Update clair postgresql to use photon os

Makefile

@@ -12,10 +12,12 @@
 #							golang:1.7.3
 # compile_adminserver, compile_ui, compile_jobservice: compile specific binary
 #
-# build: 		build Harbor docker images (defuault: build_photon)
+# build: 		build Harbor docker images (default: build_photon)
 #			for example: make build -e BASEIMAGE=photon
 # build_photon:	build Harbor docker images from photon baseimage
 #
+# build_postgresql: build postgresql images basaed on photon os
+#       make build -e BASEIMAGE=postgresql
 # install:		include compile binarys, build images, prepare specific \
 #				version composefile and startup Harbor instance
 #
@@ -165,6 +167,10 @@ DOCKERFILEPATH_DB=$(DOCKERFILEPATH_COMMON)/db
 DOCKERFILENAME_DB=Dockerfile
 DOCKERFILE_CLARITY=$(MAKEPATH)/dev/nodeclarity/Dockerfile
 
+DOCKERFILEPATH_POSTGRESQL=$(DOCKERFILEPATH_COMMON)/postgresql
+DOCKERFILENAME_POSTGRESQL=Dockerfile
+
+
 # docker image name
 DOCKERIMAGENAME_ADMINSERVER=vmware/harbor-adminserver
 DOCKERIMAGENAME_UI=vmware/harbor-ui
@@ -172,7 +178,7 @@ DOCKERIMAGENAME_JOBSERVICE=vmware/harbor-jobservice
 DOCKERIMAGENAME_LOG=vmware/harbor-log
 DOCKERIMAGENAME_DB=vmware/harbor-db
 DOCKERIMAGENAME_CLATIRY=vmware/harbor-clarity-ui-builder
-
+DOCKERIMAGENAME_POSTGRESQL=vmware/harbor-postgresql
 # docker-compose files
 DOCKERCOMPOSEFILEPATH=$(MAKEPATH)
 DOCKERCOMPOSETPLFILENAME=docker-compose.tpl
@@ -236,7 +242,7 @@ ifeq ($(NOTARYFLAG), true)
 	DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME)
 endif
 ifeq ($(CLAIRFLAG), true)
-	DOCKERSAVE_PARA+= quay.io/coreos/clair:$(CLAIRVERSION) postgres:$(CLAIRDBVERSION)
+	DOCKERSAVE_PARA+= quay.io/coreos/clair:$(CLAIRVERSION) vmware/harbor-postgresql:$(CLAIRDBVERSION)
 	PACKAGE_OFFLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME)
 	PACKAGE_ONLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME)
 	DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME)
@@ -304,7 +310,10 @@ build_common: version
 
 build_photon: build_common
 	make -f $(MAKEFILEPATH_PHOTON)/Makefile build -e DEVFLAG=$(DEVFLAG)
-
+build_postgresql:
+	@echo "buildging postgresql container for photon..."
+	@cd $(DOCKERFILEPATH_POSTGRESQL) && $(DOCKERBUILD) -f $(DOCKERFILENAME_POSTGRESQL) -t $(DOCKERIMAGENAME_POSTGRESQL):$(VERSIONTAG) .
+	@echo "Done."
 build: build_$(BASEIMAGE)
 
 modify_composefile:
@@ -359,7 +368,7 @@ package_offline: compile build modify_sourcefiles modify_composefile
 	@if [ "$(CLAIRFLAG)" = "true" ] ; then \
 		echo "pulling claiy and postgres..."; \
 		$(DOCKERPULL) quay.io/coreos/clair:$(CLAIRVERSION); \
-		$(DOCKERPULL) postgres:$(CLAIRDBVERSION); \
+		$(DOCKERPULL) vmware/harbor-postgresql:$(CLAIRDBVERSION); \
 	fi
 
 	@echo "saving harbor docker image"

make/common/postgresql/Dockerfile

@@ -0,0 +1,25 @@
+FROM library/photon:1.0
+
+ENV PGDATA /var/lib/postgresql/data
+
+RUN touch /etc/localtime.bak \
+    && tdnf install -y sed shadow gzip postgresql\
+    && groupadd -r postgres --gid=999 \
+    && useradd -r -g postgres --uid=999 postgres \
+    && mkdir -p /run/postgresql \
+    && chown -R postgres:postgres /run/postgresql \
+    && chmod 2777 /run/postgresql \
+    && mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" \
+    && sed -i "s|#listen_addresses = 'localhost'.*|listen_addresses = '*'|g" /usr/share/postgresql/postgresql.conf.sample \
+    && sed -i "s|#unix_socket_directories = '/tmp'.*|unix_socket_directories = '/run/postgresql'|g" /usr/share/postgresql/postgresql.conf.sample \
+    && touch /usr/share/locale/locale.alias \
+    && locale-gen.sh en_US.UTF-8
+
+VOLUME /var/lib/postgresql/data
+
+ADD docker-entrypoint.sh /entrypoint.sh
+RUN chmod u+x /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
+
+EXPOSE 5432
+CMD ["postgres"]

make/common/postgresql/docker-entrypoint.sh

@@ -0,0 +1,120 @@
+#!/bin/bash
+set -e
+
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+        local var="$1"
+        local fileVar="${var}_FILE"
+        local def="${2:-}"
+        if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+                echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+                exit 1
+        fi
+        local val="$def"
+        if [ "${!var:-}" ]; then
+                val="${!var}"
+        elif [ "${!fileVar:-}" ]; then
+                val="$(< "${!fileVar}")"
+        fi
+        export "$var"="$val"
+        unset "$fileVar"
+}
+
+if [ "${1:0:1}" = '-' ]; then
+        set -- postgres "$@"
+fi
+
+if [ "$1" = 'postgres' ]; then
+        chown -R postgres:postgres $PGDATA
+        echo here1
+        # look specifically for PG_VERSION, as it is expected in the DB dir
+        if [ ! -s "$PGDATA/PG_VERSION" ]; then
+                file_env 'POSTGRES_INITDB_ARGS'
+                if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+                        export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
+                fi
+                echo hehe2
+                su - $1 -c "initdb -D $PGDATA  -U postgres -E UTF-8 --lc-collate=en_US.UTF-8 --lc-ctype=en_US.UTF-8 $POSTGRES_INITDB_ARGS"
+                echo hehe3
+                # check password first so we can output the warning before postgres
+                # messes it up
+                file_env 'POSTGRES_PASSWORD'
+                if [ "$POSTGRES_PASSWORD" ]; then
+                        pass="PASSWORD '$POSTGRES_PASSWORD'"
+                        authMethod=md5
+                else
+                        # The - option suppresses leading tabs but *not* spaces. :)
+                        cat >&2 <<-EOF
+                                ****************************************************
+                                WARNING: No password has been set for the database.
+                                         This will allow anyone with access to the
+                                         Postgres port to access your database. In
+                                         Docker's default configuration, this is
+                                         effectively any other container on the same
+                                         system.
+                                         Use "-e POSTGRES_PASSWORD=password" to set
+                                         it in "docker run".
+                                ****************************************************
+EOF
+
+                        pass=
+                        authMethod=trust
+                fi
+
+                {
+                        echo
+                        echo "host all all all $authMethod"
+                } >> "$PGDATA/pg_hba.conf"
+                su postgres
+                echo `whoami`
+                # internal start of server in order to allow set-up using psql-client
+                # does not listen on external TCP/IP and waits until start finishes
+                su - $1 -c "pg_ctl -D \"$PGDATA\" -o \"-c listen_addresses='localhost'\" -w start"
+
+                file_env 'POSTGRES_USER' 'postgres'
+                file_env 'POSTGRES_DB' "$POSTGRES_USER"
+
+                psql=( psql -v ON_ERROR_STOP=1 )
+
+                if [ "$POSTGRES_DB" != 'postgres' ]; then
+                        "${psql[@]}" --username postgres <<-EOSQL
+                                CREATE DATABASE "$POSTGRES_DB" ;
+EOSQL
+                        echo
+                fi
+
+                if [ "$POSTGRES_USER" = 'postgres' ]; then
+                        op='ALTER'
+                else
+                        op='CREATE'
+                fi
+                "${psql[@]}" --username postgres <<-EOSQL
+                        $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ;
+EOSQL
+                echo
+
+                psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" )
+
+                echo
+                for f in /docker-entrypoint-initdb.d/*; do
+                        case "$f" in
+                                *.sh)     echo "$0: running $f"; . "$f" ;;
+                                *.sql)    echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
+                                *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
+                                *)        echo "$0: ignoring $f" ;;
+                        esac
+                        echo
+                done
+
+                PGUSER="${PGUSER:-postgres}" \
+                su - $1 -c "pg_ctl -D \"$PGDATA\" -m fast -w stop"
+
+                echo
+                echo 'PostgreSQL init process complete; ready for start up.'
+                echo
+        fi
+fi
+exec su - $1 -c "$@ -D $PGDATA"

make/docker-compose.clair.yml

@@ -17,7 +17,7 @@ services:
         aliases:
           - postgres
     container_name: clair-db
-    image: postgres:9.6.3
+    image: vmware/harbor-postgresql:9.6.3
     restart: always
     depends_on:
       - log