docker 安裝單機版 opengauss5.0.1

前言

因為官網的鏡像直接安裝不成功，所以才寫的這邊文章

1、下載openGauss

地址： https://opengauss.org/zh/download/
下載名稱為：openGauss-5.0.1-CentOS-64bit.tar.bz2

1.1、下載gosu-amd64

下載 gosu-amd64

2、制作鏡像(和官網保持一致)

FROM centos:centos7.9.2009
COPY openGauss-5.0.1-CentOS-64bit.tar.bz2 .
COPY gosu-amd64 /usr/local/bin/gosu
ENV LANG en_US.utf8
RUN set -eux; \yum install -y bzip2 bzip2-devel curl libaio&& \groupadd -g 70 omm;  \useradd -u 70 -g omm -d /home/omm omm;  \mkdir -p /var/lib/opengauss && \mkdir -p /usr/local/opengauss && \mkdir -p /var/run/opengauss  && \mkdir /docker-entrypoint-initdb.d && \tar -jxf openGauss-5.0.1-CentOS-64bit.tar.bz2 -C /usr/local/opengauss && \chown -R omm:omm /var/run/opengauss && chown -R omm:omm /usr/local/opengauss && chown -R omm:omm /var/lib/opengauss &&  chown -R omm:omm /docker-entrypoint-initdb.d && \chmod 2777 /var/run/opengauss && \rm -rf openGauss-5.0.1-CentOS-64bit.tar.bz2 && yum clean allRUN set -eux; \echo "export GAUSSHOME=/usr/local/opengauss"  >> /home/omm/.bashrc && \echo "export PATH=\$GAUSSHOME/bin:\$PATH " >> /home/omm/.bashrc && \echo "export LD_LIBRARY_PATH=\$GAUSSHOME/lib:\$LD_LIBRARY_PATH" >> /home/omm/.bashrcENV GOSU_VERSION 1.12
RUN set -eux; \chmod +x /usr/local/bin/gosuENV PGDATA /var/lib/opengauss/dataCOPY entrypoint.sh /usr/local/bin/
RUN chmod 755 /usr/local/bin/entrypoint.sh;ln -s /usr/local/bin/entrypoint.sh / # backwards compatENTRYPOINT ["entrypoint.sh"]EXPOSE 5432
CMD ["gaussdb"]# docker build -t 192.168.0.117:8089/library/single-opengauss:5.0.1 .
# docker push 192.168.0.117:8089/library/single-opengauss:5.0.1

2.1、二次修改鏡像中的 entrypoint.sh 文件

#!/usr/bin/env bash
set -Eeo pipefail# usage: file_env VAR [DEFAULT]
#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)export GAUSSHOME=/usr/local/opengauss
export PATH=$GAUSSHOME/bin:$PATH
export LD_LIBRARY_PATH=$GAUSSHOME/lib:$LD_LIBRARY_PATHfile_env() {local var="$1"local fileVar="${var}_FILE"local def="${2:-}"if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; thenecho >&2 "error: both $var and $fileVar are set (but are exclusive)"exit 1filocal val="$def"if [ "${!var:-}" ]; thenval="${!var}"elif [ "${!fileVar:-}" ]; thenval="$(< "${!fileVar}")"fiexport "$var"="$val"unset "$fileVar"
}# check to see if this file is being run or sourced from another script
_is_sourced() {[ "${#FUNCNAME[@]}" -ge 2 ] \&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \&& [ "${FUNCNAME[1]}" = 'source' ]
}# used to create initial opengauss directories and if run as root, ensure ownership belong to the omm user
docker_create_db_directories() {local user; user="$(id -u)"mkdir -p "$PGDATA"chmod 700 "$PGDATA"# ignore failure since it will be fine when using the image provided directory;mkdir -p /var/run/opengauss || :chmod 775 /var/run/opengauss || :# Create the transaction log directory before initdb is run so the directory is owned by the correct userif [ -n "$POSTGRES_INITDB_XLOGDIR" ]; thenmkdir -p "$POSTGRES_INITDB_XLOGDIR"if [ "$user" = '0' ]; thenfind "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +fichmod 700 "$POSTGRES_INITDB_XLOGDIR"fi# allow the container to be started with `--user`if [ "$user" = '0' ]; thenfind "$PGDATA" \! -user omm -exec chown omm '{}' +find /var/run/opengauss \! -user omm -exec chown omm '{}' +fi
}# initialize empty PGDATA directory with new database via 'initdb'
# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
# this is also where the database user is created, specified by `GS_USER` env
docker_init_database_dir() {# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessaryif ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; thenexport LD_PRELOAD='/usr/lib/libnss_wrapper.so'export NSS_WRAPPER_PASSWD="$(mktemp)"export NSS_WRAPPER_GROUP="$(mktemp)"echo "postgres:x:$(id -u):$(id -g):PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD"echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"fiif [ -n "$POSTGRES_INITDB_XLOGDIR" ]; thenset -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"fiif [ -n "$GS_NODENAME" ]; then
#                eval 'gs_initdb --pwfile=<(echo "$GS_PASSWORD") --nodename=$GS_NODENAME '"$POSTGRES_INITDB_ARGS"' "$@"'eval 'gs_initdb --pwfile=<(echo "$GS_PASSWORD") --nodename=$GS_NODENAME -D $PGDATA'else
#                eval 'gs_initdb --pwfile=<(echo "$GS_PASSWORD") --nodename=gaussdb '"$POSTGRES_INITDB_ARGS"' "$@"'eval 'gs_initdb --pwfile=<(echo "$GS_PASSWORD") --nodename=gaussdb -D $PGDATA'fi# unset/cleanup "nss_wrapper" bitsif [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; thenrm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUPfi
}# print large warning if GS_PASSWORD is long
# error if both GS_PASSWORD is empty and GS_HOST_AUTH_METHOD is not 'trust'
# print large warning if GS_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {# check password first so we can output the warning before postgres# messes it upif [[ "$GS_PASSWORD" =~  ^(.{8,}).*$ ]] &&  [[ "$GS_PASSWORD" =~ ^(.*[a-z]+).*$ ]] && [[ "$GS_PASSWORD" =~ ^(.*[A-Z]).*$ ]] &&  [[ "$GS_PASSWORD" =~ ^(.*[0-9]).*$ ]] && [[ "$GS_PASSWORD" =~ ^(.*[#?!@$%^&*-]).*$ ]]; thencat >&2 <<-'EOWARN'Message: The supplied GS_PASSWORD is meet requirements.EOWARNelsecat >&2 <<-'EOWARN'Error: The supplied GS_PASSWORD is not meet requirements.Please Check if the password contains uppercase, lowercase, numbers, special characters, and password length(8).At least one uppercase, lowercase, numeric, special character.Example: Enmo@123
EOWARNexit 1fiif [ -z "$GS_PASSWORD" ] && [ 'trust' != "$GS_HOST_AUTH_METHOD" ]; then# The - option suppresses leading tabs but *not* spaces. :)cat >&2 <<-'EOE'Error: Database is uninitialized and superuser password is not specified.You must specify GS_PASSWORD to a non-empty value for thesuperuser. For example, "-e GS_PASSWORD=password" on "docker run".You may also use "GS_HOST_AUTH_METHOD=trust" to allow allconnections without a password. This is *not* recommended.EOEexit 1fiif [ 'trust' = "$GS_HOST_AUTH_METHOD" ]; thencat >&2 <<-'EOWARN'********************************************************************************WARNING: GS_HOST_AUTH_METHOD has been set to "trust". This will allowanyone with access to the opengauss port to access your database withouta password, even if GS_PASSWORD is set.It is not recommended to use GS_HOST_AUTH_METHOD=trust. Replaceit with "-e GS_PASSWORD=password" instead to set a password in"docker run".********************************************************************************
EOWARNfi
}# usage: docker_process_init_files [file [file [...]]]
#    ie: docker_process_init_files /always-initdb.d/*
# process initializer files, based on file extensions and permissions
docker_process_init_files() {# gsql here for backwards compatiblilty "${gsql[@]}"gsql=( docker_process_sql )echolocal ffor f; docase "$f" in*.sh)if [ -x "$f" ]; thenecho "$0: running $f""$f"elseecho "$0: sourcing $f". "$f"fi;;*.sql)    echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;*.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;*)        echo "$0: ignoring $f" ;;esacechodone
}# Execute sql script, passed via stdin (or -f flag of pqsl)
# usage: docker_process_sql [gsql-cli-args]
#    ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
#    ie: docker_process_sql -f my-file.sql
#    ie: docker_process_sql <my-file.sql
docker_process_sql() {local query_runner=( gsql -v ON_ERROR_STOP=1 --username "$GS_USER" --password "$GS_PASSWORD")if [ -n "$GS_DB" ]; thenquery_runner+=( --dbname "$GS_DB" )fiecho "Execute SQL: ${query_runner[@]} $@""${query_runner[@]}" "$@"
}# create initial database
# uses environment variables for input: GS_DB
docker_setup_db() {echo "GS_DB = $GS_DB"if [ "$GS_DB" != 'postgres' ]; thenGS_DB= docker_process_sql --dbname postgres --set db="$GS_DB" --set passwd="$GS_PASSWORD" --set passwd="$GS_PASSWORD" <<-'EOSQL'CREATE DATABASE :"db" ;create user gaussdb with login password :"passwd" ;grant all privileges to gaussdb;EOSQLechofi
}docker_setup_user() {if [ -n "$GS_USERNAME" ]; thenGS_DB= docker_process_sql --dbname postgres --set db="$GS_DB" --set passwd="$GS_PASSWORD" --set user="$GS_USERNAME" <<-'EOSQL'create user :"user" with login password :"passwd" ;
EOSQLelseecho " default user is gaussdb"fi
}docker_setup_rep_user() {if [ -n "$SERVER_MODE" ] && [ "$SERVER_MODE" = "primary" ]; thenGS_DB= docker_process_sql --dbname postgres --set passwd="$GS_PASSWORD" --set user="repuser" <<-'EOSQL'create user :"user" SYSADMIN REPLICATION password :"passwd" ;
EOSQLelseecho " default no repuser created"fi
}# Loads various settings that are used elsewhere in the script
# This should be called before any other functions
docker_setup_env() {export GS_USER=ommfile_env 'GS_PASSWORD'# file_env 'GS_USER' 'omm'file_env 'GS_DB' "$GS_USER"file_env 'POSTGRES_INITDB_ARGS'# default authentication method is md5: "${GS_HOST_AUTH_METHOD:=md5}"declare -g DATABASE_ALREADY_EXISTS# look specifically for OG_VERSION, as it is expected in the DB dirif [ -s "$PGDATA/PG_VERSION" ]; thenDATABASE_ALREADY_EXISTS='true'fi
}# append GS_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
opengauss_setup_hba_conf() {{echoif [ 'trust' = "$GS_HOST_AUTH_METHOD" ]; thenecho '# warning trust is enabled for all connections'fiecho "host all all 0.0.0.0/0 $GS_HOST_AUTH_METHOD"echo "host replication gaussdb 0.0.0.0/0 md5"if [ -n "$SERVER_MODE" ]; thenecho "host replication repuser $OG_SUBNET trust"fi} >> "$PGDATA/pg_hba.conf"
}# append parameter to postgres.conf for connections
opengauss_setup_postgresql_conf() {{echoif [ -n "$GS_PORT" ]; thenecho "password_encryption_type = 0"echo "port = $GS_PORT"echo "wal_level = logical"elseecho '# use default port 5432'echo "password_encryption_type = 0"echo "wal_level = logical"fiif [ -n "$SERVER_MODE" ]; thenecho "listen_addresses = '0.0.0.0'"echo "most_available_sync = on"echo "remote_read_mode = non_authentication"echo "pgxc_node_name = '$NODE_NAME'"# echo "application_name = '$NODE_NAME'"if [ "$SERVER_MODE" = "primary" ]; thenecho "max_connections = 100"elseecho "max_connections = 100"fiecho -e "$REPL_CONN_INFO"if [ -n "$SYNCHRONOUS_STANDBY_NAMES" ]; thenecho "synchronous_standby_names=$SYNCHRONOUS_STANDBY_NAMES"fielseecho "listen_addresses = '*'"fiif [ -n "$OTHER_PG_CONF" ]; thenecho -e "$OTHER_PG_CONF"fi} >> "$PGDATA/postgresql.conf"
}opengauss_setup_mot_conf() {echo "enable_numa = false" >> "$PGDATA/mot.conf"
}# start socket-only postgresql server for setting up or running scripts
# all arguments will be passed along as arguments to `postgres` (via pg_ctl)
docker_temp_server_start() {if [ "$1" = 'gaussdb' ]; thenshiftfiPGUSER="${PGUSER:-$GS_USER}" \gs_ctl -D "$PGDATA" \-w start
}# stop postgresql server after done setting up user and running scripts
docker_temp_server_stop() {PGUSER="${PGUSER:-postgres}" \gs_ctl -D "$PGDATA" -m fast -w stop
}docker_slave_full_backup() {gs_ctl build -D "$PGDATA" -b full
}# check arguments for an option that would cause opengauss to stop
# return true if there is one
docker_setup_slot() {
cp /usr/local/opengauss/wal2json.so /usr/local/opengauss/lib/postgresqlGS_DB= docker_process_sql --dbname postgres --set db="$GS_DB" --set passwd="$GS_PASSWORD" --set user="$GS_USERNAME" <<-'EOSQL'select * from pg_create_logical_replication_slot('wal2json', 'wal2json');create table gaussdb.test (id int primary key, name varchar2(20));insert into gaussdb.test values(1,'yun');insert into gaussdb.test values(2,'he');insert into gaussdb.test values(3,'enmo');ALTER TABLE gaussdb.test REPLICA IDENTITY FULL;
EOSQL
}_opengauss_want_help() {local argcount=1for arg; docase "$arg" in# postgres --help | grep 'then exit'# leaving out -C on purpose since it always fails and is unhelpful:# postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory-'?'|--help|--describe-config|-V|--version)return 0;;esacif [ "$arg" == "-M" ]; thenSERVER_MODE=${@:$count+1:1}echo "openGauss DB SERVER_MODE = $SERVER_MODE"shiftficount=$[$count + 1]donereturn 1
}_main() {# if first arg looks like a flag, assume we want to run postgres serverif [ "${1:0:1}" = '-' ]; thenset -- gaussdb "$@"fiif [ "$1" = 'gaussdb' ] && ! _opengauss_want_help "$@"; thendocker_setup_env# setup data directories and permissions (when run as root)docker_create_db_directoriesif [ "$(id -u)" = '0' ]; then# then restart script as postgres userexec gosu omm "$BASH_SOURCE" "$@"fi# only run initialization on an empty data directoryif [ -z "$DATABASE_ALREADY_EXISTS" ]; thendocker_verify_minimum_env# check dir permissions to reduce likelihood of half-initialized databasels /docker-entrypoint-initdb.d/ > /dev/nulldocker_init_database_diropengauss_setup_hba_confopengauss_setup_postgresql_confopengauss_setup_mot_conf# PGPASSWORD is required for gsql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGSexport PGPASSWORD="${PGPASSWORD:-$GS_PASSWORD}"docker_temp_server_start "$@"if [ -z "$SERVER_MODE" ] || [ "$SERVER_MODE" = "primary" ]; thendocker_setup_dbdocker_setup_userdocker_setup_rep_user
#                        docker_setup_slotdocker_process_init_files /docker-entrypoint-initdb.d/*fi#todo 注意刪除這里
#                        if [ -n "$SERVER_MODE" ] && [ "$SERVER_MODE" != "primary" ]; then
#                            docker_slave_full_backup
#                        fidocker_temp_server_stopunset PGPASSWORDechoecho 'openGauss  init process complete; ready for start up.'echoelseechoecho 'openGauss Database directory appears to contain a database; Skipping initialization'echofifiexec "$@"
}if ! _is_sourced; then_main "$@"
fi

2.2、 build Dokcerfile

docker build -t single-opengauss:5.0.1 .

3、docker部署

docker run --name opengauss --privileged=true -d -e GS_PASSWORD=Enmo@123 opengauss:5.0.1

3.1、k8s部署

apiVersion: apps/v1
kind: Deployment
metadata:annotations:description: opengaussname: opengaussnamespace: test
spec:replicas: 1selector:matchLabels:app: opengausstemplate:metadata:labels:app: opengaussspec:containers:- env:- name: GS_PASSWORDvalue: "Enmo@123"#根據自己docker build的名稱執行image: single-opengauss:5.0.1
#          imagePullPolicy: IfNotPresentimagePullPolicy: Alwaysname: opengausssecurityContext:privileged: trueports:- containerPort: 5432name: tcpvolumeMounts:- name: volume-opengauss-datamountPath: /var/lib/opengauss/datavolumes:- name: volume-opengauss-datahostPath:path: /app/test/opengauss/datatype: DirectoryOrCreate---
apiVersion: v1
kind: Service
metadata:name: opengaussnamespace: test
spec:ports:- port: 5432protocol: TCPtargetPort: 5432nodePort: 30034selector:app: opengausstype: NodePort# su opengauss