[root@ecs-lee 3.0.1]# cat entrypoint.sh
#!/usr/bin/env bash
set -Eeo pipefail
# 幻术
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
# 环境变量
export GAUSSHOME=/usr/local/mogdb
export PATH=$GAUSSHOME/bin:$PATH
export LD_LIBRARY_PATH=$GAUSSHOME/lib:$LD_LIBRARY_PATH
export LANG=en_US.UTF-8
# 文件环境变量
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
# check to see if this file is being run or sourced from another script
_is_sourced() {
[ "${#FUNCNAME[@]}" -ge 2 ] \
&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
&& [ "${FUNCNAME[1]}" = 'source' ]
}
# used to create initial mogdb directories and if run as root, ensure ownership belong to the omm user
# 创建相关目录
docker_create_db_directories() {
local user; user="$(id -u)"
mkdir -p "$PGDATA"
chmod 700 "$PGDATA"
# ignore failure since it will be fine when using the image provided directory;
mkdir -p /var/run/mogdb || :
chmod 775 /var/run/mogdb || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
mkdir -p "$POSTGRES_INITDB_XLOGDIR"
if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{ }' +
fi
chmod 700 "$POSTGRES_INITDB_XLOGDIR"
fi
# allow the container to be started with `--user`
if [ "$user" = '0' ]; then
find "$PGDATA" \! -user omm -exec chown omm '{}' +
find /var/run/mogdb \! -user omm -exec chown omm '{}' +
fi
}
# initialize empty PGDATA directory with new database via 'initdb'
# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
# this is also where the database user is created, specified by `GS_USER` env
# 自定义变量,逻辑为若有传入则使用,没有则使用默认,其中包括 GS_NODENAME、ENCODING、LOCALE、DBCOMPATIBILITY
docker_init_database_dir() {
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss _wrapper" to fake that if necessary
if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
export LD_PRELOAD='/usr/lib/libnss_wrapper.so'
export NSS_WRAPPER_PASSWD="$(mktemp)"
export NSS_WRAPPER_GROUP="$(mktemp)"
echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER _PASSWD"
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi
if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
fi
cmdbase="gs_initdb --pwfile=<(echo "$GS_PASSWORD")"
if [ -n "$GS_NODENAME" ]; then
cmdbase="$cmdbase --nodename=$GS_NODENAME"
else
cmdbase="$cmdbase --nodename=mogdb"
fi
if [ -n "$ENCODING" ]; then
cmdbase="$cmdbase --encoding=$ENCODING"
else
cmdbase="$cmdbase --encoding=UTF-8"
fi
if [ -n "$LOCALE" ]; then
cmdbase="$cmdbase --locale=$LOCALE"
else
cmdbase="$cmdbase --no-locale"
fi
if [ -n "$DBCOMPATIBILITY" ]; then
cmdbase="$cmdbase --dbcompatibility=$DBCOMPATIBILITY"
else
cmdbase="$cmdbase --dbcompatibility=PG"
fi
cmdbase="$cmdbase -D $PGDATA"
eval $cmdbase
# unset/cleanup "nss_wrapper" bits
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
fi
}
# print large warning if GS_PASSWORD is long
# error if both GS_PASSWORD is empty and GS_HOST_AUTH_METHOD is not 'trust'
# print large warning if GS_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
# 密码强度校验
docker_verify_minimum_env() {
# check password first so we can output the warning before postgres
# messes it up
if [[ "$GS_PASSWORD" =~ ^(.{8,}).*$ ]] && [[ "$GS_PASSWORD" =~ ^(.*[a-z]+).*$ ]] && [[ "$GS_PASSWORD" =~ ^(.*[A-Z]).*$ ]] && [[ "$GS_PASSWORD" =~ ^(.*[0-9]).*$ ]] && [[ "$GS_PASSWORD" =~ ^(.*[#?!@$%^&*-]).*$ ]]; then
cat >&2 <<-'EOWARN'
Message: The supplied GS_PASSWORD is meet requirements.
EOWARN
else
cat >&2 <<-'EOWARN'
Error: The supplied GS_PASSWORD is not meet requirements.
Please Check if the password contains uppercase, lowercase, numbers, spec ial characters, and password length(8).
At least one uppercase, lowercase, numeric, special character.
Example: Enmo@123
EOWARN
exit 1
fi
if [ -z "$GS_PASSWORD" ] && [ 'trust' != "$GS_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify GS_PASSWORD to a non-empty value for the
superuser. For example, "-e GS_PASSWORD=password" on "docker run".
You may also use "GS_HOST_AUTH_METHOD=trust" to allow all
connections without a password. This is *not* recommended.
EOE
exit 1
fi
if [ 'trust' = "$GS_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN'
************************************************************************* *******
WARNING: GS_HOST_AUTH_METHOD has been set to "trust". This will allow
anyone with access to the mogdb port to access your database wit hout
a password, even if GS_PASSWORD is set.
It is not recommended to use GS_HOST_AUTH_METHOD=trust. Replace
it with "-e GS_PASSWORD=password" instead to set a password in
"docker run".
************************************************************************* *******
EOWARN
fi
}
# usage: docker_process_init_files [file [file [...]]]
# ie: docker_process_init_files /always-initdb.d/*
# process initializer files, based on file extensions and permissions
docker_process_init_files() {
# gsql here for backwards compatiblilty "${gsql[@]}"
gsql=( docker_process_sql )
echo
local f
for f; do
case "$f" in
*.sh)
if [ -x "$f" ]; then
echo "$0: running $f"
"$f"
else
echo "$0: sourcing $f"
. "$f"
fi
;;
*.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; ech o ;;
*.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
*) echo "$0: ignoring $f" ;;
esac
echo
done
}
# Execute sql script, passed via stdin (or -f flag of pqsl)
# usage: docker_process_sql [gsql-cli-args]
# ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
# ie: docker_process_sql -f my-file.sql
# ie: docker_process_sql <my-file.sql
# SQL运行传入
docker_process_sql() {
local query_runner=( gsql -v ON_ERROR_STOP=1 --username "$GS_USER" --dbname postgres)
echo "Execute SQL: ${query_runner[@]} $@"
"${query_runner[@]}" "$@"
}
# create initial database
# uses environment variables for input: GS_DB
# 创建DB
docker_setup_db() {
docker_process_sql --set passwd="$GS_PASSWORD" <<-'EOSQL'
create user mogdb with login password :"passwd" ;
CREATE DATABASE mogdb;
CREATE DATABASE mogila;
grant all privileges to mogdb;
ALTER USER mogdb MONADMIN;
EOSQL
}
# 创建用户
docker_setup_user() {
if [ -n "$GS_USERNAME" ]; then
GS_DB= docker_process_sql --set passwd="$GS_PASSWORD" --set user="$GS_USERNAME" <<-'EOSQL'
create user :"user" with login password :"passwd" ;
EOSQL
else
echo " default user is mogdb"
fi
}
#创建复制用户
docker_setup_rep_user() {
if [ -n "$SERVER_MODE" ] && [ "$SERVER_MODE" = "primary" ]; then
GS_DB= docker_process_sql --set passwd="RepUser@2020" --set user="repuser" <<-'E OSQL'
create user :"user" SYSADMIN REPLICATION password :"passwd" ;
EOSQL
else
echo " default no repuser created"
fi
}
# Loads various settings that are used elsewhere in the script
# This should be called before any other functions
docker_setup_env() {
export GS_USER=omm
file_env 'GS_PASSWORD' 'Enmo@123'
# file_env 'GS_USER' 'omm'
file_env 'GS_DB' "$GS_USER"
file_env 'POSTGRES_INITDB_ARGS'
# default authentication method is md5
: "${GS_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for OG_VERSION, as it is expected in the DB dir
if [ -s "$PGDATA/PG_VERSION" ]; then
DATABASE_ALREADY_EXISTS='true'
fi
}
# append GS_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
# 更添加hba条目
mogdb_setup_hba_conf() {
{
echo
if [ 'trust' = "$GS_HOST_AUTH_METHOD" ]; then
echo '# warning trust is enabled for all connections'
fi
echo "host all all 0.0.0.0/0 $GS_HOST_AUTH_METHOD"
echo "host replication mogdb 0.0.0.0/0 md5"
if [ -n "$SERVER_MODE" ]; then
echo "host replication repuser $OG_SUBNET trust"
fi
} >> "$PGDATA/pg_hba.conf"
}
# append parameter to postgres.conf for connections
# 配置文件定制
mogdb_setup_postgresql_conf() {
{
echo
if [ -n "$GS_PORT" ]; then
echo "password_encryption_type = 1"
echo "port = $GS_PORT"
echo "wal_level = logical"
else
echo '# use default port 5432'
echo "password_encryption_type = 1"
echo "wal_level = logical"
fi
if [ -n "$SERVER_MODE" ]; then
echo "listen_addresses = '0.0.0.0'"
echo "most_available_sync = on"
echo "remote_read_mode = non_authentication"
echo "pgxc_node_name = '$NODE_NAME'"
# echo "application_name = '$NODE_NAME'"
if [ "$SERVER_MODE" = "primary" ]; then
echo "max_connections = 100"
else
echo "max_connections = 100"
fi
echo -e "$REPL_CONN_INFO"
if [ -n "$SYNCHRONOUS_STANDBY_NAMES" ]; then
echo "synchronous_standby_names=$SYNCHRONOUS_STANDBY_NAMES"
fi
else
echo "listen_addresses = '*'"
fi
if [ -n "$OTHER_PG_CONF" ]; then
echo -e "$OTHER_PG_CONF"
fi
} >> "$PGDATA/postgresql.conf"
}
mogdb_setup_mot_conf() {
echo "enable_numa = false" >> "$PGDATA/mot.conf"
}
# start socket-only postgresql server for setting up or running scripts
# all arguments will be passed along as arguments to `postgres` (via pg_ctl)
# 数据库启动
docker_temp_server_start() {
if [ "$1" = 'mogdb' ]; then
shift
fi
# internal start of server in order to allow setup using gsql client
# does not listen on external TCP/IP and waits until start finishes
set -- "$@" -c listen_addresses='127.0.0.1' -p "${PGPORT:-5432}"
PGUSER="${PGUSER:-$GS_USER}" \
gs_ctl -D "$PGDATA" \
-o "$(printf '%q ' "$@")" \
-w start
}
# stop postgresql server after done setting up user and running scripts
# 数据库停止
docker_temp_server_stop() {
PGUSER="${PGUSER:-postgres}" \
gs_ctl -D "$PGDATA" -m fast -w stop
}
docker_slave_full_backup() {
gs_ctl build -D "$PGDATA" -b full
}
# check arguments for an option that would cause mogdb to stop
# return true if there is one
# 数据库插件安装
docker_setup_plugin(){
GS_DB= docker_process_sql <<-'EOSQL'
create extension dblink;
create extension orafce;
create extension pg_bulkload;
create extension pg_prewarm;
create extension pg_repack;
create extension pg_trgm;
EOSQL
}
docker_setup_compat_tools(){
cd /home/omm/compat-tools
docker_process_sql <<-'EOSQL'
\o /home/omm/compat-tools.log;
\i runMe.sql;
-- update pg_database set datallowconn = TRUE where datname = 'template0';
-- \c template0
-- \i runMe.sql;
-- update pg_database set datallowconn = FALSE where datname = 'template0';
EOSQL
}
# moglia安装
docker_setup_mogila(){
echo "GS_DB = $GS_DB"
cd /home/omm/mogila-v1.0.0
docker_process_sql --dbname mogila <<-'EOSQL'
\o /home/omm/mogila.log;
\i mogila-insert-data.sql;
EOSQL
}
# wal2json测试
docker_setup_slot() {
docker_process_sql <<-'EOSQL'
select * from pg_create_logical_replication_slot('wal2json', 'wal2json');
create table mogdb.test (id int primary key, name varchar2(20));
insert into mogdb.test values(1,'yun');
insert into mogdb.test values(2,'he');
insert into mogdb.test values(3,'enmo');
ALTER TABLE mogdb.test REPLICA IDENTITY FULL;
EOSQL
}
# 帮助
_mogdb_want_help() {
local arg
count=1
for arg; do
case "$arg" in
# postgres --help | grep 'then exit'
# leaving out -C on purpose since it always fails and is unhelpful:
# postgres: could not access the server configuration file "/var/lib/post gresql/data/postgresql.conf": No such file or directory
-'?'|--help|--describe-config|-V|--version)
return 0
;;
esac
if [ "$arg" == "-M" ]; then
SERVER_MODE=${@:$count+1:1}
echo "MogDB DB SERVER_MODE = $SERVER_MODE"
shift
fi
count=$[$count + 1]
done
return 1
}
# 执行函数主题,从上到下。
_main() {
# if first arg looks like a flag, assume we want to run postgres server
if [ "${1:0:1}" = '-' ]; then
set -- mogdb "$@"
fi
if [ "$1" = 'mogdb' ] && ! _mogdb_want_help "$@"; then
docker_setup_env
# setup data directories and permissions (when run as root)
docker_create_db_directories
if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user
exec gosu omm "$BASH_SOURCE" "$@"
fi
# only run initialization on an empty data directory
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
docker_verify_minimum_env
# check dir permissions to reduce likelihood of half-initialized database
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
mogdb_setup_hba_conf
mogdb_setup_postgresql_conf
mogdb_setup_mot_conf
# PGPASSWORD is required for gsql when authentication is required for 'lo cal' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB _ARGS
export PGPASSWORD="${PGPASSWORD:-$GS_PASSWORD}"
docker_temp_server_start "$@"
if [ -z "$SERVER_MODE" ] || [ "$SERVER_MODE" = "primary" ]; then
docker_setup_user
docker_setup_rep_user
docker_setup_plugin
docker_setup_compat_tools
docker_setup_db
docker_setup_mogila
docker_setup_slot
docker_process_init_files /docker-entrypoint-initdb.d/*
fi
if [ -n "$SERVER_MODE" ] && [ "$SERVER_MODE" != "primary" ]; then
docker_slave_full_backup
fi
docker_temp_server_stop
unset PGPASSWORD
echo
echo 'MogDB init process complete; ready for start up.'
echo
else
echo
echo 'MogDB Database directory appears to contain a database; Skipping in itialization'
echo
fi
fi
exec "$@"
}
if ! _is_sourced; then
_main "$@"
fi
