lada/lada-server: db_schema/Dockerfile comparison

comparison db_schema/Dockerfile @ 1161:ea6b062e5305 pgaudit

Use pgaudit to generate an audit trail. Upgrade to PostgreSQL 9.5 because it is a requirement for pgaudit. pgaudit/analyze can be used to transfer the audit trail into the database, but it seems to be easy to do this with pgaudit directly with some changes to the code.

author	Tom Gottfried <tom@intevation.de>
date	Tue, 08 Nov 2016 19:21:24 +0100
parents	259a6b638968
children	e0a959e652c4

comparison

equal deleted inserted replaced

-:5d2c68a4c344
+:ea6b062e5305
-# Docker file for postgresql 9.4 on debain
+# Docker file for the LADA database on Debian
 #
 # build with e.g. `docker build --force-rm=true -t koala/lada_db .',
 # then run with e.g.
 # `docker run --name lada_db -dp 2345:5432 koala/lada_db:latest'
 #
 #
 # Install packages
 #
 RUN apt-get update && \
-apt-get install -y postgresql-9.4-postgis-2.1 postgis curl unzip
+apt-get install -y curl unzip make gcc
+RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main" \
+>> /etc/apt/sources.list
+RUN curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
+RUN apt-get update && \
+apt-get install -y --no-install-recommends \
+postgresql-9.5-postgis-2.3 postgresql-9.5-postgis-scripts postgis \
+postgresql-server-dev-9.5 \
+libdbi-perl libdbd-pg-perl # for pgaudit/analyze
+#
+# Add context as working directory
+#
+ADD . /opt/lada_sql/
+WORKDIR /opt/lada_sql/
+#
+# Set environment variables
+#
+ENV PGCONF /etc/postgresql/9.5/main/postgresql.conf
+ENV PGDATA /var/lib/postgresql/9.5/main
+#
+# Install pgaudit
+#
+# run `git clone https://github.com/pgaudit/pgaudit.git' within context
+# before building image!
+RUN sed -i '/^USE_PGXS/b;1iUSE_PGXS = yes' pgaudit/Makefile
+RUN cd pgaudit && make install
+RUN echo "shared_preload_libraries = 'pgaudit'" >> $PGCONF
 #
 # Use user postgres to run the next commands
 #
 USER postgres
 #
 # Adjust PostgreSQL configuration so that remote connections to the
 # database are possible.
 #
 RUN echo "host all  all    0.0.0.0/0  md5" >> \
-/etc/postgresql/9.4/main/pg_hba.conf
+/etc/postgresql/9.5/main/pg_hba.conf
+RUN echo "listen_addresses='*'" >> $PGCONF
-RUN echo "listen_addresses='*'" >> /etc/postgresql/9.4/main/postgresql.conf
+#
+# Configure logging collector
+# (because we use postgres directly in CMD,
+# the usual collection from stderr does not work)
+#
+RUN echo "logging_collector = on" >> $PGCONF
+RUN echo "log_directory = '/var/log/postgresql'" >> $PGCONF
+#RUN echo "log_filename = 'postgresql-9.5-main.log'" >> $PGCONF
+# for pgaudit/analyze
+RUN echo "log_filename = '%F'" >> $PGCONF
+RUN echo "log_destination = 'csvlog'" >> $PGCONF
+RUN echo "log_connections = on" >> $PGCONF
 #
 # Expose the PostgreSQL port
 #
 EXPOSE 5432
 #
 # Don't mind scary messages like
 # 'FATAL: the database system is starting up'.
 # It's because of the -w
 #
-ADD . /opt/lada_sql/
+RUN /usr/lib/postgresql/9.5/bin/pg_ctl start -wo "--config_file=$PGCONF" && \
-WORKDIR /opt/lada_sql/
+/opt/lada_sql/setup-db.sh && \
+/usr/lib/postgresql/9.5/bin/pg_ctl stop
-RUN /usr/lib/postgresql/9.4/bin/pg_ctl start -wD /etc/postgresql/9.4/main/ && \
-/opt/lada_sql/setup-db.sh
 #
 # Set the default command to run when starting the container
 #
-CMD ["/usr/lib/postgresql/9.4/bin/postgres", "-D", \
+CMD ["/usr/lib/postgresql/9.5/bin/postgres", \
-"/var/lib/postgresql/9.4/main", "-c", \
+"--config_file=/etc/postgresql/9.5/main/postgresql.conf"]
-"config_file=/etc/postgresql/9.4/main/postgresql.conf"]
+# To use pgaudit/analyze from within the container:
+# cd pgaudit/analyze/bin
+# ./pgaudit_analyze /var/log/postgresql/ \
+#     --log-file /var/log/postgresql/pgaudit_analyze.log

Mercurial > lada > lada-server

comparison db_schema/Dockerfile @ 1161:ea6b062e5305 pgaudit