wip
This commit is contained in:
Bernhard Radermacher
22
Dockerfile
22
Dockerfile
@@ -1,4 +1,4 @@
|
||||
FROM debian:trixie-slim
|
||||
FROM pendragon.zone/docker/pg15
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install -y --no-install-recommends \
|
||||
@@ -8,26 +8,6 @@ RUN apt-get update && \
|
||||
&& \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install -y --no-install-recommends \
|
||||
openssh-server \
|
||||
sudo \
|
||||
&& \
|
||||
rm -rf /var/lib/apt/lists/* && \
|
||||
echo "postgres ALL = (ALL) NOPASSWD:ALL" >> /etc/sudoers && \
|
||||
echo "X11Forwarding no" >> /etc/ssh/sshd_config && \
|
||||
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config && \
|
||||
echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config && \
|
||||
mkdir -p /var/lib/postgresql/.ssh && \
|
||||
chmod 700 /var/lib/postgresql/.ssh && \
|
||||
chown postgres: /var/lib/postgresql/.ssh && \
|
||||
chmod g-w,o-w /var/lib/postgresql
|
||||
|
||||
COPY --chmod=600 --chown=postgres:postgres authorized_keys id_ed25519 /var/lib/postgresql/.ssh/
|
||||
COPY --chmod=600 --chown=postgres:postgres pool_hba.conf /etc/pgpool2/
|
||||
# COPY --chmod=600 --chown=postgres:postgres pgpool.conf /etc/pgpool2/
|
||||
COPY --chmod=755 entrypoint.sh /usr/local/bin/
|
||||
|
||||
ENTRYPOINT ["entrypoint.sh"]
|
||||
|
||||
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILfsb4w8ZYhu/A1HFR/e59WpbKxejE8DkbdCpj6y/mbO postgres docker swarm
|
||||
@@ -2,32 +2,77 @@
|
||||
|
||||
set -Eeo pipefail
|
||||
|
||||
sudo service ssh start
|
||||
file_env() {
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar"
|
||||
exit 1
|
||||
fi
|
||||
local val="$def"
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
docker_setup_env() {
|
||||
file_env 'PGPOOL_ADMIN_USERNAME'
|
||||
file_env 'PGPOOL_ADMIN_PASSWORD'
|
||||
file_env 'POSTGRES_PGPOOL_USERNAME'
|
||||
file_env 'POSTGRES_PGPOOL_PASSWORD'
|
||||
}
|
||||
|
||||
if [ "$(id -u)" = '0' ]; then
|
||||
exec gosu postgres "$BASH_SOURCE"
|
||||
fi
|
||||
|
||||
install --directory --owner postgres --group postgres --mode 700 /var/lib/postgresql/.ssh
|
||||
cp /ssh/* /var/lib/postgresql/.ssh/
|
||||
chmod 600 /var/lib/postgresql/.ssh/*
|
||||
|
||||
docker_setup_env
|
||||
|
||||
printf "%s:%s\n" "$PGPOOL_ADMIN_USERNAME" (pg_md5 "$PGPOOL_ADMIN_PASSWORD") > /etc/pgpool2/pcp.conf
|
||||
{
|
||||
printf "listen_addresses = '*'\n"
|
||||
printf "port = 5432\n"
|
||||
printf "unix_socket_directories = '/run'\n"
|
||||
printf "pcp_socket_dir = '/run'\n"
|
||||
printf "enable_pool_hba = off\n"
|
||||
printf "allow_clear_text_frontend_auth = on\n"
|
||||
printf "process_management_mode = 'dynamic'\n"
|
||||
printf "backend_clustering_mode = 'raw'\n"
|
||||
printf "health_check_timeout = 5\n"
|
||||
printf "health_check_period = 5\n"
|
||||
printf "health_check_user = 'pgpool'\n"
|
||||
printf "health_check_password = '%s'\n" "$PGPOOL_PASSWORD"
|
||||
printf "localhost:9898:%s:%s\n" "$PGPOOL_ADMIN_USERNAME" "$PGPOOL_ADMIN_PASSWORD"
|
||||
printf "pgpool:9898:%s:%s\n" "$PGPOOL_ADMIN_USERNAME" "$PGPOOL_ADMIN_PASSWORD"
|
||||
} > ~/.pcppass
|
||||
chmod 600 /etc/pgpool2/pcp.conf ~/.pcppass
|
||||
|
||||
IFS=':'
|
||||
n=0
|
||||
for backend in $PGPOOL_BACKEND
|
||||
do
|
||||
printf "backend_hostname%d = '%s'\n" $n $backend
|
||||
printf "backend_port%d = 5432\n" $n
|
||||
((n+=1))
|
||||
done
|
||||
} > /etc/pgpool2/pgpool.conf
|
||||
|
||||
#
|
||||
#
|
||||
#{
|
||||
# printf "listen_addresses = '*'\n"
|
||||
# printf "port = 5432\n"
|
||||
# printf "unix_socket_directories = '/run'\n"
|
||||
# printf "pcp_socket_dir = '/run'\n"
|
||||
# printf "enable_pool_hba = off\n"
|
||||
# printf "allow_clear_text_frontend_auth = on\n"
|
||||
# printf "process_management_mode = 'dynamic'\n"
|
||||
# printf "backend_clustering_mode = 'raw'\n"
|
||||
# printf "health_check_timeout = 5\n"
|
||||
# printf "health_check_period = 5\n"
|
||||
# printf "health_check_user = 'pgpool'\n"
|
||||
# printf "health_check_password = '%s'\n" "$PGPOOL_PASSWORD"
|
||||
#
|
||||
# IFS=':'
|
||||
# n=0
|
||||
# for backend in $PGPOOL_BACKEND
|
||||
# do
|
||||
# printf "backend_hostname%d = '%s'\n" $n $backend
|
||||
# printf "backend_port%d = 5432\n" $n
|
||||
# ((n+=1))
|
||||
# done
|
||||
#} > /etc/pgpool2/pgpool.conf
|
||||
|
||||
|
||||
sudo service ssh start
|
||||
sudo /usr/sbin/pgpool
|
||||
|
||||
while true
|
||||
|
||||
@@ -1,7 +0,0 @@
|
||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||
QyNTUxOQAAACC37G+MPGWIbvwNRxUf3ufVqWysXoxPA5G3QqY+sv5mzgAAAJgP2LF4D9ix
|
||||
eAAAAAtzc2gtZWQyNTUxOQAAACC37G+MPGWIbvwNRxUf3ufVqWysXoxPA5G3QqY+sv5mzg
|
||||
AAAEBhVUtZmAbot+VXJpY/IueHrCQeTDgClUTCepMJa1mqZbfsb4w8ZYhu/A1HFR/e59Wp
|
||||
bKxejE8DkbdCpj6y/mbOAAAAFXBvc3RncmVzIGRvY2tlciBzd2FybQ==
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
Reference in New Issue
Block a user