Menu
I'm trying to enable streaming replication in the standard postgres:12 docker image, this requires changes to pg_hba.conf. I've managed to update the postgresql.conf via forcibly making the database use it (passing the the -c config_file="<>" flag in docker-compose rather through init scripts).
But I cannot find a parameter or flag option to get the database to use my pg_hba.conf despite trying to do so in startup scripts copied to docker-entrypoint-initdb.d.
Any ideas?
version: "2"
services:
postgres:
build:
context: ./docker
environment:
- POSTGRES_DB=postgres
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
command:
- "postgres"
- "-c"
- "config_file=/etc/postgresql/postgresql.conf"
ports:
- 5432:5433
FROM postgres:12
ENV VERSION 1_0
RUN buildDeps="curl build-essential ca-certificates git pkg-config glib2.0 postgresql-server-dev-$PG_MAJOR" \
&& apt-get update \
&& apt-get install -y --no-install-recommends ${buildDeps} \
&& echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" > /etc/apt/sources.list.d/pgdg.list \
&& curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
&& apt-get update \
&& apt-get install -y --no-install-recommends libc++1 postgresql-server-dev-$PG_MAJOR \
&& mkdir -p /tmp/build \
&& curl -o /tmp/build/${VERSIONN}.tar.gz -SL "https://github.com/eulerto/wal2json/archive/wal2json_${VERSION}.tar.gz" \
&& cd /tmp/build/ \
&& tar -xzf /tmp/build/${VERSIONN}.tar.gz -C /tmp/build/ \
&& cd /tmp/build/wal2json-wal2json_${VERSION} \
&& make && make install \
&& cp wal2json.so /usr/lib/postgresql/12/lib/ \
&& cd / \
&& rm -rf /tmp/build \
&& apt-get remove -y --purge ${buildDeps} \
&& apt-get autoremove -y --purge \
&& rm -rf /var/lib/apt/lists/
COPY . /
RUN ./sql_setup.sh
RUN mv setup.sql /docker-entrypoint-initdb.d/
#!/bin/bash
set -e
cat > "$PGDATA/server.key" <<-EOKEY
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
EOKEY
chmod 0600 "$PGDATA/server.key"
cat > "$PGDATA/server.crt" <<-EOCERT
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
EOCERT
cat << EOF >> /var/lib/postgresql/data/postgresql.conf
port = 5433
ssl = on
ssl_cert_file = 'server.crt'
ssl_key_file = 'server.key'
max_wal_senders = 1
max_replication_slots = 1
wal_level = logical
shared_preload_libraries = wal2json
EOF
cat << EOF >> /var/lib/postgresql/data/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
host all pass_user 0.0.0.0/0 password
host all md5_user 0.0.0.0/0 md5
host all scram_user 0.0.0.0/0 scram-sha-256
host all pass_user ::0/0 password
host all md5_user ::0/0 md5
host all scram_user ::0/0 scram-sha-256
hostssl all ssl_user 0.0.0.0/0 trust
hostssl all ssl_user ::0/0 trust
host all ssl_user 0.0.0.0/0 reject
host all ssl_user ::0/0 reject
# IPv4 local connections:
host all postgres 0.0.0.0/0 trust
# IPv6 local connections:
host all postgres ::0/0 trust
# Unix socket connections:
local all postgres trust
# Enable streaming replication with wal2json:
host replication all 127.0.0.1/32 trust
EOF
CREATE ROLE pass_user PASSWORD 'password' LOGIN;
CREATE ROLE md5_user PASSWORD 'password' LOGIN;
SET password_encryption TO 'scram-sha-256';
CREATE ROLE scram_user PASSWORD 'password' LOGIN;
CREATE ROLE ssl_user LOGIN;
CREATE EXTENSION hstore;
CREATE EXTENSION citext;
200
You can specify a custom pg_hba.conf location by editing/including the hba_file parameter in postgresql.conf. From the documentation:
hba_file (string)
Specifies the configuration file for host-based authentication (customarily called pg_hba.conf). This parameter can only be set at server start.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
