-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ROX-19980 pre-built scanner-db image #1310
Open
ludydoo
wants to merge
10
commits into
master
Choose a base branch
from
ROX-19980-scanner-db-contention
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
10 commits
Select commit
Hold shift + click to select a range
e0edb67
ROX-19980 pre-built scanner-db image
ludydoo 9e85cd1
ROX-19980 fix
ludydoo 80f102f
ROX-19980 fix
ludydoo 9360fb2
ROX-19980 fix
ludydoo 1163c59
ROX-19980 fix
ludydoo 7e434d1
ROX-19980 fix
ludydoo d710e77
ROX-19980 fix
ludydoo d453bf0
ROX-19980 fix
ludydoo 641e9e7
Revert "ROX-19980 fix"
ludydoo 4328d2f
Revert "ROX-19980 fix"
ludydoo File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| #!/usr/bin/env bash | ||
|
|
||
| # The postgres server has been started once during the build process in the Dockerfile. | ||
| # Now we need to start it again, but this time with the correct password. | ||
| # So we need to issue a command to change the password. | ||
|
|
||
| set -e | ||
|
|
||
| if [ ! -d "/var/lib/postgresql/data/pgdata" ]; then | ||
|
|
||
| echo "Creating /var/lib/postgresql/data/pgdata..." | ||
| mkdir -p /var/lib/postgresql/data/pgdata | ||
|
|
||
| echo "Moving archive to target directory..." | ||
| mv /tmp/data.tar.gz /var/lib/postgresql/data/pgdata/data.tar.gz | ||
|
|
||
| echo "Uncompressing into /var/lib/pgsql/data/pgdata..." | ||
| tar -xzf /var/lib/postgresql/data/pgdata/data.tar.gz -C /var/lib/postgresql/data/pgdata | ||
|
|
||
| echo "Removing archive..." | ||
| rm /var/lib/postgresql/data/pgdata/data.tar.gz | ||
|
|
||
| echo "Starting database..." | ||
| POSTGRES_PASSWORD_FILE="" POSTGRES_PASSWORD=postgres /usr/local/bin/docker-entrypoint.sh postgres -c config_file=/etc/postgresql.conf & | ||
|
|
||
| echo "Waiting for database to be ready..." | ||
| while ! pg_isready -U postgres -h localhost -p 5432; do | ||
| sleep 1 | ||
| done | ||
|
|
||
| echo "Changing password if POSTGRES_PASSWORD is set..." | ||
| if [ -n "$POSTGRES_PASSWORD" ]; then | ||
| PGPASSWORD=postgres psql -c "ALTER USER postgres WITH PASSWORD '$POSTGRES_PASSWORD';" | ||
| elif [ -n "$POSTGRES_PASSWORD_FILE" ]; then | ||
| PGPASSWORD=postgres psql -c "ALTER USER postgres WITH PASSWORD '$(cat "$POSTGRES_PASSWORD_FILE")';" | ||
| fi | ||
|
|
||
| echo "Renaming postgres user if necessary..." | ||
| if [ -n "$POSTGRES_USER" ]; then | ||
| if [ "$POSTGRES_USER" != "postgres" ]; then | ||
| if [ -n "$POSTGRES_PASSWORD" ]; then | ||
| PGPASSWORD="$POSTGRES_PASSWORD" psql -c "ALTER USER postgres RENAME TO $POSTGRES_USER;" | ||
| elif [ -n "$POSTGRES_PASSWORD_FILE" ]; then | ||
| PGPASSWORD="$(cat "$POSTGRES_PASSWORD_FILE")" psql -c "ALTER USER postgres RENAME TO $POSTGRES_USER;" | ||
| fi | ||
| fi | ||
| fi | ||
|
|
||
| echo "Stopping database..." | ||
| pg_ctl -w stop | ||
|
|
||
| else | ||
| echo "Database already initialized. Skipping initialization..." | ||
| fi | ||
|
|
||
| if [ "${ROX_SCANNER_DB_INIT}" == "true" ]; then | ||
| echo "ROX_SCANNER_DB_INIT is set to true. Exiting..." | ||
| exit 0 | ||
| else | ||
| echo "Database initialized." | ||
| fi | ||
|
|
||
| # Now we can start the database for real. But we will | ||
| # forward any arguments to the actual entrypoint script | ||
| echo "Starting database for real..." | ||
| exec /usr/local/bin/docker-entrypoint.sh "$@" | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| #!/usr/bin/env bash | ||
|
|
||
| set -eu | ||
|
|
||
| echo "Creating postgres.conf for initialization..." | ||
| cat <<EOF > /tmp/postgres.conf | ||
| listen_addresses = '*' | ||
| max_wal_size = 1GB | ||
| EOF | ||
|
|
||
| echo "Creating temporary PGDATA directory..." | ||
| mkdir -p /tmp/data | ||
|
|
||
| echo "Starting database..." | ||
| PGDATA=/tmp/data POSTGRES_PASSWORD=postgres /usr/local/bin/docker-entrypoint.sh postgres -c config_file=/tmp/postgres.conf | ||
|
|
||
| echo "Waiting for database to stop..." | ||
| while [ -f /tmp/data/pgdata/postmaster.pid ]; do | ||
| sleep 1 | ||
| done | ||
|
|
||
| rm /tmp/postgres.conf | ||
|
|
||
| echo "Compressing database data folder..." | ||
| tar -czf /tmp/data.tar.gz -C /tmp/data . | ||
|
|
||
| echo "Removing temporary PGDATA directory..." | ||
| rm -rf /tmp/data |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jvdm @RTann Could we move these steps to build time instead of start-up time?
@ludydoo proposes this to save IO in the cloud service which prevents us from cluster upgrades and increases ACS upgrade complexity.
Every restart of ACS instances causes to write ~1.8GB per instance.
Additionally the manifest must be updated that the scanner-db pod can read the Postgres Password.
What do you think about this approach? It seems simple and scaleable to us.
cc @ludydoo