From dd5ca740588f866536a82c073524b1fb8ebc7150 Mon Sep 17 00:00:00 2001 From: Guy D Date: Sun, 18 Jun 2017 09:59:07 +0300 Subject: [PATCH 1/2] adding support to _FILE --- docker-entrypoint.sh | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index f290efb..1969c8c 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -17,6 +17,28 @@ fi # Modified to be able to set up a slave. The docker-entrypoint-initdb.d hook provided is inadequate. set -e +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" @@ -47,7 +69,7 @@ if [ "$1" = 'postgres' ]; then sleep 1s done fi - + file_env 'POSTGRES_PASSWORD' # check password first so we can output the warning before postgres # messes it up if [ "$POSTGRES_PASSWORD" ]; then @@ -83,11 +105,8 @@ if [ "$1" = 'postgres' ]; then gosu postgres pg_ctl -D "$PGDATA" \ -o "-c listen_addresses='localhost'" \ -w start - - : ${POSTGRES_USER:=postgres} - : ${POSTGRES_DB:=$POSTGRES_USER} - export POSTGRES_USER POSTGRES_DB - + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_DB' "$POSTGRES_USER" psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then From 05ce5635ce1a6d63229836a3a2252e43a252e093 Mon Sep 17 00:00:00 2001 From: Guy D Date: Wed, 21 Jun 2017 11:11:53 +0300 Subject: [PATCH 2/2] adding support to FILE passed passwords --- docker-entrypoint.sh | 3 ++- setup-replication.sh | 25 +++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 1969c8c..71270dc 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -39,6 +39,7 @@ file_env() { unset "$fileVar" } +file_env 'POSTGRES_PASSWORD' if [ "${1:0:1}" = '-' ]; then set -- postgres "$@" @@ -63,13 +64,13 @@ if [ "$1" = 'postgres' ]; then echo "Waiting for master to ping..." sleep 1s done + PGPASSWORD=${POSTGRES_PASSWORD} until gosu postgres pg_basebackup -h ${REPLICATE_FROM} -D ${PGDATA} -U ${POSTGRES_USER} -vP -w do echo "Waiting for master to connect..." sleep 1s done fi - file_env 'POSTGRES_PASSWORD' # check password first so we can output the warning before postgres # messes it up if [ "$POSTGRES_PASSWORD" ]; then diff --git a/setup-replication.sh b/setup-replication.sh index 460c548..0d857a3 100755 --- a/setup-replication.sh +++ b/setup-replication.sh @@ -1,4 +1,29 @@ #!/bin/bash +set -e +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +file_env 'POSTGRES_PASSWORD' +file_env 'POSTGRES_USER' if [ "x$REPLICATE_FROM" == "x" ]; then