diff --git a/bitnami/postgresql-repmgr/11/ol-7/Dockerfile b/bitnami/postgresql-repmgr/11/ol-7/Dockerfile index e769ddf95236..634023ab470d 100644 --- a/bitnami/postgresql-repmgr/11/ol-7/Dockerfile +++ b/bitnami/postgresql-repmgr/11/ol-7/Dockerfile @@ -11,13 +11,12 @@ COPY prebuildfs / # Install required system packages and dependencies RUN install_packages ca-certificates curl glibc gzip hostname keyutils-libs krb5-libs libaio-devel libcom_err libedit libgcc libicu libselinux libstdc++ libuuid libxml2 libxslt ncurses-libs openssl-libs pcre procps-ng sqlite sudo tar which xz-libs zlib RUN . ./libcomponent.sh && component_unpack "postgresql-repmgr" "11.5.0-2" --checksum 193853b4ec5c2e86ce0201bcc58bbb7626b92a9ff06e4bc0a3313195f97fa0b3 -RUN curl --silent -L https://github.com/tianon/gosu/releases/download/1.11/gosu-amd64 > /usr/local/bin/gosu && echo 0b843df6d86e270c5b0f5cbd3c326a04e18f4b7f9b8457fa497b0454c4b138d7 /usr/local/bin/gosu | sha256sum --check && chmod u+x /usr/local/bin/gosu && mkdir -p /opt/bitnami/licenses && curl --silent -L https://raw.githubusercontent.com/tianon/gosu/master/LICENSE > /opt/bitnami/licenses/gosu-1.11.txt COPY rootfs / RUN rpm -Uvh --nodeps $(repoquery --location nss_wrapper) RUN /postunpack.sh ENV BITNAMI_APP_NAME="postgresql-repmgr" \ - BITNAMI_IMAGE_VERSION="11.5.0-ol-7-r34" \ + BITNAMI_IMAGE_VERSION="11.5.0-ol-7-r35" \ NAMI_PREFIX="/.nami" \ NSS_WRAPPER_LIB="/usr/lib64/libnss_wrapper.so" \ PATH="/opt/bitnami/postgresql-repmgr/bin:/opt/bitnami/repmgr/bin:/opt/bitnami/postgresql/bin:$PATH" diff --git a/bitnami/postgresql-repmgr/11/ol-7/rootfs/libpostgresql.sh b/bitnami/postgresql-repmgr/11/ol-7/rootfs/libpostgresql.sh index e6256a52cee4..772f1424aa87 100644 --- a/bitnami/postgresql-repmgr/11/ol-7/rootfs/libpostgresql.sh +++ b/bitnami/postgresql-repmgr/11/ol-7/rootfs/libpostgresql.sh @@ -142,6 +142,19 @@ export POSTGRESQL_REPLICATION_USER="${POSTGRESQL_REPLICATION_USER:-}" export POSTGRESQL_SYNCHRONOUS_COMMIT_MODE="${POSTGRESQL_SYNCHRONOUS_COMMIT_MODE:-on}" export POSTGRESQL_FSYNC="${POSTGRESQL_FSYNC:-on}" export POSTGRESQL_USERNAME="${POSTGRESQL_USERNAME:-postgres}" +export POSTGRESQL_ENABLE_LDAP="${POSTGRESQL_ENABLE_LDAP:-no}" +export POSTGRESQL_LDAP_URL="${POSTGRESQL_LDAP_URL:-}" +export POSTGRESQL_LDAP_PREFIX="${POSTGRESQL_LDAP_PREFIX:-}" +export POSTGRESQL_LDAP_SUFFIX="${POSTGRESQL_LDAP_SUFFIX:-}" +export POSTGRESQL_LDAP_SERVER="${POSTGRESQL_LDAP_SERVER:-}" +export POSTGRESQL_LDAP_PORT="${POSTGRESQL_LDAP_PORT:-}" +export POSTGRESQL_LDAP_SCHEME="${POSTGRESQL_LDAP_SCHEME:-}" +export POSTGRESQL_LDAP_TLS="${POSTGRESQL_LDAP_TLS:-}" +export POSTGRESQL_LDAP_BASE_DN="${POSTGRESQL_LDAP_BASE_DN:-}" +export POSTGRESQL_LDAP_BIND_DN="${POSTGRESQL_LDAP_BIND_DN:-}" +export POSTGRESQL_LDAP_BIND_PASSWORD="${POSTGRESQL_LDAP_BIND_PASSWORD:-}" +export POSTGRESQL_LDAP_SEARCH_ATTR="${POSTGRESQL_LDAP_SEARCH_ATTR:-}" +export POSTGRESQL_LDAP_SEARCH_FILTER="${POSTGRESQL_LDAP_SEARCH_FILTER:-}" # Internal export POSTGRESQL_FIRST_BOOT="yes" @@ -266,6 +279,14 @@ postgresql_validate() { fi fi + if ! is_yes_no_value "$POSTGRESQL_ENABLE_LDAP"; then + empty_password_error "The values allowed for POSTGRESQL_ENABLE_LDAP are: yes or no" + fi + + if is_boolean_yes "$POSTGRESQL_ENABLE_LDAP" && [[ -n "$POSTGRESQL_LDAP_URL" ]] && [[ -n "$POSTGRESQL_LDAP_SERVER" ]]; then + empty_password_error "You can not set POSTGRESQL_LDAP_URL and POSTGRESQL_LDAP_SERVER at the same time. Check your LDAP configuration." + fi + [[ "$error_code" -eq 0 ]] || exit "$error_code" } @@ -290,6 +311,62 @@ postgresql_create_config() { sed -i -E "/#include_dir/i include_dir = 'conf.d'" "$POSTGRESQL_CONF_FILE" } +######################## +# Create ldap auth configuration in pg_hba, +# but keeps postgres user to authenticate locally +# Globals: +# POSTGRESQL_* +# Arguments: +# None +# Returns: +# None +######################### +postgresql_ldap_auth_configuration() { + postgresql_info "Generating LDAP authentication configuration" + local ldap_configuration="" + + if [[ -n "$POSTGRESQL_LDAP_URL" ]]; then + ldap_configuration="ldapurl=\"$POSTGRESQL_LDAP_URL\"" + else + ldap_configuration="ldapserver=${POSTGRESQL_LDAP_SERVER}" + + [[ -n "$POSTGRESQL_LDAP_PREFIX" ]] && ldap_configuration+=" ldapprefix=\"${POSTGRESQL_LDAP_PREFIX}\"" + [[ -n "$POSTGRESQL_LDAP_SUFFIX" ]] && ldap_configuration+=" ldapsuffix=\"${POSTGRESQL_LDAP_SUFFIX}\"" + [[ -n "$POSTGRESQL_LDAP_PORT" ]] && ldap_configuration+=" ldapport=${POSTGRESQL_LDAP_PORT}" + [[ -n "$POSTGRESQL_LDAP_BASE_DN" ]] && ldap_configuration+=" ldapbasedn=\"${POSTGRESQL_LDAP_BASE_DN}\"" + [[ -n "$POSTGRESQL_LDAP_BIND_DN" ]] && ldap_configuration+=" ldapbinddn=\"${POSTGRESQL_LDAP_BIND_DN}\"" + [[ -n "$POSTGRESQL_LDAP_BIND_PASSWORD" ]] && ldap_configuration+=" ldapbindpasswd=${POSTGRESQL_LDAP_BIND_PASSWORD}" + [[ -n "$POSTGRESQL_LDAP_SEARCH_ATTR" ]] && ldap_configuration+=" ldapsearchattribute=${POSTGRESQL_LDAP_SEARCH_ATTR}" + [[ -n "$POSTGRESQL_LDAP_SEARCH_FILTER" ]] && ldap_configuration+=" ldapsearchfilter=\"${POSTGRESQL_LDAP_SEARCH_FILTER}\"" + [[ -n "$POSTGRESQL_LDAP_TLS" ]] && ldap_configuration+=" ldaptls=${POSTGRESQL_LDAP_TLS}" + [[ -n "$POSTGRESQL_LDAP_SCHEME" ]] && ldap_configuration+=" ldapscheme=${POSTGRESQL_LDAP_SCHEME}" + fi + + cat << EOF > "$POSTGRESQL_PGHBA_FILE" +host all postgres 0.0.0.0/0 trust +host all postgres ::1/128 trust +host all all 0.0.0.0/0 ldap $ldap_configuration +host all all ::1/128 ldap $ldap_configuration +EOF +} + +######################## +# Create local auth configuration in pg_hba +# Globals: +# POSTGRESQL_* +# Arguments: +# None +# Returns: +# None +######################### +postgresql_password_auth_configuration() { + postgresql_info "Generating local authentication configuration" + cat << EOF > "$POSTGRESQL_PGHBA_FILE" +host all all 0.0.0.0/0 trust +host all all ::1/128 trust +EOF +} + ######################## # Create basic pg_hba.conf file # Globals: @@ -301,10 +378,12 @@ postgresql_create_config() { ######################### postgresql_create_pghba() { postgresql_info "pg_hba.conf file not detected. Generating it..." - cat << EOF > "$POSTGRESQL_PGHBA_FILE" -host all all 0.0.0.0/0 trust -host all all ::1/128 trust -EOF + + if is_boolean_yes "$POSTGRESQL_ENABLE_LDAP"; then + postgresql_ldap_auth_configuration + else + postgresql_password_auth_configuration + fi } ######################## diff --git a/bitnami/postgresql-repmgr/README.md b/bitnami/postgresql-repmgr/README.md index 214529a58a78..4b05f329c3dc 100644 --- a/bitnami/postgresql-repmgr/README.md +++ b/bitnami/postgresql-repmgr/README.md @@ -46,7 +46,7 @@ Learn more about the Bitnami tagging policy and the difference between rolling t * [`12-ol-7`, `12.0.0-ol-7-r7` (12/ol-7/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql-repmgr/blob/12.0.0-ol-7-r7/12/ol-7/Dockerfile) * [`12-debian-9`, `12.0.0-debian-9-r6`, `12`, `12.0.0`, `12.0.0-r6` (12/debian-9/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql-repmgr/blob/12.0.0-debian-9-r6/12/debian-9/Dockerfile) * [`12-centos-7`, `12.0.0-centos-7-r8` (12/centos-7/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql-repmgr/blob/12.0.0-centos-7-r8/12/centos-7/Dockerfile) -* [`11-ol-7`, `11.5.0-ol-7-r34` (11/ol-7/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql-repmgr/blob/11.5.0-ol-7-r34/11/ol-7/Dockerfile) +* [`11-ol-7`, `11.5.0-ol-7-r35` (11/ol-7/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql-repmgr/blob/11.5.0-ol-7-r35/11/ol-7/Dockerfile) * [`11-debian-9`, `11.5.0-debian-9-r26`, `11`, `11.5.0`, `11.5.0-r26`, `latest` (11/debian-9/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql-repmgr/blob/11.5.0-debian-9-r26/11/debian-9/Dockerfile) * [`11-centos-7`, `11.5.0-centos-7-r35` (11/centos-7/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql-repmgr/blob/11.5.0-centos-7-r35/11/centos-7/Dockerfile) * [`10-ol-7`, `10.10.0-ol-7-r33` (10/ol-7/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql-repmgr/blob/10.10.0-ol-7-r33/10/ol-7/Dockerfile)