@@ -20,6 +20,10 @@ ARG ARCH
2020RUN ${PACKAGER} config-manager --set-enabled pgdg${PGVERSION}-updates-testing \
2121 && ${PACKAGER} config-manager --set-enabled pgdg${PGVERSION}-source-updates-testing;
2222
23+ # Spilo-specific
24+ ENV PAM_OAUTH2=v1.0.1 \
25+ PG_PERMISSIONS=REL_1_3
26+
2327# Get some Standard-Stuff
2428RUN ${PACKAGER} -y update && ${PACKAGER} -y install --nodocs --noplugins --setopt=install_weak_deps=0 \
2529 --setopt=skip_missing_names_on_install=False \
@@ -33,12 +37,12 @@ RUN ${PACKAGER} -y update && ${PACKAGER} -y install --nodocs --noplugins --setop
3337 python3-pip \
3438 python3-psycopg2 \
3539 git \
36- clang \
3740 patchutils \
3841 binutils \
3942 make \
4043 cmake \
4144 gcc \
45+ clang \
4246 pam-devel \
4347 wget \
4448 mlocate \
@@ -53,6 +57,8 @@ RUN ${PACKAGER} -y update && ${PACKAGER} -y install --nodocs --noplugins --setop
5357 dumb-init \
5458 libicu \
5559 pgbackrest-${PGBACKREST_VERSION} \
60+ cronie \
61+ libcurl-devel \
5662 && ${PACKAGER} -y clean all;
5763
5864# install etcdctl
@@ -61,32 +67,58 @@ RUN curl -L https://github.com/coreos/etcd/releases/download/v${ETCD_VERSION}/et
6167ENV PATHBACKUP = $PATH
6268
6369RUN wget https://smarden.org/runit/runit-2.1.2.tar.gz -P /package/
64-
65- RUN pip3 install 'PyYAML<6.0' setuptools pystache loader kazoo meld3 boto python-etcd psutil requests cdiff ydiff --upgrade \
66- && pip3 install patroni[kubernetes$EXTRAS]==$PATRONI_VERSION --upgrade \
70+ COPY cron_unprivileged.c /package/
71+
72+ RUN pip3 install 'PyYAML<6.0' setuptools pystache loader kazoo meld3 boto python-etcd psutil requests cdiff ydiff==1.4.2 --upgrade \
73+ && if [[ $PATRONI_VERSION == "multisite-" * ]]; then \
74+ git clone -b $PATRONI_VERSION https://github.com/cybertec-postgresql/patroni; \
75+ pip3 install ./patroni[kubernetes,etcd,etcd3]; \
76+ else \
77+ pip3 install patroni[kubernetes$EXTRAS]==$PATRONI_VERSION --upgrade; \
78+ fi \
6779 && mkdir /usr/lib/postgresql \
80+ # Install pam_oauth2.so
81+ && git clone -b $PAM_OAUTH2 --recurse-submodules https://github.com/zalando-pg/pam-oauth2.git && make -C pam-oauth2 install \
82+ && git clone -b $PG_PERMISSIONS https://github.com/cybertec-postgresql/pg_permissions.git \
83+ && git clone https://github.com/dimitri/pgextwlist.git \
84+ && git clone https://github.com/crunchydata/pgnodemx \
85+ \
6886 && ${PACKAGER} -y install --nodocs --noplugins --setopt=install_weak_deps=0 postgresql${PGVERSION} libevent-devel brotli-devel libbrotli \
6987 && ${PACKAGER} -y clean all \
88+ \
89+ # forbid creation of a main cluster when package is installed
90+ # && sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf \
7091\
7192# Install PostgreSQL
7293 && for version in $PG_SUPPORTED_VERSIONS; do \
7394 ${PACKAGER} -y update && \
7495 ${PACKAGER} -y install postgresql${version}-pltcl \
96+ pgaudit*${version} \
97+ credcheck_*${version} \
7598 # Install PostgreSQL binaries, contrib, plproxy and multiple pl's
7699 && ${PACKAGER} -y install -y postgresql${version}-contrib \
77- postgresql${version}-devel \
78- \
100+ postgresql${version}-plpython3 postgresql${version}- devel \
101+ pg_cron_${version} pgvector_${version} set_user_${version} \
79102 # Modify for using origial-spilo scripts
80103 && ln -s /usr/pgsql-${version} /usr/lib/postgresql/${version} \
81- && export PATH=$PATHBACKUP:/usr/pgsql-${version}/bin; \
104+ && export PATH=$PATHBACKUP:/usr/pgsql-${version}/bin \
105+ # Install TimescaleDB
106+ && ${PACKAGER} -y install timescaledb_${version} \
107+ && cd / \
108+ && for n in pg_permissions $EXTRA_EXTENSIONS; do \
109+ make -C $n USE_PGXS=1 clean install-strip; \
110+ done \
111+ && cd /pgextwlist && make clean && make && make install \
112+ && cd /pgnodemx && make USE_PGXS=1 clean && make USE_PGXS=1 && make USE_PGXS=1 install; \
82113 done \
83114 && ${PACKAGER} -y install --nodocs --noplugins --setopt=install_weak_deps=0 glibc-static \
84115 && ${PACKAGER} -y clean all;
116+ RUN gcc -s -shared -fPIC -o /usr/local/lib/cron_unprivileged.so /package/cron_unprivileged.c
85117
86118 RUN cd /package && tar -xvzf runit-2.1.2.tar.gz && rm runit-2.1.2.tar.gz \
87119 && cd admin/runit-2.1.2 && package/install \
88120 && ln -s /usr/local/bin/runsvdir /usr/bin/runsvdir \
89- && rm -rf /pg_permissions* /pgextwlist /pg_stat_kcache /pgnodemx /timescaledb /set_user /pam-oauth2 \
121+ && rm -rf /pg_permissions /pgextwlist /pg_stat_kcache /pgnodemx /timescaledb /pam-oauth2 \
90122 && rm /etc/pgbackrest.conf && rm -rf /var/spool/pgbackrest \
91123 && ${PACKAGER} -y remove $(rpm -qa "*devel*" ) python3-pip python3-wheel python3-dev python3-setuptools git patchutils flatpak glibc-static gcc glibc-devel \
92124 && ${PACKAGER} -y autoremove \
@@ -131,6 +163,7 @@ RUN rm -rf /etc/service && mkdir /home/postgres/pgdata && chown -R postgres:post
131163 chmod 755 $d/* \
132164 && ln -s /run/supervise/$(basename $d) $d/supervise; \
133165 done \
166+ && chmod +r /etc/motd \
134167 && ln -snf $RW_DIR/service /etc/service \
135168 # && ln -s $RW_DIR/pam.d-postgresql /etc/pam.d/postgresql \
136169 && ln -s $RW_DIR/postgres.yml $PGHOME/postgres.yml \
@@ -149,7 +182,7 @@ RUN rm -rf /etc/service && mkdir /home/postgres/pgdata && chown -R postgres:post
149182 do echo "export $e" >> /etc/bash.bashrc; \
150183 done \
151184 && ln -s /etc/skel/.bashrc $PGHOME/.bashrc \
152- && echo "source /etc/motd" >> /root /.bashrc \
185+ && echo "source /etc/motd" >> /home/postgres /.bashrc \
153186 # Allow users in the root group to access the following files and dirs
154187 && if [ "$COMPRESS" != "true" ]; then \
155188 chmod 664 /etc/passwd \
@@ -165,6 +198,6 @@ COPY launcher/postgres/launch.sh /
165198
166199ENTRYPOINT ["/scripts/nss_wrapper/nss_wrapper.sh" ]
167200
168- USER 26
201+ USER postgres
169202
170- CMD ["/bin/sh" , "/launch.sh" , "init" ]
203+ CMD ["/bin/sh" , "/launch.sh" , "init" ]
0 commit comments