diff --git a/Makefile b/Makefile index f0b992adb..d07fe0def 100644 --- a/Makefile +++ b/Makefile @@ -12,10 +12,12 @@ # golang:1.7.3 # compile_adminserver, compile_ui, compile_jobservice: compile specific binary # -# build: build Harbor docker images (defuault: build_photon) +# build: build Harbor docker images (default: build_photon) # for example: make build -e BASEIMAGE=photon # build_photon: build Harbor docker images from photon baseimage # +# build_postgresql: build postgresql images basaed on photon os +# make build -e BASEIMAGE=postgresql # install: include compile binarys, build images, prepare specific \ # version composefile and startup Harbor instance # @@ -92,7 +94,7 @@ NEWCLARITYVERSION= #clair parameters CLAIRVERSION=v2.0.0 CLAIRFLAG=false -CLAIRDBVERSION=9.6.3 +CLAIRDBVERSION=9.6.3-photon #clarity parameters CLARITYIMAGE=vmware/harbor-clarity-ui-builder[:tag] @@ -166,6 +168,10 @@ DOCKERFILEPATH_DB=$(DOCKERFILEPATH_COMMON)/db DOCKERFILENAME_DB=Dockerfile DOCKERFILE_CLARITY=$(MAKEPATH)/dev/nodeclarity/Dockerfile +DOCKERFILEPATH_POSTGRESQL=$(DOCKERFILEPATH_COMMON)/postgresql +DOCKERFILENAME_POSTGRESQL=Dockerfile + + # docker image name DOCKERIMAGENAME_ADMINSERVER=vmware/harbor-adminserver DOCKERIMAGENAME_UI=vmware/harbor-ui @@ -173,7 +179,7 @@ DOCKERIMAGENAME_JOBSERVICE=vmware/harbor-jobservice DOCKERIMAGENAME_LOG=vmware/harbor-log DOCKERIMAGENAME_DB=vmware/harbor-db DOCKERIMAGENAME_CLATIRY=vmware/harbor-clarity-ui-builder - +DOCKERIMAGENAME_POSTGRESQL=vmware/postgresql # docker-compose files DOCKERCOMPOSEFILEPATH=$(MAKEPATH) DOCKERCOMPOSETPLFILENAME=docker-compose.tpl @@ -237,7 +243,7 @@ ifeq ($(NOTARYFLAG), true) DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME) endif ifeq ($(CLAIRFLAG), true) - DOCKERSAVE_PARA+= quay.io/coreos/clair:$(CLAIRVERSION) postgres:$(CLAIRDBVERSION) + DOCKERSAVE_PARA+= quay.io/coreos/clair:$(CLAIRVERSION) vmware/postgresql:$(CLAIRDBVERSION) PACKAGE_OFFLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME) PACKAGE_ONLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME) DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME) @@ -305,7 +311,10 @@ build_common: version build_photon: build_common make -f $(MAKEFILEPATH_PHOTON)/Makefile build -e DEVFLAG=$(DEVFLAG) - +build_postgresql: + @echo "buildging postgresql container for photon..." + @cd $(DOCKERFILEPATH_POSTGRESQL) && $(DOCKERBUILD) -f $(DOCKERFILENAME_POSTGRESQL) -t $(DOCKERIMAGENAME_POSTGRESQL):$(CLAIRDBVERSION) . + @echo "Done." build: build_$(BASEIMAGE) modify_composefile: @@ -360,7 +369,7 @@ package_offline: compile build modify_sourcefiles modify_composefile @if [ "$(CLAIRFLAG)" = "true" ] ; then \ echo "pulling claiy and postgres..."; \ $(DOCKERPULL) quay.io/coreos/clair:$(CLAIRVERSION); \ - $(DOCKERPULL) postgres:$(CLAIRDBVERSION); \ + $(DOCKERPULL) vmware/postgresql:$(CLAIRDBVERSION); \ fi @echo "saving harbor docker image" diff --git a/make/common/postgresql/Dockerfile b/make/common/postgresql/Dockerfile new file mode 100644 index 000000000..ca9bc9689 --- /dev/null +++ b/make/common/postgresql/Dockerfile @@ -0,0 +1,26 @@ +FROM library/photon:1.0 + +ENV PGDATA /var/lib/postgresql/data + +RUN touch /etc/localtime.bak \ + && tdnf install -y sed shadow gzip postgresql\ + && groupadd -r postgres --gid=999 \ + && useradd -r -g postgres --uid=999 postgres \ + && mkdir -p /docker-entrypoint-initdb.d \ + && mkdir -p /run/postgresql \ + && chown -R postgres:postgres /run/postgresql \ + && chmod 2777 /run/postgresql \ + && mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" \ + && sed -i "s|#listen_addresses = 'localhost'.*|listen_addresses = '*'|g" /usr/share/postgresql/postgresql.conf.sample \ + && sed -i "s|#unix_socket_directories = '/tmp'.*|unix_socket_directories = '/run/postgresql'|g" /usr/share/postgresql/postgresql.conf.sample \ + && touch /usr/share/locale/locale.alias \ + && locale-gen.sh en_US.UTF-8 + +VOLUME /var/lib/postgresql/data + +ADD docker-entrypoint.sh /entrypoint.sh +RUN chmod u+x /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] + +EXPOSE 5432 +CMD ["postgres"] diff --git a/make/common/postgresql/docker-entrypoint.sh b/make/common/postgresql/docker-entrypoint.sh new file mode 100644 index 000000000..c4622eaef --- /dev/null +++ b/make/common/postgresql/docker-entrypoint.sh @@ -0,0 +1,120 @@ +#!/bin/bash +set -e + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" +fi + +if [ "$1" = 'postgres' ]; then + chown -R postgres:postgres $PGDATA + echo here1 + # look specifically for PG_VERSION, as it is expected in the DB dir + if [ ! -s "$PGDATA/PG_VERSION" ]; then + file_env 'POSTGRES_INITDB_ARGS' + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" + fi + echo hehe2 + su - $1 -c "initdb -D $PGDATA -U postgres -E UTF-8 --lc-collate=en_US.UTF-8 --lc-ctype=en_US.UTF-8 $POSTGRES_INITDB_ARGS" + echo hehe3 + # check password first so we can output the warning before postgres + # messes it up + file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_PASSWORD" ]; then + pass="PASSWORD '$POSTGRES_PASSWORD'" + authMethod=md5 + else + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-EOF + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** +EOF + + pass= + authMethod=trust + fi + + { + echo + echo "host all all all $authMethod" + } >> "$PGDATA/pg_hba.conf" + su postgres + echo `whoami` + # internal start of server in order to allow set-up using psql-client + # does not listen on external TCP/IP and waits until start finishes + su - $1 -c "pg_ctl -D \"$PGDATA\" -o \"-c listen_addresses='localhost'\" -w start" + + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_DB' "$POSTGRES_USER" + + psql=( psql -v ON_ERROR_STOP=1 ) + + if [ "$POSTGRES_DB" != 'postgres' ]; then + "${psql[@]}" --username postgres <<-EOSQL + CREATE DATABASE "$POSTGRES_DB" ; +EOSQL + echo + fi + + if [ "$POSTGRES_USER" = 'postgres' ]; then + op='ALTER' + else + op='CREATE' + fi + "${psql[@]}" --username postgres <<-EOSQL + $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; +EOSQL + echo + + psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + + echo + for f in /docker-entrypoint-initdb.d/*; do + case "$f" in + *.sh) echo "$0: running $f"; . "$f" ;; + *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done + + PGUSER="${PGUSER:-postgres}" \ + su - $1 -c "pg_ctl -D \"$PGDATA\" -m fast -w stop" + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + fi +fi +exec su - $1 -c "$@ -D $PGDATA" diff --git a/make/docker-compose.clair.yml b/make/docker-compose.clair.yml index e99c9d28a..e5eb31867 100644 --- a/make/docker-compose.clair.yml +++ b/make/docker-compose.clair.yml @@ -17,7 +17,7 @@ services: aliases: - postgres container_name: clair-db - image: postgres:9.6.3 + image: vmware/postgresql:9.6.3-photon restart: always depends_on: - log