From 764bbb0e507c01be3e57e6a91981232e23e662e3 Mon Sep 17 00:00:00 2001 From: Yang Jiao Date: Tue, 28 Feb 2023 02:52:07 +0000 Subject: [PATCH] Bump up photon version to 4.0 Bump up photon version to 4.0 Bump up redis version to 7.0 Bump up postgresql version to 13.10 Signed-off-by: Yang Jiao --- Makefile | 3 + make/photon/chartserver/Dockerfile.base | 2 +- make/photon/clair-adapter/Dockerfile.base | 4 +- make/photon/clair/Dockerfile.base | 4 +- make/photon/core/Dockerfile.base | 2 +- make/photon/db/Dockerfile | 4 +- make/photon/db/Dockerfile.base | 13 +- make/photon/db/docker-entrypoint.sh | 152 +++++++------------- make/photon/db/initdb.sh | 114 +++++++++++++++ make/photon/db/postgres.spec | 168 ++++++++++++++++++++++ make/photon/db/rpm_builder.sh | 43 ++++++ make/photon/db/upgrade.sh | 46 ++++++ make/photon/jobservice/Dockerfile.base | 2 +- make/photon/log/Dockerfile.base | 2 +- make/photon/nginx/Dockerfile.base | 6 +- make/photon/notary-server/Dockerfile.base | 2 +- make/photon/notary-signer/Dockerfile.base | 2 +- make/photon/portal/Dockerfile.base | 10 +- make/photon/prepare/Dockerfile.base | 4 +- make/photon/prepare/utils/cert.py | 4 +- make/photon/redis/Dockerfile.base | 2 +- make/photon/redis/redis.conf | 4 +- make/photon/registry/Dockerfile.base | 4 +- make/photon/registryctl/Dockerfile.base | 2 +- 24 files changed, 469 insertions(+), 130 deletions(-) create mode 100755 make/photon/db/initdb.sh create mode 100644 make/photon/db/postgres.spec create mode 100755 make/photon/db/rpm_builder.sh create mode 100755 make/photon/db/upgrade.sh diff --git a/Makefile b/Makefile index d02df016da4..52b29863c7e 100644 --- a/Makefile +++ b/Makefile @@ -337,6 +337,9 @@ build_base_docker: fi @for name in chartserver clair clair-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \ echo $$name ; \ + if [ $$name == "db" ] ; then \ + cd $(MAKEFILEPATH_PHOTON)/$$name && $(MAKEFILEPATH_PHOTON)/$$name/rpm_builder.sh && cd - ; \ + fi; \ $(DOCKERBUILD) --pull -f $(MAKEFILEPATH_PHOTON)/$$name/Dockerfile.base -t goharbor/harbor-$$name-base:$(BASEIMAGETAG) . && \ $(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) goharbor/harbor-$$name-base:$(BASEIMAGETAG) $(REGISTRYUSER) $(REGISTRYPASSWORD) || exit 1 ; \ done diff --git a/make/photon/chartserver/Dockerfile.base b/make/photon/chartserver/Dockerfile.base index ecf7b903433..54a15d5302d 100644 --- a/make/photon/chartserver/Dockerfile.base +++ b/make/photon/chartserver/Dockerfile.base @@ -1,4 +1,4 @@ -FROM photon:2.0 +FROM photon:4.0 RUN tdnf install -y shadow sudo >>/dev/null\ && tdnf clean all \ diff --git a/make/photon/clair-adapter/Dockerfile.base b/make/photon/clair-adapter/Dockerfile.base index 80b257f60e6..71c3165afde 100644 --- a/make/photon/clair-adapter/Dockerfile.base +++ b/make/photon/clair-adapter/Dockerfile.base @@ -1,7 +1,7 @@ -FROM photon:2.0 +FROM photon:4.0 RUN tdnf install -y sudo >>/dev/null\ && tdnf clean all \ && mkdir /clair-adapter/ \ && groupadd -r -g 10000 clair-adapter \ - && useradd --no-log-init -m -r -g 10000 -u 10000 clair-adapter \ No newline at end of file + && useradd --no-log-init -m -r -g 10000 -u 10000 clair-adapter diff --git a/make/photon/clair/Dockerfile.base b/make/photon/clair/Dockerfile.base index 5418010b2cd..85104102cd5 100644 --- a/make/photon/clair/Dockerfile.base +++ b/make/photon/clair/Dockerfile.base @@ -1,6 +1,6 @@ -FROM photon:2.0 +FROM photon:4.0 RUN tdnf install -y git shadow sudo rpm xz python3-xml >>/dev/null\ && tdnf clean all \ && groupadd -r -g 10000 clair \ - && useradd --no-log-init -m -g 10000 -u 10000 clair \ No newline at end of file + && useradd --no-log-init -m -g 10000 -u 10000 clair diff --git a/make/photon/core/Dockerfile.base b/make/photon/core/Dockerfile.base index db9991d2724..99360863996 100644 --- a/make/photon/core/Dockerfile.base +++ b/make/photon/core/Dockerfile.base @@ -1,4 +1,4 @@ -FROM photon:2.0 +FROM photon:4.0 RUN tdnf install sudo tzdata -y >> /dev/null \ && tdnf clean all \ diff --git a/make/photon/db/Dockerfile b/make/photon/db/Dockerfile index a28729e339b..007c923b85c 100644 --- a/make/photon/db/Dockerfile +++ b/make/photon/db/Dockerfile @@ -4,6 +4,8 @@ FROM goharbor/harbor-db-base:${harbor_base_image_version} VOLUME /var/lib/postgresql/data COPY ./make/photon/db/docker-entrypoint.sh /docker-entrypoint.sh +COPY ./make/photon/db/initdb.sh /initdb.sh +COPY ./make/photon/db/upgrade.sh /upgrade.sh COPY ./make/photon/db/docker-healthcheck.sh /docker-healthcheck.sh COPY ./make/photon/db/initial-notaryserver.sql /docker-entrypoint-initdb.d/ COPY ./make/photon/db/initial-notarysigner.sql /docker-entrypoint-initdb.d/ @@ -11,7 +13,7 @@ COPY ./make/photon/db/initial-registry.sql /docker-entrypoint-initdb.d/ RUN chown -R postgres:postgres /docker-entrypoint.sh /docker-healthcheck.sh /docker-entrypoint-initdb.d \ && chmod u+x /docker-entrypoint.sh /docker-healthcheck.sh -ENTRYPOINT ["/docker-entrypoint.sh"] +ENTRYPOINT ["/docker-entrypoint.sh", "96", "13"] HEALTHCHECK CMD ["/docker-healthcheck.sh"] EXPOSE 5432 diff --git a/make/photon/db/Dockerfile.base b/make/photon/db/Dockerfile.base index 3f8e6fdb6af..6c5c93424cb 100644 --- a/make/photon/db/Dockerfile.base +++ b/make/photon/db/Dockerfile.base @@ -1,8 +1,13 @@ -FROM photon:2.0 +FROM photon:4.0 ENV PGDATA /var/lib/postgresql/data -RUN tdnf install -y shadow gzip postgresql >> /dev/null\ +COPY ./make/photon/db/postgresql96-libs-9.6.21-1.ph4.x86_64.rpm /pg96/ +COPY ./make/photon/db/postgresql96-9.6.21-1.ph4.x86_64.rpm /pg96/ + +RUN tdnf install -y /pg96/postgresql96-libs-9.6.21-1.ph4.x86_64.rpm /pg96/postgresql96-9.6.21-1.ph4.x86_64.rpm >> /dev/null \ + && rm -rf /pg96 \ + && tdnf install -y shadow gzip postgresql13 findutils bc >> /dev/null \ && groupadd -r postgres --gid=999 \ && useradd -m -r -g postgres --uid=999 postgres \ && mkdir -p /docker-entrypoint-initdb.d \ @@ -10,8 +15,8 @@ RUN tdnf install -y shadow gzip postgresql >> /dev/null\ && chown -R postgres:postgres /run/postgresql \ && chmod 2777 /run/postgresql \ && mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" \ - && sed -i "s|#listen_addresses = 'localhost'.*|listen_addresses = '*'|g" /usr/share/postgresql/postgresql.conf.sample \ - && sed -i "s|#unix_socket_directories = '/tmp'.*|unix_socket_directories = '/run/postgresql'|g" /usr/share/postgresql/postgresql.conf.sample \ + && sed -i "s|#listen_addresses = 'localhost'.*|listen_addresses = '*'|g" /usr/pgsql/13/share/postgresql/postgresql.conf.sample \ + && sed -i "s|#unix_socket_directories = '/tmp'.*|unix_socket_directories = '/run/postgresql'|g" /usr/pgsql/13/share/postgresql/postgresql.conf.sample \ && tdnf clean all RUN tdnf erase -y toybox && tdnf install -y util-linux net-tools diff --git a/make/photon/db/docker-entrypoint.sh b/make/photon/db/docker-entrypoint.sh index abfabe4ec95..ab3a1a958a2 100644 --- a/make/photon/db/docker-entrypoint.sh +++ b/make/photon/db/docker-entrypoint.sh @@ -1,110 +1,68 @@ #!/bin/bash set -e -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# look specifically for PG_VERSION, as it is expected in the DB dir -if [ ! -s "$PGDATA/PG_VERSION" ]; then - file_env 'POSTGRES_INITDB_ARGS' - if [ "$POSTGRES_INITDB_XLOGDIR" ]; then - export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" - fi - initdb -D $PGDATA -U postgres -E UTF-8 --lc-collate=en_US.UTF-8 --lc-ctype=en_US.UTF-8 $POSTGRES_INITDB_ARGS - # check password first so we can output the warning before postgres - # messes it up - file_env 'POSTGRES_PASSWORD' - if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" - authMethod=md5 - else - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-EOF - **************************************************** - WARNING: No password has been set for the database. - This will allow anyone with access to the - Postgres port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - Use "-e POSTGRES_PASSWORD=password" to set - it in "docker run". - **************************************************** -EOF - - pass= - authMethod=trust - fi +source $PWD/initdb.sh - { - echo - echo "host all all all $authMethod" - } >> "$PGDATA/pg_hba.conf" - echo `whoami` - # internal start of server in order to allow set-up using psql-client - # does not listen on external TCP/IP and waits until start finishes - pg_ctl -D "$PGDATA" -o "-c listen_addresses=''" -w start +CUR=$PWD +PG_VERSION_OLD=$1 +PG_VERSION_NEW=$2 - file_env 'POSTGRES_USER' 'postgres' - file_env 'POSTGRES_DB' "$POSTGRES_USER" +PGBINOLD="/usr/local/pg${PG_VERSION_OLD}/bin" - psql=( psql -v ON_ERROR_STOP=1 ) +PGDATAOLD=${PGDATA}/pg${PG_VERSION_OLD} +PGDATANEW=${PGDATA}/pg${PG_VERSION_NEW} +# to handle the PG 9.6 only +if [ -s $PGDATA/PG_VERSION ]; then + PGDATAOLD=$PGDATA +fi - if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; -EOSQL - echo - fi +# +# Init DB: $PGDATA is empty. +# Upgrade DB: 1, has $PGDATA\PG_VERSION. 2, has pg old version directory with PG_VERSION inside. +# +if [ "$(ls -A $PGDATA)" ]; then + if [ ! -d $PGDATANEW ]; then + if [ ! -d $PGDATAOLD ] || [ ! -s $PGDATAOLD/PG_VERSION ]; then + echo "incorrect data: $PGDATAOLD, make sure $PGDATAOLD is not empty and with PG_VERSION inside." + exit 1 + fi - if [ "$POSTGRES_USER" = 'postgres' ]; then - op='ALTER' + initPG $PGDATANEW false + set +e + # In some cases, like helm upgrade, the postgresql may not quit cleanly. + # Use start & stop to clean the unexpected status. Error: + # There seems to be a postmaster servicing the new cluster. + # Please shutdown that postmaster and try again. + # Failure, exiting + $PGBINOLD/pg_ctl -D "$PGDATAOLD" -w -o "-p 5433" start + $PGBINOLD/pg_ctl -D "$PGDATAOLD" -m fast -w stop + ./$CUR/upgrade.sh --old-bindir $PGBINOLD --old-datadir $PGDATAOLD --new-datadir $PGDATANEW + # it needs to clean the $PGDATANEW on upgrade failure + if [ $? -ne 0 ]; then + echo "remove the $PGDATANEW after fail to upgrade" + rm -rf $PGDATANEW + exit 1 + fi + set -e + echo "remove the $PGDATAOLD after upgrade success." + if [ "$PGDATAOLD" = "$PGDATA" ]; then + find $PGDATA/* -prune ! -name pg${PG_VERSION_NEW} -exec rm -rf {} \; + else + rm -rf $PGDATAOLD + fi else - op='CREATE' + echo "no need to upgrade postgres, launch it." fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; -EOSQL - echo - - psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; - *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop +else + initPG $PGDATANEW true +fi - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo +POSTGRES_PARAMETER='' +file_env 'POSTGRES_MAX_CONNECTIONS' '1024' +# The max value of 'max_connections' is 262143 +if [ $POSTGRES_MAX_CONNECTIONS -le 0 ] || [ $POSTGRES_MAX_CONNECTIONS -gt 262143 ]; then + POSTGRES_MAX_CONNECTIONS=262143 fi -postgres -D $PGDATA +POSTGRES_PARAMETER="${POSTGRES_PARAMETER} -c max_connections=${POSTGRES_MAX_CONNECTIONS}" +exec postgres -D $PGDATANEW $POSTGRES_PARAMETER diff --git a/make/photon/db/initdb.sh b/make/photon/db/initdb.sh new file mode 100755 index 00000000000..c46d95e269f --- /dev/null +++ b/make/photon/db/initdb.sh @@ -0,0 +1,114 @@ +#!/bin/bash +set -e + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +function file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# usage: initPG $Dir $initSql +# Use $Dir to index where to init the postgres db +# Use $initSql to indicate whether to execute the sql under docker-entrypoint-initdb.d, default is not. +function initPG() { + file_env 'POSTGRES_INITDB_ARGS' + if [ "$POSTGRES_INITDB_XLOGDIR" ]; then + export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR" + fi + initdb -D $1 -U postgres -E UTF-8 --lc-collate=en_US.UTF-8 --lc-ctype=en_US.UTF-8 $POSTGRES_INITDB_ARGS + # check password first so we can output the warning before postgres + # messes it up + file_env 'POSTGRES_PASSWORD' + if [ "$POSTGRES_PASSWORD" ]; then + pass="PASSWORD '$POSTGRES_PASSWORD'" + authMethod=md5 + else + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-EOF + **************************************************** + WARNING: No password has been set for the database. + This will allow anyone with access to the + Postgres port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + Use "-e POSTGRES_PASSWORD=password" to set + it in "docker run". + **************************************************** +EOF + + pass= + authMethod=trust + fi + + { + echo + echo "host all all all $authMethod" + } >> "$1/pg_hba.conf" + echo `whoami` + # internal start of server in order to allow set-up using psql-client + # does not listen on external TCP/IP and waits until start finishes + pg_ctl -D "$1" -o "-c listen_addresses=''" -w start + + file_env 'POSTGRES_USER' 'postgres' + file_env 'POSTGRES_DB' "$POSTGRES_USER" + + psql=( psql -v ON_ERROR_STOP=1 ) + + if [ "$POSTGRES_DB" != 'postgres' ]; then + "${psql[@]}" --username postgres <<-EOSQL + CREATE DATABASE "$POSTGRES_DB" ; +EOSQL + echo + fi + + if [ "$POSTGRES_USER" = 'postgres' ]; then + op='ALTER' + else + op='CREATE' + fi + "${psql[@]}" --username postgres <<-EOSQL + $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; +EOSQL + echo + + psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" ) + + echo + + if [ $2 == "true" ]; then + for f in /docker-entrypoint-initdb.d/*; do + case "$f" in + *.sh) echo "$0: running $f"; . "$f" ;; + *.sql) echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done + fi + + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$1" -m fast -w stop + + echo + echo 'PostgreSQL init process complete; ready for start up.' + echo + +} diff --git a/make/photon/db/postgres.spec b/make/photon/db/postgres.spec new file mode 100644 index 00000000000..12a8a268a7b --- /dev/null +++ b/make/photon/db/postgres.spec @@ -0,0 +1,168 @@ +Summary: PostgreSQL database engine +Name: postgresql96 +Version: 9.6.21 +Release: 1%{?dist} +License: PostgreSQL +URL: www.postgresql.org +Group: Applications/Databases +Vendor: VMware, Inc. +Distribution: Photon + +Source0: http://ftp.postgresql.org/pub/source/v%{version}/%{name}-%{version}.tar.bz2 +%define sha1 postgresql=e24333824d361968958613f546ae06011d9d1dfc + +# Customized location of pg96 +%global pgbaseinstdir /usr/local/pg96 + +# Common libraries needed +BuildRequires: krb5-devel +BuildRequires: libxml2-devel +BuildRequires: openldap +BuildRequires: perl +BuildRequires: readline-devel +BuildRequires: openssl-devel +BuildRequires: zlib-devel +BuildRequires: tzdata +BuildRequires: bzip2 +BuildRequires: sudo +Requires: krb5 +Requires: libxml2 +Requires: openldap +Requires: openssl +Requires: readline +Requires: zlib +Requires: tzdata +Requires: bzip2 +Requires: sudo + +Requires: %{name}-libs = %{version}-%{release} + +%description +PostgreSQL is an object-relational database management system. + +%package libs +Summary: Libraries for use with PostgreSQL +Group: Applications/Databases + +%description libs +The postgresql-libs package provides the essential shared libraries for any +PostgreSQL client program or interface. You will need to install this package +to use any other PostgreSQL package or any clients that need to connect to a +PostgreSQL server. + +%package devel +Summary: Development files for postgresql. +Group: Development/Libraries +Requires: postgresql = %{version}-%{release} + +%description devel +The postgresql-devel package contains libraries and header files for +developing applications that use postgresql. + +%prep +%setup -q + +%build +ls -la +sed -i '/DEFAULT_PGSOCKET_DIR/s@/tmp@/run/postgresql@' src/include/pg_config_manual.h && +./configure \ + --prefix=%{pgbaseinstdir} \ + --with-includes=%{pgbaseinstdir}/include \ + --with-libraries=%{pgbaseinstdir}/lib \ + --datarootdir=%{pgbaseinstdir}/share \ + --enable-thread-safety \ + --with-ldap \ + --with-libxml \ + --with-openssl \ + --with-gssapi \ + --with-readline \ + --with-system-tzdata=%{_datadir}/zoneinfo \ + --docdir=%{pgbaseinstdir}/doc/postgresql +make %{?_smp_mflags} +cd contrib && make %{?_smp_mflags} + +%install +[ %{buildroot} != "/"] && rm -rf %{buildroot}/* +make install DESTDIR=%{buildroot} +cd contrib && make install DESTDIR=%{buildroot} + +%{_fixperms} %{buildroot}/* + +%check +sed -i '2219s/",/ ; EXIT_STATUS=$? ; sleep 5 ; exit $EXIT_STATUS",/g' src/test/regress/pg_regress.c +chown -Rv nobody . +sudo -u nobody -s /bin/bash -c "PATH=$PATH make -k check" + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig +%clean +rm -rf %{buildroot}/* + +%files +%defattr(-,root,root) +%{pgbaseinstdir}/bin/initdb +%{pgbaseinstdir}/bin/oid2name +%{pgbaseinstdir}/bin/pg_archivecleanup +%{pgbaseinstdir}/bin/pg_basebackup +%{pgbaseinstdir}/bin/pg_controldata +%{pgbaseinstdir}/bin/pg_ctl +%{pgbaseinstdir}/bin/pg_receivexlog +%{pgbaseinstdir}/bin/pg_recvlogical +%{pgbaseinstdir}/bin/pg_resetxlog +%{pgbaseinstdir}/bin/pg_rewind +%{pgbaseinstdir}/bin/pg_standby +%{pgbaseinstdir}/bin/pg_test_fsync +%{pgbaseinstdir}/bin/pg_test_timing +%{pgbaseinstdir}/bin/pg_upgrade +%{pgbaseinstdir}/bin/pg_xlogdump +%{pgbaseinstdir}/bin/pgbench +%{pgbaseinstdir}/bin/postgres +%{pgbaseinstdir}/bin/postmaster +%{pgbaseinstdir}/bin/vacuumlo +%{pgbaseinstdir}/share/postgresql/* +%{pgbaseinstdir}/lib/postgresql/* +%{pgbaseinstdir}/doc/postgresql/extension/*.example +%exclude %{pgbaseinstdir}/share/postgresql/pg_service.conf.sample +%exclude %{pgbaseinstdir}/share/postgresql/psqlrc.sample + +%files libs +%{pgbaseinstdir}/bin/clusterdb +%{pgbaseinstdir}/bin/createdb +%{pgbaseinstdir}/bin/createlang +%{pgbaseinstdir}/bin/createuser +%{pgbaseinstdir}/bin/dropdb +%{pgbaseinstdir}/bin/droplang +%{pgbaseinstdir}/bin/dropuser +%{pgbaseinstdir}/bin/ecpg +%{pgbaseinstdir}/bin/pg_config +%{pgbaseinstdir}/bin/pg_dump +%{pgbaseinstdir}/bin/pg_dumpall +%{pgbaseinstdir}/bin/pg_isready +%{pgbaseinstdir}/bin/pg_restore +%{pgbaseinstdir}/bin/psql +%{pgbaseinstdir}/bin/reindexdb +%{pgbaseinstdir}/bin/vacuumdb +%{pgbaseinstdir}/lib/libecpg*.so.* +%{pgbaseinstdir}/lib/libpgtypes*.so.* +%{pgbaseinstdir}/lib/libpq*.so.* +%{pgbaseinstdir}/share/postgresql/pg_service.conf.sample +%{pgbaseinstdir}/share/postgresql/psqlrc.sample + +%files devel +%defattr(-,root,root) +%{pgbaseinstdir}/include/* +%{pgbaseinstdir}/lib/pkgconfig/* +%{pgbaseinstdir}/lib/libecpg*.so +%{pgbaseinstdir}/lib/libpgtypes*.so +%{pgbaseinstdir}/lib/libpq*.so +%{pgbaseinstdir}/lib/libpgcommon.a +%{pgbaseinstdir}/lib/libpgfeutils.a +%{pgbaseinstdir}/lib/libpgport.a +%{pgbaseinstdir}/lib/libpq.a +%{pgbaseinstdir}/lib/libecpg.a +%{pgbaseinstdir}/lib/libecpg_compat.a +%{pgbaseinstdir}/lib/libpgtypes.a + +%changelog +* Yan Wang +- Customize postgres 96 from original spec diff --git a/make/photon/db/rpm_builder.sh b/make/photon/db/rpm_builder.sh new file mode 100755 index 00000000000..2cb43fcc7da --- /dev/null +++ b/make/photon/db/rpm_builder.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +set -e + +name='postgresql' +version='9.6.21' + +function checkdep { + if ! wget --version &> /dev/null + then + echo "Need to install wget first and run this script again." + exit 1 + fi + + if ! bzip2 --version &> /dev/null + then + echo "Need to install bzip2 first and run this script again." + exit 1 + fi +} + +checkdep + +cur=$PWD +workDir=`mktemp -d ${TMPDIR-/tmp}/$name.XXXXXX` +mkdir -p $workDir && cd $workDir + +# step 1: get source code of pg 9.6, and rename the code directory from postgres to postgres96 +wget http://ftp.postgresql.org/pub/source/v$version/$name-$version.tar.bz2 +bzip2 -d ./$name-$version.tar.bz2 && tar -xvf ./$name-$version.tar +mkdir -p ${name}96-$version && cp -r ./$name-$version/* ./${name}96-$version/ && rm -rf ./$name-$version +tar -cvjSf ${name}96-$version.tar.bz2 ${name}96-$version + +# step 2: get spec builder script, and replace version to 4, then to build the pg96 rpm packages +wget https://raw.githubusercontent.com/vmware/photon/4.0/tools/scripts/build_spec.sh +sed "s|VERSION=3|VERSION=4|g" -i build_spec.sh +chmod 655 ./build_spec.sh && cp $cur/postgres.spec . +./build_spec.sh ./postgres.spec +cp ./stage/RPMS/x86_64/${name}96-libs-$version-1.ph4.x86_64.rpm $cur +cp ./stage/RPMS/x86_64/${name}96-$version-1.ph4.x86_64.rpm $cur + +# clean +cd $cur && rm -rf $workDir diff --git a/make/photon/db/upgrade.sh b/make/photon/db/upgrade.sh new file mode 100755 index 00000000000..5419e1e1177 --- /dev/null +++ b/make/photon/db/upgrade.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +PGBINOLD="/usr/local/pg96/bin/" +PGBINNEW="/usr/bin" +PGDATAOLD="" +PGDATANEW="" + +while [[ "$#" -gt 0 ]]; do + case $1 in + -b|--old-datadir) PGDATAOLD="$2"; shift ;; + -B|--new-datadir) PGDATANEW="$2"; shift ;; + -d|--old-bindir) PGBINOLD="$2"; shift ;; + -D|--new-bindir) PGBINNEW="$2"; shift ;; + *) echo "Unknown parameter passed: $1"; exit 1 ;; + esac + shift +done + +if [ "$PGDATAOLD" = "" ] || [ "$PGDATANEW" = "" ]; then + echo "required parameter is missing: $PGDATAOLD, $PGDATANEW" + exit 1 +fi + +export PGDATAOLD=$PGDATAOLD +export PGDATANEW=$PGDATANEW +export PGBINNEW=$PGBINNEW +export PGBINOLD=$PGBINOLD + +echo 'start to upgrade.' +cd /tmp +${PGBINNEW}/pg_upgrade \ + --old-datadir=$PGDATAOLD \ + --new-datadir=$PGDATANEW \ + --old-bindir=$PGBINOLD \ + --new-bindir=$PGBINNEW \ + --old-options '-c config_file=$PGDATAOLD/postgresql.conf' \ + --new-options '-c config_file=$PGDATANEW/postgresql.conf' + +if [ $? -ne 0 ]; then + echo 'fail to upgrade.' + cat /tmp/pg_upgrade_internal.log + exit 1 +fi + +cp $PGDATAOLD/pg_hba.conf $PGDATANEW/pg_hba.conf +echo 'success to upgrade.' diff --git a/make/photon/jobservice/Dockerfile.base b/make/photon/jobservice/Dockerfile.base index 1ad223d455d..54e48d4c8db 100644 --- a/make/photon/jobservice/Dockerfile.base +++ b/make/photon/jobservice/Dockerfile.base @@ -1,4 +1,4 @@ -FROM photon:2.0 +FROM photon:4.0 RUN tdnf install sudo tzdata -y >> /dev/null \ && tdnf clean all \ diff --git a/make/photon/log/Dockerfile.base b/make/photon/log/Dockerfile.base index b7244813099..9ccedb16022 100644 --- a/make/photon/log/Dockerfile.base +++ b/make/photon/log/Dockerfile.base @@ -1,4 +1,4 @@ -FROM photon:2.0 +FROM photon:4.0 RUN tdnf install -y cronie rsyslog logrotate shadow tar gzip sudo >> /dev/null\ && mkdir /var/spool/rsyslog \ diff --git a/make/photon/nginx/Dockerfile.base b/make/photon/nginx/Dockerfile.base index 8982dc00e19..0c6ddeb1ad1 100644 --- a/make/photon/nginx/Dockerfile.base +++ b/make/photon/nginx/Dockerfile.base @@ -1,7 +1,7 @@ -FROM photon:2.0 +FROM photon:4.0 -RUN tdnf install sudo nginx -y >> /dev/null\ +RUN tdnf install -y nginx shadow >> /dev/null \ && tdnf clean all \ - && groupadd -r -g 10000 nginx && useradd --no-log-init -r -g 10000 -u 10000 nginx \ + && groupmod -g 10000 nginx && usermod -g 10000 -u 10000 -d /home/nginx -s /bin/bash nginx \ && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log diff --git a/make/photon/notary-server/Dockerfile.base b/make/photon/notary-server/Dockerfile.base index da4b03cbe24..f64810f7a11 100644 --- a/make/photon/notary-server/Dockerfile.base +++ b/make/photon/notary-server/Dockerfile.base @@ -1,4 +1,4 @@ -FROM photon:2.0 +FROM photon:4.0 RUN tdnf install -y shadow sudo \ && tdnf clean all \ diff --git a/make/photon/notary-signer/Dockerfile.base b/make/photon/notary-signer/Dockerfile.base index da4b03cbe24..f64810f7a11 100644 --- a/make/photon/notary-signer/Dockerfile.base +++ b/make/photon/notary-signer/Dockerfile.base @@ -1,4 +1,4 @@ -FROM photon:2.0 +FROM photon:4.0 RUN tdnf install -y shadow sudo \ && tdnf clean all \ diff --git a/make/photon/portal/Dockerfile.base b/make/photon/portal/Dockerfile.base index 28d4a036fe4..cf9d5af892a 100644 --- a/make/photon/portal/Dockerfile.base +++ b/make/photon/portal/Dockerfile.base @@ -1,8 +1,8 @@ -FROM photon:2.0 +FROM photon:4.0 -RUN tdnf install -y nginx sudo >> /dev/null \ +RUN tdnf install -y nginx shadow >> /dev/null \ + && tdnf clean all \ && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ - && groupadd -r -g 10000 nginx && useradd --no-log-init -r -g 10000 -u 10000 nginx \ - && chown -R nginx:nginx /etc/nginx \ - && tdnf clean all \ No newline at end of file + && groupmod -g 10000 nginx && usermod -g 10000 -u 10000 -d /home/nginx -s /bin/bash nginx \ + && chown -R nginx:nginx /etc/nginx diff --git a/make/photon/prepare/Dockerfile.base b/make/photon/prepare/Dockerfile.base index 68df9f86b8d..46e24a2e5dc 100644 --- a/make/photon/prepare/Dockerfile.base +++ b/make/photon/prepare/Dockerfile.base @@ -1,5 +1,5 @@ -FROM photon:2.0 +FROM photon:4.0 RUN tdnf install -y python3 \ && tdnf install -y python3-pip python3-PyYAML python3-jinja2 -RUN pip3 install setuptools && pip3 install pipenv==2021.5.29 \ No newline at end of file +RUN pip3 install setuptools && pip3 install pipenv==2021.5.29 diff --git a/make/photon/prepare/utils/cert.py b/make/photon/prepare/utils/cert.py index 5cc40987acd..1b62e68e0bc 100644 --- a/make/photon/prepare/utils/cert.py +++ b/make/photon/prepare/utils/cert.py @@ -59,7 +59,7 @@ def check_wrapper(*args, **kw): @stat_decorator def create_root_cert(subj, key_path="./k.key", cert_path="./cert.crt"): - rc = subprocess.call(["/usr/bin/openssl", "genrsa", "-out", key_path, "4096"], stdout=DEVNULL, stderr=subprocess.STDOUT) + rc = subprocess.call(["/usr/bin/openssl", "genrsa", "-traditional", "-out", key_path, "4096"], stdout=DEVNULL, stderr=subprocess.STDOUT) if rc != 0: return rc return subprocess.call(["/usr/bin/openssl", "req", "-new", "-x509", "-key", key_path,\ @@ -115,4 +115,4 @@ def prepare_ca( os.chown(root_crt_path, DEFAULT_UID, DEFAULT_GID) if not check_permission(private_key_pem_path, uid=DEFAULT_UID, gid=DEFAULT_GID): - os.chown(private_key_pem_path, DEFAULT_UID, DEFAULT_GID) \ No newline at end of file + os.chown(private_key_pem_path, DEFAULT_UID, DEFAULT_GID) diff --git a/make/photon/redis/Dockerfile.base b/make/photon/redis/Dockerfile.base index c670d7482c9..8b9e2210b91 100644 --- a/make/photon/redis/Dockerfile.base +++ b/make/photon/redis/Dockerfile.base @@ -1,3 +1,3 @@ -FROM photon:2.0 +FROM photon:4.0 RUN tdnf install -y redis sudo diff --git a/make/photon/redis/redis.conf b/make/photon/redis/redis.conf index 9b56e657360..e36ef8c8c6f 100644 --- a/make/photon/redis/redis.conf +++ b/make/photon/redis/redis.conf @@ -202,7 +202,7 @@ always-show-logo yes # Will save the DB if both the given number of seconds and the given # number of write operations against the DB occurred. # -# In the example below the behaviour will be to save: +# In the example below the behavior will be to save: # after 900 sec (15 min) if at least 1 key changed # after 300 sec (5 min) if at least 10 keys changed # after 60 sec if at least 10000 keys changed @@ -637,7 +637,7 @@ slave-priority 100 # it with the specified string. # 4) During replication, when a slave performs a full resynchronization with # its master, the content of the whole database is removed in order to -# load the RDB file just transfered. +# load the RDB file just transferred. # # In all the above cases the default is to delete objects in a blocking way, # like if DEL was called. However you can configure each case specifically diff --git a/make/photon/registry/Dockerfile.base b/make/photon/registry/Dockerfile.base index 0e618e1b8cd..d946d648c12 100644 --- a/make/photon/registry/Dockerfile.base +++ b/make/photon/registry/Dockerfile.base @@ -1,6 +1,6 @@ -FROM photon:2.0 +FROM photon:4.0 RUN tdnf install sudo -y >> /dev/null\ && tdnf clean all \ && mkdir -p /etc/registry \ - && groupadd -r -g 10000 harbor && useradd --no-log-init -m -g 10000 -u 10000 harbor \ No newline at end of file + && groupadd -r -g 10000 harbor && useradd --no-log-init -m -g 10000 -u 10000 harbor diff --git a/make/photon/registryctl/Dockerfile.base b/make/photon/registryctl/Dockerfile.base index c5368634101..74110ce7850 100644 --- a/make/photon/registryctl/Dockerfile.base +++ b/make/photon/registryctl/Dockerfile.base @@ -1,4 +1,4 @@ -FROM photon:2.0 +FROM photon:4.0 RUN tdnf install sudo -y >> /dev/null \ && tdnf clean all \