From 35487deecc50a7ffdef6f671eff95ba94c2bad95 Mon Sep 17 00:00:00 2001 From: Scott Koranda Date: Tue, 2 May 2017 05:53:35 -0500 Subject: [PATCH] postgres config via secret files --- comanage-registry-postgres/Dockerfile | 4 ++ comanage-registry-postgres/README.md | 15 ++++++++ .../comanage-registry-postgres-entrypoint.sh | 37 +++++++++++++++++++ 3 files changed, 56 insertions(+) create mode 100755 comanage-registry-postgres/comanage-registry-postgres-entrypoint.sh diff --git a/comanage-registry-postgres/Dockerfile b/comanage-registry-postgres/Dockerfile index b2043b0..ce28e14 100644 --- a/comanage-registry-postgres/Dockerfile +++ b/comanage-registry-postgres/Dockerfile @@ -24,9 +24,11 @@ RUN mkdir -p "$INIT_DIR" COPY init-comanage-registry-database.sh "$INIT_DIR/init-comanage-registry-database.sh" COPY create-pg_hba.conf.sh "$INIT_DIR/create-pg_hba.conf.sh" +COPY comanage-registry-postgres-entrypoint.sh /usr/local/bin/comanage-registry-postgres-entrypoint.sh RUN chmod 0755 "$INIT_DIR/init-comanage-registry-database.sh" RUN chmod 0755 "$INIT_DIR/create-pg_hba.conf.sh" +RUN chmod 0755 /usr/local/bin/comanage-registry-postgres-entrypoint.sh ARG COMANAGE_REGISTRY_POSTGRES_DATABASE ARG COMANAGE_REGISTRY_POSTGRES_USER @@ -36,4 +38,6 @@ ENV COMANAGE_REGISTRY_POSTGRES_DATABASE ${COMANAGE_REGISTRY_POSTGRES_DATABASE:-r ENV COMANAGE_REGISTRY_POSTGRES_USER ${COMANAGE_REGISTRY_POSTGRES_USER:-registry_user} ENV COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD ${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD:-} +ENTRYPOINT ["/usr/local/bin/comanage-registry-postgres-entrypoint.sh"] + CMD ["-c", "hba_file=/etc/postgres/pg_hba.conf"] diff --git a/comanage-registry-postgres/README.md b/comanage-registry-postgres/README.md index 194aa47..903bb8e 100644 --- a/comanage-registry-postgres/README.md +++ b/comanage-registry-postgres/README.md @@ -74,5 +74,20 @@ docker run -d --name comanage-registry-database \ comanage-registry-postgres ``` +You may also set environment variables that point to files from which to read +the same details, for example + +``` +docker run -d --name comanage-registry-database \ + --network comanage-registry-internal-network \ + -v /tmp/postgres-data:/var/lib/postgresql/data \ + -e POSTGRES_USER_FILE=/run/secrets/postgres_user \ + -e POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password \ + -e COMANAGE_REGISTRY_POSTGRES_DATABASE_FILE=/run/secrets/comanage_registry_postgres_database \ + -e COMANAGE_REGISTRY_POSTGRES_USER_FILE=/run/secrets/comanage_registry_postgres_user \ + -e COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD_FILE=/run/secrets/comanage_registry_postgres_user_password \ + comanage-registry-postgres +``` + If you do not set a password for the superuser or the COmanage Registry user then any client with access to the container may connect to the database. diff --git a/comanage-registry-postgres/comanage-registry-postgres-entrypoint.sh b/comanage-registry-postgres/comanage-registry-postgres-entrypoint.sh new file mode 100755 index 0000000..1652e74 --- /dev/null +++ b/comanage-registry-postgres/comanage-registry-postgres-entrypoint.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +# COmanage Registry PostgreSQL Dockerfile entrypoint +# +# Portions licensed to the University Corporation for Advanced Internet +# Development, Inc. ("UCAID") under one or more contributor license agreements. +# See the NOTICE file distributed with this work for additional information +# regarding copyright ownership. +# +# UCAID licenses this file to you under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with the +# License. You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if [[ -f "${COMANAGE_REGISTRY_POSTGRES_DATABASE_FILE}" ]]; then + COMANAGE_REGISTRY_POSTGRES_DATABASE=`cat ${COMANAGE_REGISTRY_POSTGRES_DATABASE_FILE}` + export COMANAGE_REGISTRY_POSTGRES_DATABASE +fi + +if [[ -f "${COMANAGE_REGISTRY_POSTGRES_USER_FILE}" ]]; then + COMANAGE_REGISTRY_POSTGRES_USER=`cat ${COMANAGE_REGISTRY_POSTGRES_USER_FILE}` + export COMANAGE_REGISTRY_POSTGRES_USER +fi + +if [[ -f "${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD_FILE}" ]]; then + COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD=`cat ${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD_FILE}` + export COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD +fi + +exec "/docker-entrypoint.sh" "$@"