Merge pull request #66 from cybertec-postgresql/UpdatePackages

Update packages

Author: Schmaetz

Makefile

@@ -1,17 +1,17 @@
 
 # Define Default if Values not exist
-BASE_IMAGE ?= rockylinux:9
+BASE_IMAGE ?= rockylinux/rockylinux:9
 BASEOS ?= rocky9
 CONTAINERIMAGE ?= rockylinux/rockylinux:9-ubi-micro
 IMAGE_REPOSITORY ?= docker.io
 IMAGE_PATH ?= cybertec-pg-container
 PGVERSION ?= 17
-PGVERSION_FULL ?= 17.4
+PGVERSION_FULL ?= 17.6
 OLD_PG_VERSIONS ?= 13 14 15 16
 PATRONI_VERSION ?= multisite-4.0.5.1
-PGBACKREST_VERSION ?= 2.55.0
+PGBACKREST_VERSION ?= 2.56.0
 POSTGIS_VERSION ?= 35
-ETCD_VERSION ?= 3.5.21
+ETCD_VERSION ?= 3.6.4
 PGBOUNCER_VERSION ?= 1.24
 PACKAGER ?= dnf
 BUILD ?= 1
@@ -20,8 +20,8 @@ IMAGE_TAG ?= $(BASEOS)-$(PGVERSION_FULL)-$(BUILD)
 POSTGIS_IMAGE_TAG ?= $(BASEOS)-$(PGVERSION_FULL)-$(POSTGIS_VERSION)-$(BUILD)
 
 # Public-Beta
-PUBLICBETA ?= 2
-BETAVERSION ?= 17
+PUBLICBETA ?= 3
+BETAVERSION ?= 18
 
 # Settings for the Build-Process
 BUILDWITH ?= docker

docker/base/Dockerfile

@@ -1,6 +1,7 @@
 ARG BASE_IMAGE
 ARG IMAGE_REPOSITORY
 ARG PATH
+ARG BASEOS
 FROM $BASE_IMAGE
 
 ARG PACKAGER
@@ -9,7 +10,6 @@ MAINTAINER CYBERTEC PostgreSQL International GmbH
 LABEL vendor="CYBERTEC PostgreSQL International GmbH" url="https://www.cybertec-postgresql.com"
 LABEL maintainer="Matthias Groemmer <matthias.groemmer@cybertec.at>"
 
-RUN ${PACKAGER} -y install --nodocs  https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm vim && ${PACKAGER} -y upgrade
 
 RUN ${PACKAGER} -y install --nodocs --noplugins --setopt=install_weak_deps=0  \
         bind-utils \
@@ -23,14 +23,15 @@ RUN ${PACKAGER} -y install --nodocs --noplugins --setopt=install_weak_deps=0  \
         glibc-langpack-en \
         openssh-clients \
         openssh-server \
+        dnf-plugin-config-manager \
      && ${PACKAGER} -y clean all ;
 
 #Enable CRB-Repo (Powertools)
 RUN ${PACKAGER} -y config-manager --set-enabled crb
+#Add Epel
+ RUN ${PACKAGER} -y install --nodocs  https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm -E %{rhel}).noarch.rpm vim && ${PACKAGER} -y upgrade
 #Add PostgreSQL-Repo to Base
-RUN ${PACKAGER} --nodocs --noplugins --setopt=install_weak_deps=0 install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-$(uname -i)/pgdg-redhat-repo-latest.noarch.rpm && ${PACKAGER} -y update && ${PACKAGER} -y clean all
-RUN ${PACKAGER} -qy module disable postgresql
-
-
-
-
+RUN ${PACKAGER} --nodocs --noplugins --setopt=install_weak_deps=0 install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-$(rpm -E %{rhel})-$(uname -m)/pgdg-redhat-repo-latest.noarch.rpm && ${PACKAGER} -y update && ${PACKAGER} -y clean all
+RUN if [ "$BASEOS" = "rocky9" ]; then \
+        ${PACKAGER} -qy module disable postgresql; \
+    fi

docker/exporter/Dockerfile

@@ -15,10 +15,10 @@ RUN ${PACKAGER} -y install --nodocs  \
 		make \
 		&& ${PACKAGER} -y clean all ;
 
-RUN wget https://go.dev/dl/go1.23.6.linux-amd64.tar.gz  && tar -xzf go1.23.6.linux-amd64.tar.gz && mv go /usr/local 
+RUN wget https://go.dev/dl/go1.24.4.linux-amd64.tar.gz  && tar -xzf go1.24.4.linux-amd64.tar.gz && mv go /usr/local 
 ENV PATH=$PATH:/usr/local/go/bin
 
-RUN git clone https://github.com/cybertec-postgresql/postgres_exporter.git && cd postgres_exporter && make build;
+RUN git clone https://github.com/prometheus-community/postgres_exporter.git && cd postgres_exporter && make build;
 
 FROM ${CONTAINERIMAGE}
 COPY --from=builder /usr/bin/dumb-init /usr/bin/dumb-init

docker/pg-public-beta/Dockerfile

@@ -18,7 +18,11 @@ ARG ARCH
 
 # Enable Beta-Repo
 RUN ${PACKAGER} config-manager --set-enabled pgdg${PGVERSION}-updates-testing \
-    && ${PACKAGER} config-manager --set-enabled pgdg${PGVERSION}-source-updates-testing;
+    && ${PACKAGER} config-manager --set-enabled pgdg${PGVERSION}-updates-testing-source;
+
+# Spilo-specific
+ENV PAM_OAUTH2=v1.0.1 \
+    PG_PERMISSIONS=REL_1_3
 
 # Get some Standard-Stuff
 RUN ${PACKAGER} -y update && ${PACKAGER} -y install --nodocs --noplugins --setopt=install_weak_deps=0 \
@@ -33,12 +37,12 @@ RUN ${PACKAGER} -y update && ${PACKAGER} -y install --nodocs --noplugins --setop
         python3-pip \
         python3-psycopg2 \
         git \
-        clang \
         patchutils \
         binutils \
         make \
         cmake \
         gcc \
+        clang \
         pam-devel \
         wget \
         mlocate \
@@ -53,6 +57,8 @@ RUN ${PACKAGER} -y update && ${PACKAGER} -y install --nodocs --noplugins --setop
         dumb-init \ 
         libicu \
         pgbackrest-${PGBACKREST_VERSION} \
+        cronie \
+        libcurl-devel \
 		&& ${PACKAGER} -y clean all;
 
 # install etcdctl
@@ -61,12 +67,27 @@ RUN curl -L https://github.com/coreos/etcd/releases/download/v${ETCD_VERSION}/et
 ENV PATHBACKUP = $PATH
 
 RUN wget https://smarden.org/runit/runit-2.1.2.tar.gz -P /package/
-
-RUN pip3 install 'PyYAML<6.0' setuptools pystache loader kazoo meld3 boto python-etcd psutil requests cdiff ydiff --upgrade \
-    && pip3 install patroni[kubernetes$EXTRAS]==$PATRONI_VERSION --upgrade \
+COPY cron_unprivileged.c /package/
+
+RUN pip3 install 'PyYAML<6.0' setuptools pystache loader kazoo meld3 boto python-etcd psutil requests cdiff ydiff==1.4.2 --upgrade \
+    && if [[ $PATRONI_VERSION == "multisite-"* ]]; then \
+        git clone -b $PATRONI_VERSION https://github.com/cybertec-postgresql/patroni; \
+        pip3 install ./patroni[kubernetes,etcd,etcd3]; \
+    else \
+        pip3 install patroni[kubernetes$EXTRAS]==$PATRONI_VERSION --upgrade; \
+    fi \
     && mkdir /usr/lib/postgresql \
+    # Install pam_oauth2.so
+    && git clone -b $PAM_OAUTH2 --recurse-submodules https://github.com/zalando-pg/pam-oauth2.git && make -C pam-oauth2 install \
+    && git clone -b $PG_PERMISSIONS https://github.com/cybertec-postgresql/pg_permissions.git \
+    && git clone https://github.com/dimitri/pgextwlist.git \
+    && git clone https://github.com/crunchydata/pgnodemx \
+\    
     && ${PACKAGER} -y install --nodocs --noplugins --setopt=install_weak_deps=0 postgresql${PGVERSION} libevent-devel brotli-devel libbrotli \
     && ${PACKAGER} -y clean all \
+\
+    # forbid creation of a main cluster when package is installed
+    #&& sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf \
 \
 # Install PostgreSQL
     && for version in $PG_SUPPORTED_VERSIONS; do \
@@ -75,18 +96,18 @@ RUN pip3 install 'PyYAML<6.0' setuptools pystache loader kazoo meld3 boto python
         # Install PostgreSQL binaries, contrib, plproxy and multiple pl's
             && ${PACKAGER} -y install -y postgresql${version}-contrib \
                     postgresql${version}-devel \
-                     \
             # Modify for using origial-spilo scripts
             && ln -s /usr/pgsql-${version} /usr/lib/postgresql/${version} \
-            && export PATH=$PATHBACKUP:/usr/pgsql-${version}/bin; \           
+            && export PATH=$PATHBACKUP:/usr/pgsql-${version}/bin; \
     done \
     && ${PACKAGER} -y install --nodocs --noplugins --setopt=install_weak_deps=0 glibc-static \
     && ${PACKAGER} -y clean all;
+    RUN gcc -s -shared -fPIC -o /usr/local/lib/cron_unprivileged.so /package/cron_unprivileged.c
 
     RUN cd /package && tar -xvzf runit-2.1.2.tar.gz && rm runit-2.1.2.tar.gz \
     && cd admin/runit-2.1.2 && package/install \
     && ln -s /usr/local/bin/runsvdir /usr/bin/runsvdir \
-    && rm -rf /pg_permissions* /pgextwlist /pg_stat_kcache /pgnodemx /timescaledb /set_user /pam-oauth2 \
+    && rm -rf /pg_permissions /pgextwlist /pg_stat_kcache /pgnodemx /timescaledb /pam-oauth2 \
     && rm /etc/pgbackrest.conf && rm -rf /var/spool/pgbackrest \
     && ${PACKAGER} -y remove $(rpm -qa "*devel*") python3-pip python3-wheel python3-dev python3-setuptools git patchutils flatpak glibc-static gcc glibc-devel \
     && ${PACKAGER} -y autoremove \
@@ -131,6 +152,7 @@ RUN rm -rf /etc/service && mkdir /home/postgres/pgdata && chown -R postgres:post
         chmod 755 $d/* \
         && ln -s /run/supervise/$(basename $d) $d/supervise; \
     done \
+    && chmod +r /etc/motd \
     && ln -snf $RW_DIR/service /etc/service \
     #&& ln -s $RW_DIR/pam.d-postgresql /etc/pam.d/postgresql \
     && ln -s $RW_DIR/postgres.yml $PGHOME/postgres.yml \
@@ -149,7 +171,7 @@ RUN rm -rf /etc/service && mkdir /home/postgres/pgdata && chown -R postgres:post
         do echo "export $e" >> /etc/bash.bashrc; \
     done \
     && ln -s /etc/skel/.bashrc $PGHOME/.bashrc \
-    && echo "source /etc/motd" >> /root/.bashrc \
+    && echo "source /etc/motd" >> /home/postgres/.bashrc \
     # Allow users in the root group to access the following files and dirs
     && if [ "$COMPRESS" != "true" ]; then \
         chmod 664 /etc/passwd \
@@ -165,6 +187,6 @@ COPY launcher/postgres/launch.sh /
 
 ENTRYPOINT ["/scripts/nss_wrapper/nss_wrapper.sh"]
 
-USER 26
+USER postgres
 
-CMD ["/bin/sh", "/launch.sh", "init"]
+CMD ["/bin/sh", "/launch.sh", "init"]

docker/pgbackrest-public-beta/Dockerfile

@@ -11,11 +11,11 @@ ARG PGBACKREST_VERSION
 ARG PGVERSION
 ARG OLD_PG_VERSIONS
 ARG PG_SUPPORTED_VERSIONS="$OLD_PG_VERSIONS $PGVERSION"
+ARG ARCH
 
 # Enable Beta-Repo
 RUN ${PACKAGER} config-manager --set-enabled pgdg${PGVERSION}-updates-testing \
-    && ${PACKAGER} config-manager --set-enabled pgdg${PGVERSION}-source-updates-testing \
-	&& ${PACKAGER} -y update;
+    && ${PACKAGER} config-manager --set-enabled pgdg${PGVERSION}-updates-testing-source;
 
 RUN ${PACKAGER} -y install --nodocs  \
 		--setopt=skip_missing_names_on_install=False \
@@ -42,7 +42,7 @@ RUN rm /etc/pgbackrest.conf
 RUN rm -rf /var/spool/pgbackrest
 
 # Add kubectl
-RUN curl -LO https://dl.k8s.io/release/v1.30.0/bin/linux/amd64/kubectl && chmod +x kubectl 
+RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${ARCH}/kubectl" && chmod +x kubectl 
 
 RUN mkdir -p /tmp/pgsql && cp -r /usr/pgsql* /tmp/pgsql
 RUN mkdir -p /tmp/pg && cp -r /usr/bin/pg* /tmp/pg
@@ -158,6 +158,6 @@ VOLUME ["sshd", "/home/postgres/pgdata", "/backrestrepo"]
 
 ENTRYPOINT ["/scripts/nss_wrapper/nss_wrapper.sh"]
 
-USER 26
+USER postgres
 
 CMD ["dumb-init", "/launch.sh", "init"]

docker/pgbackrest/Dockerfile

@@ -24,7 +24,7 @@ RUN ${PACKAGER} -y install --nodocs  \
 		dumb-init \
 		jq \
 		pgbackrest-${PGBACKREST_VERSION} \
-	&& ${PACKAGER} -y clean all ; 
+	&& ${PACKAGER} -y clean all; 
 
 # Install postgres-server
 RUN ${PACKAGER} -y update \