Skip to content

Commit 3f585c5

Browse files
tianontianon
committed
Utilize "initdb" functionality better to allow "POSTGRES_INITDB_ARGS=--auth-local=md5"
This also closes a slight bug we've had previously where the "postgres" user is _always_ created (now we only create the user specified via the environment variables).
1 parent 2337858 commit 3f585c5

13 files changed

+169
-286
lines changed

10/alpine/docker-entrypoint.sh

Lines changed: 13 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then
6565
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
6666
fi
6767

68+
file_env 'POSTGRES_USER' 'postgres'
69+
file_env 'POSTGRES_PASSWORD'
70+
6871
file_env 'POSTGRES_INITDB_ARGS'
6972
if [ "$POSTGRES_INITDB_WALDIR" ]; then
7073
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
7174
fi
72-
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
75+
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
7376

7477
# unset/cleanup "nss_wrapper" bits
7578
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
@@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then
7982

8083
# check password first so we can output the warning before postgres
8184
# messes it up
82-
file_env 'POSTGRES_PASSWORD'
83-
if [ "$POSTGRES_PASSWORD" ]; then
84-
pass="PASSWORD :'pass'"
85+
if [ -n "$POSTGRES_PASSWORD" ]; then
8586
authMethod=md5
8687
else
8788
# The - option suppresses leading tabs but *not* spaces. :)
@@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then
99100
****************************************************
100101
EOWARN
101102

102-
pass=
103103
authMethod=trust
104104
fi
105105

@@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then
110110

111111
# internal start of server in order to allow set-up using psql-client
112112
# does not listen on external TCP/IP and waits until start finishes
113-
PGUSER="${PGUSER:-postgres}" \
113+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
114114
pg_ctl -D "$PGDATA" \
115115
-o "-c listen_addresses=''" \
116116
-w start
117117

118-
file_env 'POSTGRES_USER' 'postgres'
119118
file_env 'POSTGRES_DB' "$POSTGRES_USER"
120119

121-
psql=( psql -v ON_ERROR_STOP=1 )
120+
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
121+
psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
122122

123123
if [ "$POSTGRES_DB" != 'postgres' ]; then
124-
"${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL'
124+
"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
125125
CREATE DATABASE :"db" ;
126126
EOSQL
127127
echo
128128
fi
129-
130-
if [ "$POSTGRES_USER" = 'postgres' ]; then
131-
op='ALTER'
132-
else
133-
op='CREATE'
134-
fi
135-
"${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL
136-
$op USER :"user" WITH SUPERUSER $pass ;
137-
EOSQL
138-
echo
139-
140-
psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" )
129+
psql+=( --dbname "$POSTGRES_DB" )
141130

142131
echo
143132
for f in /docker-entrypoint-initdb.d/*; do
@@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then
160149
echo
161150
done
162151

163-
PGUSER="${PGUSER:-postgres}" \
152+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
164153
pg_ctl -D "$PGDATA" -m fast -w stop
165154

155+
unset PGPASSWORD
156+
166157
echo
167158
echo 'PostgreSQL init process complete; ready for start up.'
168159
echo

10/docker-entrypoint.sh

Lines changed: 13 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then
6565
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
6666
fi
6767

68+
file_env 'POSTGRES_USER' 'postgres'
69+
file_env 'POSTGRES_PASSWORD'
70+
6871
file_env 'POSTGRES_INITDB_ARGS'
6972
if [ "$POSTGRES_INITDB_WALDIR" ]; then
7073
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
7174
fi
72-
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
75+
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
7376

7477
# unset/cleanup "nss_wrapper" bits
7578
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
@@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then
7982

8083
# check password first so we can output the warning before postgres
8184
# messes it up
82-
file_env 'POSTGRES_PASSWORD'
83-
if [ "$POSTGRES_PASSWORD" ]; then
84-
pass="PASSWORD :'pass'"
85+
if [ -n "$POSTGRES_PASSWORD" ]; then
8586
authMethod=md5
8687
else
8788
# The - option suppresses leading tabs but *not* spaces. :)
@@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then
99100
****************************************************
100101
EOWARN
101102

102-
pass=
103103
authMethod=trust
104104
fi
105105

@@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then
110110

111111
# internal start of server in order to allow set-up using psql-client
112112
# does not listen on external TCP/IP and waits until start finishes
113-
PGUSER="${PGUSER:-postgres}" \
113+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
114114
pg_ctl -D "$PGDATA" \
115115
-o "-c listen_addresses=''" \
116116
-w start
117117

118-
file_env 'POSTGRES_USER' 'postgres'
119118
file_env 'POSTGRES_DB' "$POSTGRES_USER"
120119

121-
psql=( psql -v ON_ERROR_STOP=1 )
120+
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
121+
psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
122122

123123
if [ "$POSTGRES_DB" != 'postgres' ]; then
124-
"${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL'
124+
"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
125125
CREATE DATABASE :"db" ;
126126
EOSQL
127127
echo
128128
fi
129-
130-
if [ "$POSTGRES_USER" = 'postgres' ]; then
131-
op='ALTER'
132-
else
133-
op='CREATE'
134-
fi
135-
"${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL
136-
$op USER :"user" WITH SUPERUSER $pass ;
137-
EOSQL
138-
echo
139-
140-
psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" )
129+
psql+=( --dbname "$POSTGRES_DB" )
141130

142131
echo
143132
for f in /docker-entrypoint-initdb.d/*; do
@@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then
160149
echo
161150
done
162151

163-
PGUSER="${PGUSER:-postgres}" \
152+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
164153
pg_ctl -D "$PGDATA" -m fast -w stop
165154

155+
unset PGPASSWORD
156+
166157
echo
167158
echo 'PostgreSQL init process complete; ready for start up.'
168159
echo

11/alpine/docker-entrypoint.sh

Lines changed: 13 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then
6565
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
6666
fi
6767

68+
file_env 'POSTGRES_USER' 'postgres'
69+
file_env 'POSTGRES_PASSWORD'
70+
6871
file_env 'POSTGRES_INITDB_ARGS'
6972
if [ "$POSTGRES_INITDB_WALDIR" ]; then
7073
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
7174
fi
72-
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
75+
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
7376

7477
# unset/cleanup "nss_wrapper" bits
7578
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
@@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then
7982

8083
# check password first so we can output the warning before postgres
8184
# messes it up
82-
file_env 'POSTGRES_PASSWORD'
83-
if [ "$POSTGRES_PASSWORD" ]; then
84-
pass="PASSWORD :'pass'"
85+
if [ -n "$POSTGRES_PASSWORD" ]; then
8586
authMethod=md5
8687
else
8788
# The - option suppresses leading tabs but *not* spaces. :)
@@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then
99100
****************************************************
100101
EOWARN
101102

102-
pass=
103103
authMethod=trust
104104
fi
105105

@@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then
110110

111111
# internal start of server in order to allow set-up using psql-client
112112
# does not listen on external TCP/IP and waits until start finishes
113-
PGUSER="${PGUSER:-postgres}" \
113+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
114114
pg_ctl -D "$PGDATA" \
115115
-o "-c listen_addresses=''" \
116116
-w start
117117

118-
file_env 'POSTGRES_USER' 'postgres'
119118
file_env 'POSTGRES_DB' "$POSTGRES_USER"
120119

121-
psql=( psql -v ON_ERROR_STOP=1 )
120+
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
121+
psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
122122

123123
if [ "$POSTGRES_DB" != 'postgres' ]; then
124-
"${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL'
124+
"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
125125
CREATE DATABASE :"db" ;
126126
EOSQL
127127
echo
128128
fi
129-
130-
if [ "$POSTGRES_USER" = 'postgres' ]; then
131-
op='ALTER'
132-
else
133-
op='CREATE'
134-
fi
135-
"${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL
136-
$op USER :"user" WITH SUPERUSER $pass ;
137-
EOSQL
138-
echo
139-
140-
psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" )
129+
psql+=( --dbname "$POSTGRES_DB" )
141130

142131
echo
143132
for f in /docker-entrypoint-initdb.d/*; do
@@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then
160149
echo
161150
done
162151

163-
PGUSER="${PGUSER:-postgres}" \
152+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
164153
pg_ctl -D "$PGDATA" -m fast -w stop
165154

155+
unset PGPASSWORD
156+
166157
echo
167158
echo 'PostgreSQL init process complete; ready for start up.'
168159
echo

11/docker-entrypoint.sh

Lines changed: 13 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then
6565
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
6666
fi
6767

68+
file_env 'POSTGRES_USER' 'postgres'
69+
file_env 'POSTGRES_PASSWORD'
70+
6871
file_env 'POSTGRES_INITDB_ARGS'
6972
if [ "$POSTGRES_INITDB_WALDIR" ]; then
7073
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
7174
fi
72-
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
75+
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
7376

7477
# unset/cleanup "nss_wrapper" bits
7578
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
@@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then
7982

8083
# check password first so we can output the warning before postgres
8184
# messes it up
82-
file_env 'POSTGRES_PASSWORD'
83-
if [ "$POSTGRES_PASSWORD" ]; then
84-
pass="PASSWORD :'pass'"
85+
if [ -n "$POSTGRES_PASSWORD" ]; then
8586
authMethod=md5
8687
else
8788
# The - option suppresses leading tabs but *not* spaces. :)
@@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then
99100
****************************************************
100101
EOWARN
101102

102-
pass=
103103
authMethod=trust
104104
fi
105105

@@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then
110110

111111
# internal start of server in order to allow set-up using psql-client
112112
# does not listen on external TCP/IP and waits until start finishes
113-
PGUSER="${PGUSER:-postgres}" \
113+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
114114
pg_ctl -D "$PGDATA" \
115115
-o "-c listen_addresses=''" \
116116
-w start
117117

118-
file_env 'POSTGRES_USER' 'postgres'
119118
file_env 'POSTGRES_DB' "$POSTGRES_USER"
120119

121-
psql=( psql -v ON_ERROR_STOP=1 )
120+
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
121+
psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
122122

123123
if [ "$POSTGRES_DB" != 'postgres' ]; then
124-
"${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL'
124+
"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
125125
CREATE DATABASE :"db" ;
126126
EOSQL
127127
echo
128128
fi
129-
130-
if [ "$POSTGRES_USER" = 'postgres' ]; then
131-
op='ALTER'
132-
else
133-
op='CREATE'
134-
fi
135-
"${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL
136-
$op USER :"user" WITH SUPERUSER $pass ;
137-
EOSQL
138-
echo
139-
140-
psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" )
129+
psql+=( --dbname "$POSTGRES_DB" )
141130

142131
echo
143132
for f in /docker-entrypoint-initdb.d/*; do
@@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then
160149
echo
161150
done
162151

163-
PGUSER="${PGUSER:-postgres}" \
152+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
164153
pg_ctl -D "$PGDATA" -m fast -w stop
165154

155+
unset PGPASSWORD
156+
166157
echo
167158
echo 'PostgreSQL init process complete; ready for start up.'
168159
echo

0 commit comments

Comments
 (0)