Mercurial > lada > lada-server

view db_schema/Dockerfile @ 1161:ea6b062e5305 pgaudit

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Use pgaudit to generate an audit trail. Upgrade to PostgreSQL 9.5 because it is a requirement for pgaudit. pgaudit/analyze can be used to transfer the audit trail into the database, but it seems to be easy to do this with pgaudit directly with some changes to the code.
author Tom Gottfried <tom@intevation.de>
date Tue, 08 Nov 2016 19:21:24 +0100
parents 259a6b638968
children e0a959e652c4
line wrap: on
line source
# Docker file for the LADA database on Debian
#
# build with e.g. `docker build --force-rm=true -t koala/lada_db .',
# then run with e.g.
# `docker run --name lada_db -dp 2345:5432 koala/lada_db:latest'
#
# For easier testing of schema or example data changes, it can be useful to add
# `-v $PWD:/opt/lada_sql/' and run setup-db.sh within the container.
#

FROM debian:jessie
MAINTAINER tom.gottfried@intevation.de

#
# Use utf-8
#
RUN echo \
    "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8" | \
    debconf-set-selections && \
    echo "locales locales/default_environment_locale select en_US.UTF-8" | \
    debconf-set-selections

RUN apt-get update -y && apt-get install -y locales

ENV LC_ALL en_US.UTF-8

#
# Install packages
#
RUN apt-get update && \
    apt-get install -y curl unzip make gcc
RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main" \
    >> /etc/apt/sources.list
RUN curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
            postgresql-9.5-postgis-2.3 postgresql-9.5-postgis-scripts postgis \
            postgresql-server-dev-9.5 \
            libdbi-perl libdbd-pg-perl # for pgaudit/analyze

#
# Add context as working directory
#
ADD . /opt/lada_sql/
WORKDIR /opt/lada_sql/

#
# Set environment variables
#
ENV PGCONF /etc/postgresql/9.5/main/postgresql.conf
ENV PGDATA /var/lib/postgresql/9.5/main

#
# Install pgaudit
#
# run `git clone https://github.com/pgaudit/pgaudit.git' within context
# before building image!
RUN sed -i '/^USE_PGXS/b;1iUSE_PGXS = yes' pgaudit/Makefile
RUN cd pgaudit && make install
RUN echo "shared_preload_libraries = 'pgaudit'" >> $PGCONF

#
# Use user postgres to run the next commands
#
USER postgres

RUN /etc/init.d/postgresql start && \
    psql --command "CREATE USER admin WITH SUPERUSER PASSWORD 'secret';"

#
# Adjust PostgreSQL configuration so that remote connections to the
# database are possible.
#
RUN echo "host all  all    0.0.0.0/0  md5" >> \
    /etc/postgresql/9.5/main/pg_hba.conf
RUN echo "listen_addresses='*'" >> $PGCONF

#
# Configure logging collector
# (because we use postgres directly in CMD,
# the usual collection from stderr does not work)
#
RUN echo "logging_collector = on" >> $PGCONF
RUN echo "log_directory = '/var/log/postgresql'" >> $PGCONF
#RUN echo "log_filename = 'postgresql-9.5-main.log'" >> $PGCONF
# for pgaudit/analyze
RUN echo "log_filename = '%F'" >> $PGCONF
RUN echo "log_destination = 'csvlog'" >> $PGCONF
RUN echo "log_connections = on" >> $PGCONF

#
# Expose the PostgreSQL port
#
EXPOSE 5432

#
# Create database
#
# Don't mind scary messages like
# 'FATAL: the database system is starting up'.
# It's because of the -w
#
RUN /usr/lib/postgresql/9.5/bin/pg_ctl start -wo "--config_file=$PGCONF" && \
    /opt/lada_sql/setup-db.sh && \
    /usr/lib/postgresql/9.5/bin/pg_ctl stop

#
# Set the default command to run when starting the container
#
CMD ["/usr/lib/postgresql/9.5/bin/postgres", \
     "--config_file=/etc/postgresql/9.5/main/postgresql.conf"]

# To use pgaudit/analyze from within the container:
# cd pgaudit/analyze/bin
# ./pgaudit_analyze /var/log/postgresql/ \
#     --log-file /var/log/postgresql/pgaudit_analyze.log
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)