-
-
Notifications
You must be signed in to change notification settings - Fork 141
/
Dockerfile-156
223 lines (189 loc) · 9.34 KB
/
Dockerfile-156
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
# syntax=docker/dockerfile:1.6
ARG postgresql_major=15
ARG postgresql_release=${postgresql_major}.1
# Bump default build arg to build a package from source
# Bump vars.yml to specify runtime package version
ARG sfcgal_release=1.3.10
ARG postgis_release=3.3.2
ARG pgrouting_release=3.4.1
ARG pgtap_release=1.2.0
ARG pg_cron_release=1.6.2
ARG pgaudit_release=1.7.0
ARG pgjwt_release=9742dab1b2f297ad3811120db7b21451bca2d3c9
ARG pgsql_http_release=1.5.0
ARG plpgsql_check_release=2.2.5
ARG pg_safeupdate_release=1.4
ARG timescaledb_release=2.9.1
ARG wal2json_release=2_5
ARG pljava_release=1.6.4
ARG plv8_release=3.1.5
ARG pg_plan_filter_release=5081a7b5cb890876e67d8e7486b6a64c38c9a492
ARG pg_net_release=0.7.1
ARG rum_release=1.3.13
ARG pg_hashids_release=cd0e1b31d52b394a0df64079406a14a4f7387cd6
ARG libsodium_release=1.0.18
ARG pgsodium_release=3.1.6
ARG pg_graphql_release=1.5.1
ARG pg_stat_monitor_release=1.1.1
ARG pg_jsonschema_release=0.1.4
ARG pg_repack_release=1.4.8
ARG vault_release=0.2.8
ARG groonga_release=12.0.8
ARG pgroonga_release=2.4.0
ARG wrappers_release=0.3.0
ARG hypopg_release=1.3.1
ARG pgvector_release=0.4.0
ARG pg_tle_release=1.3.2
ARG index_advisor_release=0.2.0
ARG supautils_release=2.2.0
ARG wal_g_release=2.0.1
FROM ubuntu:focal as base
RUN apt update -y && apt install -y \
curl \
gnupg \
lsb-release \
software-properties-common \
wget \
sudo \
&& apt clean
RUN adduser --system --home /var/lib/postgresql --no-create-home --shell /bin/bash --group --gecos "PostgreSQL administrator" postgres
RUN adduser --system --no-create-home --shell /bin/bash --group wal-g
RUN curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux \
--init none \
--no-confirm \
--extra-conf "substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com" \
--extra-conf "trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=% cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin"
COPY . /nixpg
WORKDIR /nixpg
RUN nix profile install .#psql_15/bin
WORKDIR /
RUN mkdir -p /usr/lib/postgresql/bin \
/usr/lib/postgresql/share/postgresql \
/usr/share/postgresql \
# /usr/lib/postgresql/share/postgresql/contrib \
#/usr/lib/postgresql/share/postgresql/timezonesets \
#/usr/lib/postgresql/share/postgresql/tsearch_data \
# /usr/lib/postgresql/share/postgresql/extension \
&& chown -R postgres:postgres /usr/lib/postgresql \
&& chown -R postgres:postgres /usr/share/postgresql
# Create symbolic links
RUN ln -s /nix/var/nix/profiles/default/bin/* /usr/lib/postgresql/bin/ \
&& ln -s /nix/var/nix/profiles/default/bin/* /usr/bin/ \
&& chown -R postgres:postgres /usr/bin
# Create symbolic links for PostgreSQL shares
RUN ln -s /nix/var/nix/profiles/default/share/postgresql/* /usr/lib/postgresql/share/postgresql/
RUN ln -s /nix/var/nix/profiles/default/share/postgresql/* /usr/share/postgresql/
RUN chown -R postgres:postgres /usr/lib/postgresql/share/postgresql/
RUN chown -R postgres:postgres /usr/share/postgresql/
# Create symbolic links for contrib directory
RUN mkdir -p /usr/lib/postgresql/share/postgresql/contrib \
&& find /nix/var/nix/profiles/default/share/postgresql/contrib/ -mindepth 1 -type d -exec sh -c 'for dir do ln -s "$dir" "/usr/lib/postgresql/share/postgresql/contrib/$(basename "$dir")"; done' sh {} + \
&& chown -R postgres:postgres /usr/lib/postgresql/share/postgresql/contrib/
RUN chown -R postgres:postgres /usr/lib/postgresql
RUN ln -sf /usr/lib/postgresql/share/postgresql/timezonesets /usr/share/postgresql/timezonesets
RUN apt-get update && \
apt-get install -y --no-install-recommends tzdata
RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime && \
dpkg-reconfigure --frontend noninteractive tzdata
RUN apt-get update && \
apt-get install -y --no-install-recommends \
build-essential \
checkinstall \
cmake
ENV PGDATA=/var/lib/postgresql/data
####################
# setup-wal-g.yml
####################
FROM base as walg
ARG wal_g_release
# ADD "https://github.com/wal-g/wal-g/releases/download/v${wal_g_release}/wal-g-pg-ubuntu-20.04-${TARGETARCH}.tar.gz" /tmp/wal-g.tar.gz
RUN arch=$([ "$TARGETARCH" = "arm64" ] && echo "aarch64" || echo "$TARGETARCH") && \
apt-get update && apt-get install -y --no-install-recommends curl && \
curl -kL "https://github.com/wal-g/wal-g/releases/download/v${wal_g_release}/wal-g-pg-ubuntu-20.04-aarch64.tar.gz" -o /tmp/wal-g.tar.gz && \
tar -xvf /tmp/wal-g.tar.gz -C /tmp && \
rm -rf /tmp/wal-g.tar.gz && \
mv /tmp/wal-g-pg-ubuntu*20.04-aarch64 /tmp/wal-g
# ####################
# # Download gosu for easy step-down from root
# ####################
FROM base as gosu
ARG TARGETARCH
# Install dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
gnupg \
ca-certificates \
&& rm -rf /var/lib/apt/lists/*
# Download binary
ARG GOSU_VERSION=1.16
ARG GOSU_GPG_KEY=B42F6819007F00F88E364FD4036A9C25BF357DD4
ADD https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$TARGETARCH \
/usr/local/bin/gosu
ADD https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$TARGETARCH.asc \
/usr/local/bin/gosu.asc
# Verify checksum
RUN gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $GOSU_GPG_KEY && \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \
gpgconf --kill all && \
chmod +x /usr/local/bin/gosu
# ####################
# # Build final image
# ####################
FROM gosu as production
RUN id postgres || (echo "postgres user does not exist" && exit 1)
# # Setup extensions
COPY --from=walg /tmp/wal-g /usr/local/bin/
# # Initialise configs
COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql.conf.j2 /etc/postgresql/postgresql.conf
COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_hba.conf.j2 /etc/postgresql/pg_hba.conf
COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_ident.conf.j2 /etc/postgresql/pg_ident.conf
COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout-log.conf /etc/postgresql/logging.conf
COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf
COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts
COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh
COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf.j2 /etc/postgresql-custom/read-replica.conf
COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf.j2 /etc/postgresql-custom/wal-g.conf
COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh
COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh
RUN sed -i \
-e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \
-e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \
-e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \
-e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \
echo "cron.database_name = 'postgres'" >> /etc/postgresql/postgresql.conf && \
#echo "pljava.libjvm_location = '/usr/lib/jvm/java-11-openjdk-${TARGETARCH}/lib/server/libjvm.so'" >> /etc/postgresql/postgresql.conf && \
echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
echo 'auto_explain.log_min_duration = 10s' >> /etc/postgresql/postgresql.conf && \
usermod -aG postgres wal-g && \
mkdir -p /etc/postgresql-custom && \
chown postgres:postgres /etc/postgresql-custom
# # Include schema migrations
COPY migrations/db /docker-entrypoint-initdb.d/
COPY ansible/files/pgbouncer_config/pgbouncer_auth_schema.sql /docker-entrypoint-initdb.d/init-scripts/00-schema.sql
COPY ansible/files/stat_extension.sql /docker-entrypoint-initdb.d/migrations/00-extension.sql
# # Add upstream entrypoint script
COPY --from=gosu /usr/local/bin/gosu /usr/local/bin/gosu
ADD --chmod=0755 \
https://github.com/docker-library/postgres/raw/master/15/bullseye/docker-entrypoint.sh \
/usr/local/bin/
RUN mkdir -p /var/run/postgresql && chown postgres:postgres /var/run/postgresql
ENTRYPOINT ["docker-entrypoint.sh"]
HEALTHCHECK --interval=2s --timeout=2s --retries=10 CMD pg_isready -U postgres -h localhost
STOPSIGNAL SIGINT
EXPOSE 5432
ENV POSTGRES_HOST=/var/run/postgresql
ENV POSTGRES_USER=supabase_admin
ENV POSTGRES_DB=postgres
RUN apt-get update && apt-get install -y --no-install-recommends \
locales \
&& rm -rf /var/lib/apt/lists/* && \
localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 \
&& localedef -i C -c -f UTF-8 -A /usr/share/locale/locale.alias C.UTF-8
RUN echo "C.UTF-8 UTF-8" > /etc/locale.gen && echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
ENV LC_CTYPE=C.UTF-8
ENV LC_COLLATE=C.UTF-8
ENV LOCALE_ARCHIVE /usr/lib/locale/locale-archive
CMD ["postgres", "-D", "/etc/postgresql"]