better postgres initialization

docker · May 1, 2017 · 956854e · 956854e
1 parent 95f1385
commit 956854e
Showing 4 changed files with 84 additions and 6 deletions.
diff --git a/comanage-registry-postgres/Dockerfile b/comanage-registry-postgres/Dockerfile
@@ -23,5 +23,17 @@ ENV INIT_DIR /docker-entrypoint-initdb.d
 RUN mkdir -p "$INIT_DIR"
 
 COPY init-comanage-registry-database.sh "$INIT_DIR/init-comanage-registry-database.sh"
+COPY create-pg_hba.conf.sh "$INIT_DIR/create-pg_hba.conf.sh"
 
 RUN chmod 0755 "$INIT_DIR/init-comanage-registry-database.sh"
+RUN chmod 0755 "$INIT_DIR/create-pg_hba.conf.sh"
+
+ARG COMANAGE_REGISTRY_POSTGRES_DATABASE
+ARG COMANAGE_REGISTRY_POSTGRES_USER
+ARG COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD
+
+ENV COMANAGE_REGISTRY_POSTGRES_DATABASE ${COMANAGE_REGISTRY_POSTGRES_DATABASE:-registry}
+ENV COMANAGE_REGISTRY_POSTGRES_USER ${COMANAGE_REGISTRY_POSTGRES_USER:-registry_user}
+ENV COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD ${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD:-}
+
+CMD ["-c", "hba_file=/etc/postgres/pg_hba.conf"]
diff --git a/comanage-registry-postgres/README.md b/comanage-registry-postgres/README.md
@@ -21,7 +21,7 @@ limitations under the License.
 
 # PostgreSQL for COmanage Registry
 
-A simple example demonstrating how to create and image and container
+A simple example demonstrating how to create an image and container
 based on PostgreSQL to use with COmanage Registry containers. 
 
 ## Build
@@ -51,3 +51,28 @@ docker run -d --name comanage-registry-database \
   -v /tmp/postgres-data:/var/lib/postgresql/data \
   comanage-registry-postgres
 ```
+
+You can use the following environment variables with the image:
+
+* `POSTGRES_USER`: superuser (default is `postgres`)
+* `POSTGRES_PASSWORD`: password for superuser (no default)
+* `COMANAGE_REGISTRY_POSTGRES_DATABASE`: COmanage Registry database (default is `registry`)
+* `COMANAGE_REGISTRY_POSTGRES_USER`: COmanage Registry database user (default is `registry_user`)
+* `COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD`: password for database user (no default)
+
+For example:
+
+```
+docker run -d --name comanage-registry-database \
+  --network comanage-registry-internal-network \
+  -v /tmp/postgres-data:/var/lib/postgresql/data \
+  -e POSTGRES_USER=postgres \
+  -e POSTGRES_PASSWORD=a_password \
+  -e COMANAGE_REGISTRY_POSTGRES_DATABASE=registry \
+  -e COMANAGE_REGISTRY_POSTGRES_USER=registry_user \
+  -e COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD=another_password \
+  comanage-registry-postgres
+```
+
+If you do not set a password for the superuser or the COmanage Registry user then
+any client with access to the container may connect to the database.
diff --git a/comanage-registry-postgres/create-pg_hba.conf.sh b/comanage-registry-postgres/create-pg_hba.conf.sh
@@ -0,0 +1,30 @@
+#!/bin/bash -x
+
+# COmanage Registry PostgreSQL pg_hba.conf creation script
+#
+# Portions licensed to the University Corporation for Advanced Internet
+# Development, Inc. ("UCAID") under one or more contributor license agreements.
+# See the NOTICE file distributed with this work for additional information
+# regarding copyright ownership.
+#
+# UCAID licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+
+mkdir -p /etc/postgres
+
+cat > /etc/postgres/pg_hba.conf <<EOF
+local all postgres peer
+host $COMANAGE_REGISTRY_POSTGRES_DATABASE $COMANAGE_REGISTRY_POSTGRES_USER 127.0.0.1/32 md5
+host $COMANAGE_REGISTRY_POSTGRES_DATABASE $COMANAGE_REGISTRY_POSTGRES_USER samenet md5
+EOF
diff --git a/comanage-registry-postgres/init-comanage-registry-database.sh b/comanage-registry-postgres/init-comanage-registry-database.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -x
 
 # COmanage Registry PostgreSQL entrypoint
 #
@@ -21,8 +21,19 @@
 
 set -e
 
-psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
-    CREATE USER registry_user;
-    CREATE DATABASE registry;
-    GRANT ALL PRIVILEGES ON DATABASE registry TO registry_user;
+if [ -n "$COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD" ]
+then
+    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
+    CREATE USER $COMANAGE_REGISTRY_POSTGRES_USER WITH ENCRYPTED PASSWORD '$COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD';
+    CREATE DATABASE $COMANAGE_REGISTRY_POSTGRES_DATABASE;
+    GRANT ALL PRIVILEGES ON DATABASE $COMANAGE_REGISTRY_POSTGRES_DATABASE TO $COMANAGE_REGISTRY_POSTGRES_USER;
 EOSQL
+
+else
+    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
+    CREATE USER $COMANAGE_REGISTRY_POSTGRES_USER;
+    CREATE DATABASE $COMANAGE_REGISTRY_POSTGRES_DATABASE;
+    GRANT ALL PRIVILEGES ON DATABASE $COMANAGE_REGISTRY_POSTGRES_DATABASE TO $COMANAGE_REGISTRY_POSTGRES_USER;
+EOSQL
+
+fi