[bitnami/pgpool] Release 4.6.3-debian-12-r5 (#87554)
Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>
This commit is contained in:
Bitnami Bot
GitHub
parent
d034f35a10
commit
e3a79663b2
|
|
@ -7,7 +7,7 @@ ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith"
|
|||
ARG TARGETARCH
|
||||
|
||||
LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
|
||||
org.opencontainers.image.created="2025-10-14T09:02:33Z" \
|
||||
org.opencontainers.image.created="2025-10-14T11:42:42Z" \
|
||||
org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
|
||||
org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/pgpool/README.md" \
|
||||
org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/pgpool" \
|
||||
|
|
@ -51,7 +51,7 @@ COPY rootfs /
|
|||
RUN /opt/bitnami/scripts/pgpool/postunpack.sh
|
||||
ENV APP_VERSION="4.6.3" \
|
||||
BITNAMI_APP_NAME="pgpool" \
|
||||
IMAGE_REVISION="4" \
|
||||
IMAGE_REVISION="5" \
|
||||
LD_LIBRARY_PATH="/opt/bitnami/common/lib:/opt/bitnami/common/lib64:$LD_LIBRARY_PATH" \
|
||||
PATH="/opt/bitnami/common/bin:/opt/bitnami/postgresql/bin:/opt/bitnami/pgpool/bin:/opt/bitnami/common/sbin:$PATH"
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# Copyright Broadcom, Inc. All Rights Reserved.
|
||||
# SPDX-License-Identifier: APACHE-2.0
|
||||
#
|
||||
# Bitnami Pgpool library
|
||||
# Bitnami Pgpool-II library
|
||||
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
|
||||
|
|
@ -134,11 +134,13 @@ pgpool_validate() {
|
|||
fi
|
||||
|
||||
# Check for Authentication method
|
||||
if ! [[ "$PGPOOL_AUTHENTICATION_METHOD" =~ ^(md5|scram-sha-256)$ ]]; then
|
||||
print_validation_error "The values allowed for PGPOOL_AUTHENTICATION_METHOD: md5,scram-sha-256"
|
||||
if ! [[ "$PGPOOL_AUTHENTICATION_METHOD" =~ ^(md5|scram-sha-256|trust)$ ]]; then
|
||||
print_validation_error "The values allowed for PGPOOL_AUTHENTICATION_METHOD: md5,scram-sha-256,trust"
|
||||
elif [[ "$PGPOOL_AUTHENTICATION_METHOD" = "trust" ]]; then
|
||||
warn "You set 'trust' as authentication method. For safety reasons, do not use this method in production environments."
|
||||
fi
|
||||
|
||||
# check for required environment variables for scram-sha-256 based authentication
|
||||
# Check for required environment variables for scram-sha-256 based authentication
|
||||
if [[ "$PGPOOL_AUTHENTICATION_METHOD" = "scram-sha-256" ]]; then
|
||||
# If scram-sha-256 is enabled, pg_pool_password cannot be disabled
|
||||
if ! is_boolean_yes "$PGPOOL_ENABLE_POOL_PASSWD"; then
|
||||
|
|
@ -250,18 +252,21 @@ pgpool_healthcheck() {
|
|||
pgpool_create_pghba() {
|
||||
local all_authentication="$PGPOOL_AUTHENTICATION_METHOD"
|
||||
is_boolean_yes "$PGPOOL_ENABLE_LDAP" && all_authentication="pam pamservice=pgpool"
|
||||
local postgres_auth_line=""
|
||||
local sr_check_auth_line=""
|
||||
local postgres_authentication="scram-sha-256"
|
||||
# We avoid using 'trust' for the postgres user even if PGPOOL_AUTHENTICATION_METHOD is set to 'trust'
|
||||
[[ "$PGPOOL_AUTHENTICATION_METHOD" = "md5" ]] && postgres_authentication="md5"
|
||||
|
||||
info "Generating pg_hba.conf file..."
|
||||
|
||||
local postgres_auth_line=""
|
||||
if is_boolean_yes "$PGPOOL_ENABLE_POOL_PASSWD"; then
|
||||
postgres_auth_line="host all ${PGPOOL_POSTGRES_USERNAME} all ${PGPOOL_AUTHENTICATION_METHOD}"
|
||||
postgres_auth_line="host all ${PGPOOL_POSTGRES_USERNAME} all ${postgres_authentication}"
|
||||
fi
|
||||
local sr_check_auth_line=""
|
||||
if [[ -n "$PGPOOL_SR_CHECK_USER" ]]; then
|
||||
sr_check_auth_line="host all ${PGPOOL_SR_CHECK_USER} all ${PGPOOL_AUTHENTICATION_METHOD}"
|
||||
sr_check_auth_line="host all ${PGPOOL_SR_CHECK_USER} all ${postgres_authentication}"
|
||||
fi
|
||||
|
||||
cat >>"$PGPOOL_PGHBA_FILE" <<EOF
|
||||
cat >"$PGPOOL_PGHBA_FILE" <<EOF
|
||||
local all all trust
|
||||
EOF
|
||||
|
||||
|
|
@ -387,9 +392,12 @@ pgpool_create_config() {
|
|||
# Authentication settings
|
||||
# ref: http://www.pgpool.net/docs/latest/en/html/runtime-config-connection.html#RUNTIME-CONFIG-AUTHENTICATION-SETTINGS
|
||||
pgpool_set_property "enable_pool_hba" "$(is_boolean_yes "$PGPOOL_ENABLE_POOL_HBA" && echo "on" || echo "off")"
|
||||
# allow_clear_text_frontend_auth only works when enable_pool_hba is not enabled
|
||||
# ref: https://www.pgpool.net/docs/latest/en/html/runtime-config-connection.html#GUC-ALLOW-CLEAR-TEXT-FRONTEND-AUTH
|
||||
pgpool_set_property "allow_clear_text_frontend_auth" "$(is_boolean_yes "$PGPOOL_ENABLE_POOL_HBA" && echo "off" || echo "on")"
|
||||
if ! is_boolean_yes "$PGPOOL_ENABLE_POOL_HBA" || [[ "$PGPOOL_AUTHENTICATION_METHOD" = "trust" ]]; then
|
||||
pgpool_set_property "allow_clear_text_frontend_auth" "on"
|
||||
else
|
||||
pgpool_set_property "allow_clear_text_frontend_auth" "off"
|
||||
fi
|
||||
pgpool_set_property "pool_passwd" "$pool_passwd"
|
||||
pgpool_set_property "authentication_timeout" "30"
|
||||
# File Locations settings
|
||||
|
|
@ -470,8 +478,9 @@ pgpool_create_config() {
|
|||
pgpool_encrypt_execute() {
|
||||
local -a password_encryption_cmd=("pg_md5")
|
||||
|
||||
if [[ "$PGPOOL_AUTHENTICATION_METHOD" = "scram-sha-256" ]]; then
|
||||
|
||||
# If authentication method for 'all' users is 'trust', we still use
|
||||
# pg_enc to generate encrypted passwords for 'postgres' and 'sr_check' users
|
||||
if [[ "$PGPOOL_AUTHENTICATION_METHOD" =~ ^(scram-sha-256|trust)$ ]]; then
|
||||
if is_file_writable "$PGPOOLKEYFILE"; then
|
||||
# Creating a PGPOOLKEYFILE as it is writeable
|
||||
echo "$PGPOOL_AES_KEY" > "$PGPOOLKEYFILE"
|
||||
|
|
@ -529,7 +538,7 @@ pgpool_generate_password_file() {
|
|||
pgpool_encrypt_password() {
|
||||
local -r password="${1:?missing password}"
|
||||
|
||||
if [[ "$PGPOOL_AUTHENTICATION_METHOD" = "scram-sha-256" ]]; then
|
||||
if [[ "$PGPOOL_AUTHENTICATION_METHOD" =~ ^(scram-sha-256|trust)$ ]]; then
|
||||
pgpool_encrypt_execute "$password" | grep -o -E "AES.+" | tr -d '\n'
|
||||
else
|
||||
pgpool_encrypt_execute "$password" | tr -d '\n'
|
||||
|
|
|
|||
|
|
@ -134,7 +134,7 @@ export PGPOOL_SR_CHECK_PASSWORD="${PGPOOL_SR_CHECK_PASSWORD:-}"
|
|||
export PGPOOL_SR_CHECK_DATABASE="${PGPOOL_SR_CHECK_DATABASE:-postgres}"
|
||||
export PGPOOL_SR_CHECK_PERIOD="${PGPOOL_SR_CHECK_PERIOD:-30}"
|
||||
export PGPOOL_HEALTH_CHECK_USER="${PGPOOL_HEALTH_CHECK_USER:-$PGPOOL_SR_CHECK_USER}"
|
||||
export PGPOOL_HEALTH_CHECK_PASSWORD="${PGPOOL_HEALTH_CHECK_PASSWORD:-}"
|
||||
export PGPOOL_HEALTH_CHECK_PASSWORD="${PGPOOL_HEALTH_CHECK_PASSWORD:-$PGPOOL_SR_CHECK_PASSWORD}"
|
||||
export PGPOOL_ADMIN_USERNAME="${PGPOOL_ADMIN_USERNAME:-}"
|
||||
export PGPOOL_ADMIN_PASSWORD="${PGPOOL_ADMIN_PASSWORD:-}"
|
||||
export PGPOOL_POSTGRES_USERNAME="${PGPOOL_POSTGRES_USERNAME:-postgres}"
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# Copyright Broadcom, Inc. All Rights Reserved.
|
||||
# SPDX-License-Identifier: APACHE-2.0
|
||||
#
|
||||
# Bitnami Pgpool entrypoint
|
||||
# Bitnami Pgpool-II entrypoint
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# Copyright Broadcom, Inc. All Rights Reserved.
|
||||
# SPDX-License-Identifier: APACHE-2.0
|
||||
#
|
||||
# Bitnami Pgpool healthcheck
|
||||
# Bitnami Pgpool-II healthcheck
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# Copyright Broadcom, Inc. All Rights Reserved.
|
||||
# SPDX-License-Identifier: APACHE-2.0
|
||||
#
|
||||
# Bitnami Pgpool postunpack
|
||||
# Bitnami Pgpool-II postunpack
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# Copyright Broadcom, Inc. All Rights Reserved.
|
||||
# SPDX-License-Identifier: APACHE-2.0
|
||||
#
|
||||
# Bitnami Pgpool run
|
||||
# Bitnami Pgpool-II run
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# Copyright Broadcom, Inc. All Rights Reserved.
|
||||
# SPDX-License-Identifier: APACHE-2.0
|
||||
#
|
||||
# Bitnami Pgpool setup
|
||||
# Bitnami Pgpool-II setup
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
|
||||
|
|
@ -20,12 +20,12 @@ set -o pipefail
|
|||
# Load LDAP environment variables
|
||||
eval "$(ldap_env)"
|
||||
|
||||
# Ensure Pgpool environment variables are valid
|
||||
# Ensure Pgpool-II environment variables are valid
|
||||
pgpool_validate
|
||||
# Ensure 'daemon' user exists when running as 'root'
|
||||
am_i_root && ensure_user_exists "$PGPOOL_DAEMON_USER" --group "$PGPOOL_DAEMON_GROUP"
|
||||
am_i_root && ensure_user_exists "$LDAP_NSLCD_USER" --group "$LDAP_NSLCD_GROUP"
|
||||
# Ensure Pgpool is initialized
|
||||
# Ensure Pgpool-II is initialized
|
||||
pgpool_initialize
|
||||
# Ensure LDAP is initialized
|
||||
is_boolean_yes "$PGPOOL_ENABLE_LDAP" && ldap_initialize
|
||||
|
|
|
|||
|
|
@ -487,7 +487,7 @@ This command will prompt for a password, this password is the one set in the env
|
|||
| `PGPOOL_SR_CHECK_DATABASE` | Pgpool-II Streaming Replication Check database. | `postgres` |
|
||||
| `PGPOOL_SR_CHECK_PERIOD` | Pgpool-II Streaming Replication Check period (in seconds). | `30` |
|
||||
| `PGPOOL_HEALTH_CHECK_USER` | Pgpool-II Health Check username. | `$PGPOOL_SR_CHECK_USER` |
|
||||
| `PGPOOL_HEALTH_CHECK_PASSWORD` | Pgpool-II Health Check password. | `nil` |
|
||||
| `PGPOOL_HEALTH_CHECK_PASSWORD` | Pgpool-II Health Check password. | `$PGPOOL_SR_CHECK_PASSWORD` |
|
||||
| `PGPOOL_ADMIN_USERNAME` | Pgpool-II Admin username. | `nil` |
|
||||
| `PGPOOL_ADMIN_PASSWORD` | Pgpool-II Admin password. | `nil` |
|
||||
| `PGPOOL_POSTGRES_USERNAME` | PostgreSQL backend admin username. | `postgres` |
|
||||
|
|
|
|||
Loading…
Reference in New Issue