Public Repository

Last pushed: 2 years ago
Short Description
Data image for postgresql 9.4
Full Description

This image contains the initialized data directory and configuration for postgresql 9.4

Use with communitycloud/postgres:

docker create --name pgdata -v /var communitycloud/postgres-data :

Turn off copy-on-write for the data directory:

docker run --rm -it --volumes-from pgdata debian:jessie chattr -R +C /var/pgsql/data

Note the : at the end is the minimal command; since the container only exists to seed the data volume, and contains no binaries, this is the simplest command that docker will allow when creating a container.

Sadly, docker doesn't let us store the xattrs when building the image, so we have to set NOCOW attribute every time we create a new volume container.

Then run the database:

docker run \
           --volumes-from pgdata \
           -u 1000 \
           -p 5432:5432 
           -it pgsql -D /var/pgsql/data

Connecting

The password for user postgres is change_me11.

Connect from another server:

PGPASSWORD=change_me11 psql -h 10.211.55.3 -U postgres
psql (9.4.1)
Type "help" for help.

postgres=# ALTER USER Postgres WITH PASSWORD '<your password here>';

Configuration

The database is built with UTF-8 charset and C default locale:

postgres=# \l
                            List of databases
   Name    |  Owner   | Encoding | Collate | Ctype |   Access privileges   
-----------+----------+----------+---------+-------+-----------------------
 postgres  | postgres | UTF8     | C       | C     | 
 template0 | postgres | UTF8     | C       | C     | =c/postgres          +
           |          |          |         |       | postgres=CTc/postgres
 template1 | postgres | UTF8     | C       | C     | =c/postgres          +
           |          |          |         |       | postgres=CTc/postgres

The config file looks like this:

egrep -v '^\s*#|^\s*$' /var/pgsql/data/postgresql.conf 

listen_addresses = '*'
max_connections = 100            # (change requires restart)
unix_socket_directories = '/var/pgsql'
shared_buffers = 128MB            # min 128kB
dynamic_shared_memory_type = posix    # the default is the first option
log_timezone = 'UTC'
datestyle = 'iso, mdy'
timezone = 'UTC'
lc_messages = 'C'            # locale for system error message
lc_monetary = 'C'            # locale for monetary formatting
lc_numeric = 'C'            # locale for number formatting
lc_time = 'C'                # locale for time formatting
default_text_search_config = 'pg_catalog.english'

cat var/pgsql/data/pg_hba.conf 
local   all             all                                     trust
host    all             all             0.0.0.0/0               md5
host    all             all             ::1/128                 trust

Optionally, one can modify the configuration files after creating the container:

docker run --rm -it --volumes-from pgdata debian:jessie /bin/bash

# vim /var/pgsql/data/pg_hba.conf 
...

Build

This image was built from a fresh build of postgres, as described in the image communitycloud/postgres-source-build.

docker run --rm \
           --name data-builder \
           --hostname data-builder \
           -v /var/run/docker.sock:/var/run/docker.sock \
           -it communitycloud/postgres-source-build

Postgres expects its data directories to be owned by the user postgres; the same as we defined in our etc/passwd file in the image. We will create a user with uid 1000 to help initdb create directories with correct permissions:

useradd -MUu 1000 postgres && id postgres

The name is not important, but since we added the user with id of 1000 in etc/passwd in the postgres binary image, we want to ensure that this temporary user creates folders with the same id.

The database cluster is built with following locales:

cat > /etc/locale.gen <<EOF
en_US.UTF-8 UTF-8
fr_FR.UTF-8 UTF-8
pt_BR.UTF-8 UTF-8
es_ES.UTF-8 UTF-8
ru_RU.UTF-8 UTF-8
ru_UA.UTF-8 UTF-8
de_DE.UTF-8 UTF-8
zh_CN.UTF-8 UTF-8
ar_JO.UTF-8 UTF-8
EOF

locale-gen

The default password is set to change_me11, and the server requires passwords for remote connections.

PGPASSWORD="change_me11"
echo $PGPASSWORD > /tmp/pw
chown postgres:postgres /tmp/pw
su postgres -c "/opt/pgsql/bin/initdb -D /tmp/var/pgsql/data -E 'UTF-8' --pwfile /tmp/pw"
echo 'Password for "postgres" user is' $PGPASSWORD

Our server should accept connections from all servers--it's already isolated within the Docker network, so not much to worry about.

rm /tmp/var/pgsql/data/pg_hba.conf \
&& su postgres -c 'cat > /tmp/var/pgsql/data/pg_hba.conf <<EOF
local   all             all                                     trust
host    all             all             0.0.0.0/0               md5
host    all             all             ::1/128                 trust
EOF'

We also listen on all interfaces to simplify deployment, and move the socket directory to /var/pgsql (the default is /tmp). Since our container does not have the path /tmp, if we don't do this, the container will report a nasty error on startup (FATAL: could not create lock file "/tmp/.s.PGSQL.5432.lock": No such file or directory).

sed -i "/listen_addresses/c\listen_addresses = '*'" /tmp/var/pgsql/data/postgresql.conf;
sed -i "/unix_socket_directories/c\unix_socket_directories = '/var/pgsql'" /tmp/var/pgsql/data/postgresql.conf;

cd /tmp \
&& tar cp var/ | docker import - communitycloud/postgres-data

It's important to specify the p flag for tar in order to preserve the permissions that initdb set. The colon at the end of docker create is the minimal command that does nothing, since we can't really create a container without a command, and our image has no binaries to run. The data container doesn't need to be run, we only need to create it in order to establish the data volume.

Docker Pull Command
Owner
communitycloud