead of PGPASSWORD | `no` | | `POSTGRESQL_REPLICATION_PASSFILE_PATH` | Path to store passfile | `${POSTGRESQL_CONF_DIR}/.pgpass` | +| `POSTGRESQL_SR_CHECK` | Create user on PostgreSQL for Stream Replication Check | `no` | +| `POSTGRESQL_SR_CHECK_USERNAME` | Stream Replication Check user | `sr_check_user` | +| `POSTGRESQL_SR_CHECK_DATABASE` | Stream Replication Check database | `postgres` | | `POSTGRESQL_SYNCHRONOUS_COMMIT_MODE` | Enable synchronous replication in slaves (number defined by POSTGRESQL_NUM_SYNCHRONOUS_REPLICAS) | `on` | | `POSTGRESQL_FSYNC` | Enable fsync in write ahead logs | `on` | | `POSTGRESQL_USERNAME` | PostgreSQL default username | `postgres` | @@ -215,6 +218,7 @@ docker-compose up -d | `POSTGRESQL_PASSWORD` | Password for the PostgreSQL created user | `nil` | | `POSTGRESQL_POSTGRES_PASSWORD` | Password for the PostgreSQL postgres user | `nil` | | `POSTGRESQL_REPLICATION_PASSWORD` | Password for the PostgreSQL replication user | `nil` | +| `POSTGRESQL_SR_CHECK_PASSWORD` | Password for the Stream Replication Check user | `nil` | | `POSTGRESQL_INITSCRIPTS_PASSWORD` | Password for the PostgreSQL init scripts user | `$POSTGRESQL_PASSWORD` | | `POSTGRESQL_ENABLE_TLS` | Whether to enable TLS for traffic or not | `no` | | `POSTGRESQL_TLS_CERT_FILE` | File containing the certificate for the TLS traffic | `nil` |