Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ROX-19980 pre-built scanner-db image #1310

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
ROX-19980 fix
ludydoo committed Oct 27, 2023

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit 9360fb22c240a7781000642ebce7dd67a582fcf2
64 changes: 43 additions & 21 deletions image/db/rhel/scripts/custom-entrypoint.sh
Original file line number Diff line number Diff line change
@@ -6,35 +6,57 @@

set -e

echo "Creating /var/lib/postgresql/data/pgdata..."
mkdir -p /var/lib/postgresql/data/pgdata
if [ ! -d "/var/lib/postgresql/data/pgdata" ]; then

echo "Uncompressing into /var/lib/pgsql/data/pgdata..."
tar -xzf /tmp/data.tar.gz -C /var/lib/postgresql/data/pgdata
echo "Creating /var/lib/postgresql/data/pgdata..."
mkdir -p /var/lib/postgresql/data/pgdata

echo "Starting database..."
POSTGRES_PASSWORD=postgres /usr/local/bin/docker-entrypoint.sh postgres -c config_file=/etc/postgresql.conf &
echo "Moving archive to target directory..."
mv /tmp/data.tar.gz /var/lib/postgresql/data/pgdata/data.tar.gz

echo "Waiting for database to be ready..."
while ! pg_isready -U postgres -h localhost -p 5432; do
sleep 1
done
echo "Uncompressing into /var/lib/pgsql/data/pgdata..."
tar -xzf /var/lib/postgresql/data/pgdata/data.tar.gz -C /var/lib/postgresql/data/pgdata

echo "Changing password..."
if [ "$POSTGRES_PASSWORD" != "postgres" ]; then
PGPASSWORD=postgres psql -c "ALTER USER postgres WITH PASSWORD '$POSTGRES_PASSWORD';"
fi
echo "Removing archive..."
rm /var/lib/postgresql/data/pgdata/data.tar.gz

echo "Starting database..."
POSTGRES_PASSWORD_FILE="" POSTGRES_PASSWORD=postgres /usr/local/bin/docker-entrypoint.sh postgres -c config_file=/etc/postgresql.conf &

echo "Waiting for database to be ready..."
while ! pg_isready -U postgres -h localhost -p 5432; do
sleep 1
done

echo "Changing password if POSTGRES_PASSWORD is set..."
if [ -n "$POSTGRES_PASSWORD" ]; then
PGPASSWORD=postgres psql -c "ALTER USER postgres WITH PASSWORD '$POSTGRES_PASSWORD';"
elif [ -n "$POSTGRES_PASSWORD_FILE" ]; then
PGPASSWORD=$(cat "$POSTGRES_PASSWORD_FILE") psql -c "ALTER USER postgres WITH PASSWORD '$POSTGRES_PASSWORD';"
fi

echo "Renaming postgres user if necessary..."
if [ "$POSTGRES_USER" != "postgres" ]; then
PGPASSWORD="$POSTGRES_PASSWORD" psql -c "ALTER USER postgres RENAME TO $POSTGRES_USER;"
echo "Renaming postgres user if necessary..."
if [ -n "$POSTGRES_USER" ]; then
if [ "$POSTGRES_USER" != "postgres" ]; then
PGPASSWORD="$POSTGRES_PASSWORD" psql -c "ALTER USER postgres RENAME TO $POSTGRES_USER;"
fi
fi

echo "Stopping database..."
pg_ctl -w stop

else
echo "Database already initialized. Skipping initialization..."
fi

echo "Stopping database..."
pg_ctl -w stop
if [ "${ROX_SCANNER_DB_INIT}" == "true" ]; then
echo "ROX_SCANNER_DB_INIT is set to true. Exiting..."
exit 0
else
echo "Database initialized."
fi

# Now we can start the database for real. But we will
# forward any arguments to the actual entrypoint script
echo "Starting database for real..."

exec /usr/local/bin/docker-entrypoint.sh "$@"
exec /usr/local/bin/docker-entrypoint.sh "$@"
26 changes: 0 additions & 26 deletions image/db/rhel/scripts/docker-entrypoint.sh
Original file line number Diff line number Diff line change
@@ -6,10 +6,6 @@
###
### [1]: https://github.com/docker-library/postgres/blob/master/12/bullseye/docker-entrypoint.sh

if [ -n "$ROX_SCANNER_DB_INIT" ]; then
exit 0
fi

set -Eeo pipefail
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)

@@ -310,18 +306,6 @@ _main() {
fi

if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then
### STACKROX MODIFIED - If we are initializing, then ensure we start from scratch.
if [ -n "$ROX_SCANNER_DB_INIT" ]; then
echo
echo 'Initializing... Clearing any previous data from directories'
echo

rm -rf "$PGDATA"
if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
rm -rf "$POSTGRES_INITDB_WALDIR"
fi
fi

docker_setup_env
# setup data directories and permissions (when run as root)
docker_create_db_directories
@@ -333,16 +317,6 @@ _main() {
exec gosu postgres "$BASH_SOURCE" "$@"
fi

### STACKROX MODIFIED - Sanity check the database does not exist
### upon initialization.
if [ -n "$ROX_SCANNER_DB_INIT" ] && [ -n "$DATABASE_ALREADY_EXISTS" ]; then
echo
echo 'PostgreSQL Database appears to already exist upon initialization; Exiting with error...'
echo

exit 1
fi

# only run initialization on an empty data directory
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
docker_verify_minimum_env