Merge pull request #36 from bacongobbler/fixup-ci

Matthew Fisher · Matthew Fisher · commit 2d8e5c2d2181 · 2016-02-18T10:05:56.000-08:00
ref(postgres): move username and password to secrets
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+contrib/ci/tmp
diff --git a/contrib/ci/test.sh b/contrib/ci/test.sh
@@ -5,6 +5,13 @@ set -x
 
 JOB=$(docker run -d $1)
 # wait for postgres to boot
+CURRENT_DIR=$(cd $(dirname $0); pwd)
+mkdir -p $CURRENT_DIR/tmp
+echo "testuser" > $CURRENT_DIR/tmp/user
+echo "icanttellyou" > $CURRENT_DIR/tmp/password
+JOB=$(docker run -dv $CURRENT_DIR/tmp:/var/run/secrets/deis/database/creds $1)
 sleep 10
+# display logs for debugging purposes
+docker logs $JOB
 docker exec $JOB is_master
 docker rm -f $JOB
diff --git a/rootfs/docker-entrypoint.sh b/rootfs/docker-entrypoint.sh
@@ -0,0 +1,108 @@
+#!/bin/bash
+#
+# Originally copied and modified from
+# https://github.com/docker-library/postgres/blob/ec5ce80ca914e02c2d5eb9fde424039d4cee032e/9.4/docker-entrypoint.sh
+#
+set -e
+
+set_listen_addresses() {
+	sedEscapedValue="$(echo "$1" | sed 's/[\/&]/\\&/g')"
+	sed -ri "s/^#?(listen_addresses\s*=\s*)\S+/\1'$sedEscapedValue'/" "$PGDATA/postgresql.conf"
+}
+
+POSTGRES_USER="$(cat /var/run/secrets/deis/database/creds/user)"
+POSTGRES_PASSWORD="$(cat /var/run/secrets/deis/database/creds/password)"
+
+if [ "$1" = 'postgres' ]; then
+	mkdir -p "$PGDATA"
+	chmod 700 "$PGDATA"
+	chown -R postgres "$PGDATA"
+
+	chmod g+s /run/postgresql
+	chown -R postgres /run/postgresql
+
+	# look specifically for PG_VERSION, as it is expected in the DB dir
+	if [ ! -s "$PGDATA/PG_VERSION" ]; then
+		gosu postgres initdb
+
+		# check password first so we can output the warning before postgres
+		# messes it up
+		if [ "$POSTGRES_PASSWORD" ]; then
+			pass="PASSWORD '$POSTGRES_PASSWORD'"
+			authMethod=md5
+		else
+			# The - option suppresses leading tabs but *not* spaces. :)
+			cat >&2 <<-'EOWARN'
+				****************************************************
+				WARNING: No password has been set for the database.
+				         This will allow anyone with access to the
+				         Postgres port to access your database. In
+				         Docker's default configuration, this is
+				         effectively any other container on the same
+				         system.
+
+				         Use "-e POSTGRES_PASSWORD=password" to set
+				         it in "docker run".
+				****************************************************
+			EOWARN
+
+			pass=
+			authMethod=trust
+		fi
+
+		{ echo; echo "host all all 0.0.0.0/0 $authMethod"; } >> "$PGDATA/pg_hba.conf"
+
+		# internal start of server in order to allow set-up using psql-client
+		# does not listen on TCP/IP and waits until start finishes
+		gosu postgres pg_ctl -D "$PGDATA" \
+			-o "-c listen_addresses=''" \
+			-w start
+
+		: ${POSTGRES_USER:=postgres}
+		: ${POSTGRES_DB:=$POSTGRES_USER}
+		export POSTGRES_USER POSTGRES_DB
+
+		if [ "$POSTGRES_DB" != 'postgres' ]; then
+			psql --username postgres <<-EOSQL
+				CREATE DATABASE "$POSTGRES_DB" ;
+			EOSQL
+			echo
+		fi
+
+		if [ "$POSTGRES_USER" = 'postgres' ]; then
+			op='ALTER'
+		else
+			op='CREATE'
+		fi
+
+		psql --username postgres <<-EOSQL
+			$op USER "$POSTGRES_USER" WITH SUPERUSER $pass ;
+		EOSQL
+		echo
+
+		echo
+		for f in /docker-entrypoint-initdb.d/*; do
+			case "$f" in
+				*.sh)  echo "$0: running $f"; . "$f" ;;
+				*.sql)
+					echo "$0: running $f";
+					psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" < "$f"
+					echo
+					;;
+				*)     echo "$0: ignoring $f" ;;
+			esac
+			echo
+		done
+
+		gosu postgres pg_ctl -D "$PGDATA" -m fast -w stop
+		set_listen_addresses '*'
+
+		echo
+		echo 'PostgreSQL init process complete; ready for start up.'
+		echo
+	fi
+
+	exec gosu postgres "$@"
+fi
+
+exec "$@"
