Merge pull request kartoza#313 from kartoza/fix-password

mazano · web-flow · commit 62ace3d3db99 · 2021-06-27T19:21:17.000+02:00
Fix password
diff --git a/Dockerfile b/Dockerfile
@@ -20,7 +20,8 @@ RUN set -eux \
         apt-transport-https curl gettext \
     && dpkg-divert --local --rename --add /sbin/initctl
 
-RUN apt-get -y update; apt-get -y install build-essential autoconf  libxml2-dev zlib1g-dev netcat gdal-bin
+RUN apt-get -y update; apt-get -y install build-essential autoconf  libxml2-dev zlib1g-dev netcat gdal-bin \
+    figlet toilet
 
 
 
@@ -127,7 +128,7 @@ RUN chmod +x *.sh
 # this dockerfile directly.
 RUN set -eux \
     && /scripts/setup.sh
-
+RUN echo 'figlet -t "Kartoza Docker PostGIS"' >> ~/.bashrc
 VOLUME /var/lib/postgresql
 
 ENTRYPOINT /scripts/docker-entrypoint.sh
diff --git a/README.md b/README.md
@@ -307,6 +307,10 @@ To create a running container do:
 docker run --name "postgis" -p 25432:5432 -d -t kartoza/postgis
 ```
 
+**Note** If you do not pass the env variable `POSTGRES_PASS` a random password
+will be generated and will be visible from the logs or within the container in 
+`/tmp/PGPASSWORD.txt`
+
 ## Convenience docker-compose.yml
 
 For convenience, we  provide a ``docker-compose.yml`` that will run a
@@ -506,6 +510,9 @@ replicant is read-only.
 docker run --name "streaming-replication" -e REPLICATION=true -e WAL_LEVEL='replica' -d -p 25432:5432  kartoza/postgis:13.0
 ```
 
+**Note** If you do not pass the env variable `REPLICATION_PASS` a random password
+will be generated and will be visible from the logs or within the container in 
+`/tmp/REPLPASSWORD.txt`
 
 ![qgis](https://user-images.githubusercontent.com/178003/37755610-dd3b774a-2dae-11e8-9fa1-4877e2034675.gif)
 
diff --git a/scenario_tests/collations/docker-compose.yml b/scenario_tests/collations/docker-compose.yml
@@ -20,6 +20,7 @@ services:
       DEFAULT_CTYPE: ${DEFAULT_COLLATION:-id_ID.utf8}
       ALLOW_IP_RANGE: '0.0.0.0/0'
       TEST_CLASS: test_collation.TestCollationDefault
+      POSTGRES_PASS: 'docker'
     ports:
       - "7777:5432"
     healthcheck:
@@ -45,6 +46,7 @@ services:
       DEFAULT_CTYPE: ${DEFAULT_COLLATION:-id_ID.utf8}
       ALLOW_IP_RANGE: '0.0.0.0/0'
       TEST_CLASS: test_collation.TestCollationInitialization
+      POSTGRES_PASS: 'docker'
     ports:
       - "7776:5432"
     healthcheck:
diff --git a/scenario_tests/datadir_init/docker-compose.yml b/scenario_tests/datadir_init/docker-compose.yml
@@ -14,6 +14,7 @@ services:
     environment:
       # Default usage, no datadir location defined
       TEST_CLASS: TestDefault
+      POSTGRES_PASS: 'docker'
     healthcheck:
       interval: 60s
       timeout: 30s
@@ -31,6 +32,7 @@ services:
       # Tell the new location
       TEST_CLASS: TestNew
       DATADIR: /opt/mypostgis/data
+      POSTGRES_PASS: 'docker'
     healthcheck:
       interval: 60s
       timeout: 30s
@@ -50,6 +52,7 @@ services:
       DEFAULT_ENCODING: ${DEFAULT_ENCODING:-UTF-8}
       DEFAULT_COLLATION: ${DEFAULT_COLLATION:-id_ID.utf8}
       DEFAULT_CTYPE: ${DEFAULT_COLLATION:-id_ID.utf8}
+      POSTGRES_PASS: 'docker'
     healthcheck:
       interval: 60s
       timeout: 30s
diff --git a/scenario_tests/extensions/docker-compose.yml b/scenario_tests/extensions/docker-compose.yml
@@ -13,6 +13,7 @@ services:
     environment:
       ALLOW_IP_RANGE: '0.0.0.0/0'
       TEST_CLASS: test_extensions.TestExtensions
+      POSTGRES_PASS: 'docker'
     ports:
       - "7777:5432"
     healthcheck:
@@ -33,6 +34,7 @@ services:
       ALLOW_IP_RANGE: '0.0.0.0/0'
       TEST_CLASS: test_extensions.TestExtensions
       POSTGRES_MULTIPLE_EXTENSIONS: postgis,pgrouting
+      POSTGRES_PASS: 'docker'
     ports:
       - "7776:5432"
     healthcheck:
diff --git a/scenario_tests/logical_replication/docker-compose.yml b/scenario_tests/logical_replication/docker-compose.yml
@@ -17,6 +17,7 @@ services:
       - ../utils:/lib/utils
     environment:
       ALLOW_IP_RANGE: '0.0.0.0/0'
+      POSTGRES_PASS: 'docker'
       REPLICATION_USER: 'replicator'
       REPLICATION_PASS: 'replicator'
       REPLICATION: 'true'
@@ -43,6 +44,7 @@ services:
     environment:
       ALLOW_IP_RANGE: '0.0.0.0/0'
       WAL_LEVEL: 'logical'
+      POSTGRES_PASS: 'docker'
       REPLICATION_USER: 'replicator'
       REPLICATION_PASS: 'replicator'
       REPLICATION: 'true'
diff --git a/scenario_tests/streaming_replication/docker-compose.yml b/scenario_tests/streaming_replication/docker-compose.yml
@@ -22,6 +22,7 @@ services:
       ALLOW_IP_RANGE: '0.0.0.0/0'
 
       # We can specify optional credentials
+      POSTGRES_PASS: 'docker'
       REPLICATION_USER: 'replicator'
       REPLICATION_PASS: 'replicator'
       REPLICATION: 'true'
@@ -61,6 +62,7 @@ services:
       # REPLICATE_FROM options accepts domain-name or IP address
       # with this in mind, you can also put docker service name, because it
       # will be resolved as host name.
+      POSTGRES_PASS: 'docker'
       REPLICATE_FROM: 'pg-master'
       REPLICATION: 'true'
 
diff --git a/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh
@@ -14,6 +14,12 @@ source /scripts/setup-ssl.sh
 # Setup pg_hba.conf
 
 source /scripts/setup-pg_hba.sh
+# Function to add figlet
+figlet -t "Kartoza Docker PostGIS"
+
+POSTGRES_PASS=$(cat /tmp/PGPASSWORD.txt)
+echo -e "[Entrypoint] GENERATED Postgres  PASSWORD: \e[1;31m $POSTGRES_PASS"
+echo -e "\033[0m PGPASSWORD Generated above: "
 
 if [[ -z "$REPLICATE_FROM" ]]; then
     # This means this is a master instance. We check that database exists
@@ -43,4 +49,5 @@ if [[ "${1:0:1}" = '-' ]]; then
     set -- postgres "$@"
 fi
 
+
 exec su - "$@"
diff --git a/scripts/env-data.sh b/scripts/env-data.sh
@@ -3,6 +3,7 @@ POSTGRES_MAJOR_VERSION=$(cat /tmp/pg_version.txt)
 POSTGIS_MAJOR=$(cat /tmp/pg_major_version.txt)
 POSTGIS_MINOR_RELEASE=$(cat /tmp/pg_minor_version.txt)
 DEFAULT_DATADIR="/var/lib/postgresql/${POSTGRES_MAJOR_VERSION}/main"
+POSTGRES_INITDB_WALDIR="/opt/postgresql/${POSTGRES_MAJOR_VERSION}/pg_waldir"
 ROOT_CONF="/etc/postgresql/${POSTGRES_MAJOR_VERSION}/main"
 PG_ENV="$ROOT_CONF/environment"
 CONF="$ROOT_CONF/postgresql.conf"
@@ -19,6 +20,7 @@ PGSTAT_TMP="/var/run/postgresql/"
 PG_PID="/var/run/postgresql/${POSTGRES_MAJOR_VERSION}-main.pid"
 
 
+
 # Read data from secrets into env variables.
 
 # usage: file_env VAR [DEFAULT]
@@ -67,20 +69,26 @@ then
     mkdir -p ${DATA_PATH}
 fi
 }
+
+
+if [ -z "${POSTGRES_INITDB_WALDIR}" ]; then
+	POSTGRES_INITDB_WALDIR=${POSTGRES_INITDB_WALDIR}
+fi
+
 # Make sure we have a user set up
 if [ -z "${POSTGRES_USER}" ]; then
 	POSTGRES_USER=docker
 fi
-if [ -z "${POSTGRES_PASS}" ]; then
-	POSTGRES_PASS=docker
-fi
+
+
 if [ -z "${POSTGRES_DBNAME}" ]; then
 	POSTGRES_DBNAME=gis
 fi
 # If datadir is not defined, then use this
 if [ -z "${DATADIR}" ]; then
   DATADIR=${DEFAULT_DATADIR}
 fi
+
 # RECREATE_DATADIR flag default value
 # Always assume that we don't want to recreate datadir if not explicitly defined
 # For issue: https://github.com/kartoza/docker-postgis/issues/226
@@ -245,10 +253,6 @@ if [ -z "${REPLICATION_USER}" ]; then
   REPLICATION_USER=replicator
 fi
 
-if [ -z "${REPLICATION_PASS}" ]; then
-  REPLICATION_PASS=replicator
-fi
-
 
 if [ -z "$IGNORE_INIT_HOOK_LOCKFILE" ]; then
     IGNORE_INIT_HOOK_LOCKFILE=false
@@ -377,3 +381,28 @@ until su - postgres -c "${PG_BASEBACKUP} -X stream -h ${REPLICATE_FROM} -p ${REP
 	done
 
 }
+
+function pg_password() {
+  SETUP_LOCKFILE="/settings/.pgpasspass.lock"
+  if [ -z "${POSTGRES_PASS}"  ] && [ ! -f ${SETUP_LOCKFILE} ]; then
+	  POSTGRES_PASS=$(openssl rand -base64 15)
+	  touch ${SETUP_LOCKFILE}
+	  echo "$POSTGRES_PASS" >> /tmp/PGPASSWORD.txt
+	else
+	  echo "$POSTGRES_PASS" >> /tmp/PGPASSWORD.txt
+  fi
+
+}
+
+function replication_password() {
+  SETUP_LOCKFILE="/settings/.replicationpass.lock"
+  if [ -z "${REPLICATION_PASS}"  ] && [ ! -f ${SETUP_LOCKFILE} ]; then
+	  REPLICATION_PASS=$(openssl rand -base64 15)
+	  touch ${SETUP_LOCKFILE}
+	  echo "$REPLICATION_PASS" >> /tmp/REPLPASSWORD.txt
+	else
+	  echo "$REPLICATION_PASS" >> /tmp/REPLPASSWORD.txt
+  fi
+
+}
+
diff --git a/scripts/setup-conf.sh b/scripts/setup-conf.sh
@@ -3,6 +3,7 @@
 source /scripts/env-data.sh
 
 SETUP_LOCKFILE="${ROOT_CONF}/.postgresql.conf.lock"
+create_dir /settings
 if [ -f "${SETUP_LOCKFILE}" ]; then
 	return 0
 fi
diff --git a/scripts/setup-database.sh b/scripts/setup-database.sh
@@ -2,21 +2,22 @@
 
 source /scripts/env-data.sh
 
+POSTGRES_PASS=$(cat /tmp/PGPASSWORD.txt)
+
 # test if DATADIR has content
 # Do initialization if DATADIR is empty, or RECREATE_DATADIR is true
 if [[ -z "$(ls -A ${DATADIR} 2> /dev/null)" || "${RECREATE_DATADIR}" == 'TRUE' ]]; then
     # Only attempt reinitializations if ${RECREATE_DATADIR} is true
     # No Replicate From settings. Assume that this is a master database.
     # Initialise db
     echo "Initializing Postgres Database at ${DATADIR}"
+    create_dir ${POSTGRES_INITDB_WALDIR}
     create_dir ${DATADIR}
     rm -rf ${DATADIR}/*
-    chown -R postgres:postgres ${DATADIR}
+    chown -R postgres:postgres ${DATADIR} ${POSTGRES_INITDB_WALDIR}
     echo "Initializing with command:"
-    echo "postgres" > /tmp/superuser_pass.txt
-    command="$INITDB -U postgres --pwfile "/tmp/superuser_pass.txt" -E ${DEFAULT_ENCODING} --lc-collate=${DEFAULT_COLLATION} --lc-ctype=${DEFAULT_CTYPE} --wal-segsize=${WAL_SEGSIZE} --auth=${PASSWORD_AUTHENTICATION} -D ${DATADIR} ${INITDB_EXTRA_ARGS}"
+    command="$INITDB -U postgres --pwfile=<(echo "$POSTGRES_PASS") -E ${DEFAULT_ENCODING} --lc-collate=${DEFAULT_COLLATION} --lc-ctype=${DEFAULT_CTYPE} --wal-segsize=${WAL_SEGSIZE} --auth=${PASSWORD_AUTHENTICATION} -D ${DATADIR} --waldir=${POSTGRES_INITDB_WALDIR} ${INITDB_EXTRA_ARGS}"
     su - postgres -c "$command"
-    rm /tmp/superuser_pass.txt
 fi;
 
 # Set proper permissions
diff --git a/scripts/setup-pg_hba.sh b/scripts/setup-pg_hba.sh
@@ -7,6 +7,9 @@ if [ -f "${SETUP_LOCKFILE}" ]; then
 	return 0
 fi
 
+# Setup Postgresql password
+pg_password
+
 # This script will setup pg_hba.conf
 
 # Reconfigure pg_hba if environment settings changed
diff --git a/scripts/setup-user.sh b/scripts/setup-user.sh
@@ -14,9 +14,9 @@ source /scripts/env-data.sh
 
 # Only create credentials if this is a master database
 # Slave database will just mirror from master users
-echo "Setup postgres User:Password"
-echo "postgresql user: $POSTGRES_USER" > /tmp/PGPASSWORD.txt
-echo "postgresql password: $POSTGRES_PASS" >> /tmp/PGPASSWORD.txt
+
+
+POSTGRES_PASS=$(cat /tmp/PGPASSWORD.txt)
 
 # Check user already exists
 echo "Creating superuser $POSTGRES_USER"
@@ -27,6 +27,9 @@ if [ -z "$RESULT" ]; then
 fi
 su - postgres -c "psql postgres -c \"$COMMAND USER $POSTGRES_USER WITH SUPERUSER ENCRYPTED PASSWORD '$POSTGRES_PASS';\""
 
+replication_password
+REPLICATION_PASS=$(cat /tmp/REPLPASSWORD.txt)
+
 echo "Creating replication user $REPLICATION_USER"
 RESULT_REPLICATION=`su - postgres -c "psql postgres -t -c \"SELECT 1 FROM pg_roles WHERE rolname = '$REPLICATION_USER'\""`
 COMMANDS="ALTER"
