From e0af9c036f7229593d4dbcb4e90134b66d97c545 Mon Sep 17 00:00:00 2001
From: yixingj <yixingj@vmware.com>
Date: Fri, 23 Jun 2017 10:54:27 +0800
Subject: [PATCH 1/2] Update clair postgresql to use photon os
---
Makefile | 19 +++-
make/common/postgresql/Dockerfile | 25 ++++
make/common/postgresql/docker-entrypoint.sh | 120 ++++++++++++++++++++
make/docker-compose.clair.yml | 2 +-
4 files changed, 160 insertions(+), 6 deletions(-)
create mode 100644 make/common/postgresql/Dockerfile
create mode 100644 make/common/postgresql/docker-entrypoint.sh
diff --git a/Makefile b/Makefile
index ee3b6ee35..121856168 100644
--- a/Makefile
+++ b/Makefile
@@ -12,10 +12,12 @@
# golang:1.7.3
# compile_adminserver, compile_ui, compile_jobservice: compile specific binary
#
-# build: build Harbor docker images (defuault: build_photon)
+# build: build Harbor docker images (default: build_photon)
# for example: make build -e BASEIMAGE=photon
# build_photon: build Harbor docker images from photon baseimage
#
+# build_postgresql: build postgresql images basaed on photon os
+# make build -e BASEIMAGE=postgresql
# install: include compile binarys, build images, prepare specific \
# version composefile and startup Harbor instance
#
@@ -165,6 +167,10 @@ DOCKERFILEPATH_DB=$(DOCKERFILEPATH_COMMON)/db
DOCKERFILENAME_DB=Dockerfile
DOCKERFILE_CLARITY=$(MAKEPATH)/dev/nodeclarity/Dockerfile
+DOCKERFILEPATH_POSTGRESQL=$(DOCKERFILEPATH_COMMON)/postgresql
+DOCKERFILENAME_POSTGRESQL=Dockerfile
+
+
# docker image name
DOCKERIMAGENAME_ADMINSERVER=vmware/harbor-adminserver
DOCKERIMAGENAME_UI=vmware/harbor-ui
@@ -172,7 +178,7 @@ DOCKERIMAGENAME_JOBSERVICE=vmware/harbor-jobservice
DOCKERIMAGENAME_LOG=vmware/harbor-log
DOCKERIMAGENAME_DB=vmware/harbor-db
DOCKERIMAGENAME_CLATIRY=vmware/harbor-clarity-ui-builder
-
+DOCKERIMAGENAME_POSTGRESQL=vmware/harbor-postgresql
# docker-compose files
DOCKERCOMPOSEFILEPATH=$(MAKEPATH)
DOCKERCOMPOSETPLFILENAME=docker-compose.tpl
@@ -236,7 +242,7 @@ ifeq ($(NOTARYFLAG), true)
DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME)
endif
ifeq ($(CLAIRFLAG), true)
- DOCKERSAVE_PARA+= quay.io/coreos/clair:$(CLAIRVERSION) postgres:$(CLAIRDBVERSION)
+ DOCKERSAVE_PARA+= quay.io/coreos/clair:$(CLAIRVERSION) vmware/harbor-postgresql:$(CLAIRDBVERSION)
PACKAGE_OFFLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME)
PACKAGE_ONLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME)
DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME)
@@ -304,7 +310,10 @@ build_common: version
build_photon: build_common
make -f $(MAKEFILEPATH_PHOTON)/Makefile build -e DEVFLAG=$(DEVFLAG)
-
+build_postgresql:
+ @echo "buildging postgresql container for photon..."
+ @cd $(DOCKERFILEPATH_POSTGRESQL) && $(DOCKERBUILD) -f $(DOCKERFILENAME_POSTGRESQL) -t $(DOCKERIMAGENAME_POSTGRESQL):$(VERSIONTAG) .
+ @echo "Done."
build: build_$(BASEIMAGE)
modify_composefile:
@@ -359,7 +368,7 @@ package_offline: compile build modify_sourcefiles modify_composefile
@if [ "$(CLAIRFLAG)" = "true" ] ; then \
echo "pulling claiy and postgres..."; \
$(DOCKERPULL) quay.io/coreos/clair:$(CLAIRVERSION); \
- $(DOCKERPULL) postgres:$(CLAIRDBVERSION); \
+ $(DOCKERPULL) vmware/harbor-postgresql:$(CLAIRDBVERSION); \
fi
@echo "saving harbor docker image"
diff --git a/make/common/postgresql/Dockerfile b/make/common/postgresql/Dockerfile
new file mode 100644
index 000000000..f4c89ae09
--- /dev/null
+++ b/make/common/postgresql/Dockerfile
@@ -0,0 +1,25 @@
+FROM library/photon:1.0
+
+ENV PGDATA /var/lib/postgresql/data
+
+RUN touch /etc/localtime.bak \
+ && tdnf install -y sed shadow gzip postgresql\
+ && groupadd -r postgres --gid=999 \
+ && useradd -r -g postgres --uid=999 postgres \
+ && mkdir -p /run/postgresql \
+ && chown -R postgres:postgres /run/postgresql \
+ && chmod 2777 /run/postgresql \
+ && mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" \
+ && sed -i "s|#listen_addresses = 'localhost'.*|listen_addresses = '*'|g" /usr/share/postgresql/postgresql.conf.sample \
+ && sed -i "s|#unix_socket_directories = '/tmp'.*|unix_socket_directories = '/run/postgresql'|g" /usr/share/postgresql/postgresql.conf.sample \
+ && touch /usr/share/locale/locale.alias \
+ && locale-gen.sh en_US.UTF-8
+
+VOLUME /var/lib/postgresql/data
+
+ADD docker-entrypoint.sh /entrypoint.sh
+RUN chmod u+x /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
+
+EXPOSE 5432
+CMD ["postgres"]
diff --git a/make/common/postgresql/docker-entrypoint.sh b/make/common/postgresql/docker-entrypoint.sh
new file mode 100644
index 000000000..c4622eaef
--- /dev/null
+++ b/make/common/postgresql/docker-entrypoint.sh
@@ -0,0 +1,120 @@
+#!/bin/bash
+set -e
+
+# usage: file_env VAR [DEFAULT]
+# ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+ local var="$1"
+ local fileVar="${var}_FILE"
+ local def="${2:-}"
+ if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+ echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+ exit 1
+ fi
+ local val="$def"
+ if [ "${!var:-}" ]; then
+ val="${!var}"
+ elif [ "${!fileVar:-}" ]; then
+ val="$(< "${!fileVar}")"
+ fi
+ export "$var"="$val"
+ unset "$fileVar"
+}
+
+if [ "${1:0:1}" = '-' ]; then
+ set -- postgres "$@"
+fi
+
+if [ "$1" = 'postgres' ]; then
+ chown -R postgres:postgres $PGDATA
+ echo here1
+ # look specifically for PG_VERSION, as it is expected in the DB dir
+ if [ ! -s "$PGDATA/PG_VERSION" ]; then
+ file_env 'POSTGRES_INITDB_ARGS'
+ if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+ export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
+ fi
+ echo hehe2
+ su - $1 -c "initdb -D $PGDATA -U postgres -E UTF-8 --lc-collate=en_US.UTF-8 --lc-ctype=en_US.UTF-8 $POSTGRES_INITDB_ARGS"
+ echo hehe3
+ # check password first so we can output the warning before postgres
+ # messes it up
+ file_env 'POSTGRES_PASSWORD'
+ if [ "$POSTGRES_PASSWORD" ]; then
+ pass="PASSWORD '$POSTGRES_PASSWORD'"
+ authMethod=md5
+ else
+ # The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-EOF
+ ****************************************************
+ WARNING: No password has been set for the database.
+ This will allow anyone with access to the
+ Postgres port to access your database. In
+ Docker's default configuration, this is
+ effectively any other container on the same
+ system.
+ Use "-e POSTGRES_PASSWORD=password" to set
+ it in "docker run".
+ ****************************************************
+EOF
+
+ pass=
+ authMethod=trust
+ fi
+
+ {
+ echo
+ echo "host all all all $authMethod"
+ } >> "$PGDATA/pg_hba.conf"
+ su postgres
+ echo `whoami`
+ # internal start of server in order to allow set-up using psql-client
+ # does not listen on external TCP/IP and waits until start finishes
+ su - $1 -c "pg_ctl -D \"$PGDATA\" -o \"-c listen_addresses='localhost'\" -w start"
+
+ file_env 'POSTGRES_USER' 'postgres'
+ file_env 'POSTGRES_DB' "$POSTGRES_USER"
+
+ psql=( psql -v ON_ERROR_STOP=1 )
+
+ if [ "$POSTGRES_DB" != 'postgres' ]; then
+ "${psql[@]}" --username postgres <<-EOSQL
+ CREATE DATABASE "$POSTGRES_DB" ;
+EOSQL
+ echo
+ fi
+
+ if [ "$POSTGRES_USER" = 'postgres' ]; then
+ op='ALTER'
+ else
+ op='CREATE'
+ fi
+ "${psql[@]}" --username postgres <<-EOSQL
+ $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ;
+EOSQL
+ echo
+
+ psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" )
+
+ echo
+ for f in /docker-entrypoint-initdb.d/*; do
+ case "$f" in
+ *.sh) echo "$0: running $f"; . "$f" ;;
+ *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
+ *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
+ *) echo "$0: ignoring $f" ;;
+ esac
+ echo
+ done
+
+ PGUSER="${PGUSER:-postgres}" \
+ su - $1 -c "pg_ctl -D \"$PGDATA\" -m fast -w stop"
+
+ echo
+ echo 'PostgreSQL init process complete; ready for start up.'
+ echo
+ fi
+fi
+exec su - $1 -c "$@ -D $PGDATA"
diff --git a/make/docker-compose.clair.yml b/make/docker-compose.clair.yml
index e99c9d28a..9529458bb 100644
--- a/make/docker-compose.clair.yml
+++ b/make/docker-compose.clair.yml
@@ -17,7 +17,7 @@ services:
aliases:
- postgres
container_name: clair-db
- image: postgres:9.6.3
+ image: vmware/harbor-postgresql:9.6.3
restart: always
depends_on:
- log
From 27670742b4d50fa34787ede2edb100fda7573410 Mon Sep 17 00:00:00 2001
From: yixingj <yixingj@vmware.com>
Date: Mon, 26 Jun 2017 15:31:34 +0800
Subject: [PATCH 2/2] Change version fromat and add init db sql directory
---
Makefile | 10 +++++-----
make/common/postgresql/Dockerfile | 1 +
make/docker-compose.clair.yml | 2 +-
3 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/Makefile b/Makefile
index 121856168..dc5aec88b 100644
--- a/Makefile
+++ b/Makefile
@@ -94,7 +94,7 @@ NEWCLARITYVERSION=
#clair parameters
CLAIRVERSION=v2.0.0
CLAIRFLAG=false
-CLAIRDBVERSION=9.6.3
+CLAIRDBVERSION=9.6.3-photon
#clarity parameters
CLARITYIMAGE=vmware/harbor-clarity-ui-builder[:tag]
@@ -178,7 +178,7 @@ DOCKERIMAGENAME_JOBSERVICE=vmware/harbor-jobservice
DOCKERIMAGENAME_LOG=vmware/harbor-log
DOCKERIMAGENAME_DB=vmware/harbor-db
DOCKERIMAGENAME_CLATIRY=vmware/harbor-clarity-ui-builder
-DOCKERIMAGENAME_POSTGRESQL=vmware/harbor-postgresql
+DOCKERIMAGENAME_POSTGRESQL=vmware/postgresql
# docker-compose files
DOCKERCOMPOSEFILEPATH=$(MAKEPATH)
DOCKERCOMPOSETPLFILENAME=docker-compose.tpl
@@ -242,7 +242,7 @@ ifeq ($(NOTARYFLAG), true)
DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME)
endif
ifeq ($(CLAIRFLAG), true)
- DOCKERSAVE_PARA+= quay.io/coreos/clair:$(CLAIRVERSION) vmware/harbor-postgresql:$(CLAIRDBVERSION)
+ DOCKERSAVE_PARA+= quay.io/coreos/clair:$(CLAIRVERSION) vmware/postgresql:$(CLAIRDBVERSION)
PACKAGE_OFFLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME)
PACKAGE_ONLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME)
DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME)
@@ -312,7 +312,7 @@ build_photon: build_common
make -f $(MAKEFILEPATH_PHOTON)/Makefile build -e DEVFLAG=$(DEVFLAG)
build_postgresql:
@echo "buildging postgresql container for photon..."
- @cd $(DOCKERFILEPATH_POSTGRESQL) && $(DOCKERBUILD) -f $(DOCKERFILENAME_POSTGRESQL) -t $(DOCKERIMAGENAME_POSTGRESQL):$(VERSIONTAG) .
+ @cd $(DOCKERFILEPATH_POSTGRESQL) && $(DOCKERBUILD) -f $(DOCKERFILENAME_POSTGRESQL) -t $(DOCKERIMAGENAME_POSTGRESQL):$(CLAIRDBVERSION) .
@echo "Done."
build: build_$(BASEIMAGE)
@@ -368,7 +368,7 @@ package_offline: compile build modify_sourcefiles modify_composefile
@if [ "$(CLAIRFLAG)" = "true" ] ; then \
echo "pulling claiy and postgres..."; \
$(DOCKERPULL) quay.io/coreos/clair:$(CLAIRVERSION); \
- $(DOCKERPULL) vmware/harbor-postgresql:$(CLAIRDBVERSION); \
+ $(DOCKERPULL) vmware/postgresql:$(CLAIRDBVERSION); \
fi
@echo "saving harbor docker image"
diff --git a/make/common/postgresql/Dockerfile b/make/common/postgresql/Dockerfile
index f4c89ae09..ca9bc9689 100644
--- a/make/common/postgresql/Dockerfile
+++ b/make/common/postgresql/Dockerfile
@@ -6,6 +6,7 @@ RUN touch /etc/localtime.bak \
&& tdnf install -y sed shadow gzip postgresql\
&& groupadd -r postgres --gid=999 \
&& useradd -r -g postgres --uid=999 postgres \
+ && mkdir -p /docker-entrypoint-initdb.d \
&& mkdir -p /run/postgresql \
&& chown -R postgres:postgres /run/postgresql \
&& chmod 2777 /run/postgresql \
diff --git a/make/docker-compose.clair.yml b/make/docker-compose.clair.yml
index 9529458bb..e5eb31867 100644
--- a/make/docker-compose.clair.yml
+++ b/make/docker-compose.clair.yml
@@ -17,7 +17,7 @@ services:
aliases:
- postgres
container_name: clair-db
- image: vmware/harbor-postgresql:9.6.3
+ image: vmware/postgresql:9.6.3-photon
restart: always
depends_on:
- log