118 lines
4.7 KiB
Docker
118 lines
4.7 KiB
Docker
#==============================================================#
|
|
# File : Dockerfile
|
|
# Desc : Pigsty Docker Image based on Debian 13 (Trixie)
|
|
# Ctime : 2025-01-27
|
|
# Mtime : 2025-01-27
|
|
# License : Apache-2.0 @ https://pigsty.io/docs/about/license
|
|
# Copyright : 2018-2025 Ruohang Feng / Vonng (rh@vonng.com)
|
|
#==============================================================#
|
|
FROM debian:trixie
|
|
|
|
ARG VERSION=4.0.0
|
|
|
|
LABEL maintainer="Ruohang Feng <rh@vonng.com>"
|
|
LABEL org.opencontainers.image.title="Pigsty"
|
|
LABEL org.opencontainers.image.description="Pigsty - PostgreSQL in Great STYle"
|
|
LABEL org.opencontainers.image.url="https://pigsty.io"
|
|
LABEL org.opencontainers.image.source="https://github.com/pgsty/pigsty"
|
|
LABEL org.opencontainers.image.version="${VERSION}"
|
|
|
|
ENV container=docker \
|
|
DEBIAN_FRONTEND=noninteractive \
|
|
TZ=Asia/Shanghai \
|
|
LANG=en_US.UTF-8 \
|
|
LC_ALL=en_US.UTF-8 \
|
|
PIGSTY_VERSION=v${VERSION}
|
|
|
|
#--------------------------------------------------------------#
|
|
# System Setup
|
|
#--------------------------------------------------------------#
|
|
# Create postgres user/group with fixed UID/GID=543
|
|
RUN groupadd -g 543 postgres && useradd -u 543 -g 543 -m -s /bin/bash postgres
|
|
|
|
# Install systemd and essential packages
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
systemd systemd-sysv dbus dbus-user-session \
|
|
openssh-server openssh-client sudo \
|
|
locales ca-certificates curl wget \
|
|
vim git jq lz4 make bash lsof rsync ncdu \
|
|
python3 procps iproute2 net-tools iputils-ping \
|
|
&& apt-get clean \
|
|
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
|
|
|
#--------------------------------------------------------------#
|
|
# Systemd Configuration for Container
|
|
#--------------------------------------------------------------#
|
|
RUN cd /lib/systemd/system/sysinit.target.wants/ \
|
|
&& rm -f $(ls | grep -v systemd-tmpfiles-setup) \
|
|
&& rm -f /lib/systemd/system/multi-user.target.wants/* \
|
|
&& rm -f /etc/systemd/system/*.wants/* \
|
|
&& rm -f /lib/systemd/system/local-fs.target.wants/* \
|
|
&& rm -f /lib/systemd/system/sockets.target.wants/*udev* \
|
|
&& rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
|
|
&& rm -f /lib/systemd/system/basic.target.wants/* \
|
|
&& rm -f /lib/systemd/system/anaconda.target.wants/* \
|
|
&& rm -f /lib/systemd/system/plymouth* \
|
|
&& rm -f /lib/systemd/system/systemd-update-utmp* \
|
|
&& systemctl set-default multi-user.target
|
|
|
|
# Mask services that cause issues in containers
|
|
RUN systemctl mask \
|
|
dev-hugepages.mount \
|
|
sys-fs-fuse-connections.mount \
|
|
systemd-update-utmp.service \
|
|
console-getty.service
|
|
|
|
#--------------------------------------------------------------#
|
|
# Locale and Timezone
|
|
#--------------------------------------------------------------#
|
|
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen \
|
|
&& locale-gen en_US.UTF-8 \
|
|
&& ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime \
|
|
&& echo "${TZ}" > /etc/timezone
|
|
|
|
#--------------------------------------------------------------#
|
|
# SSH Configuration
|
|
#--------------------------------------------------------------#
|
|
RUN mkdir -p /run/sshd /root/.ssh \
|
|
&& chmod 700 /root/.ssh \
|
|
&& ssh-keygen -A \
|
|
&& sed -i 's/#\?PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config \
|
|
&& sed -i 's/#\?PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config \
|
|
&& systemctl enable ssh
|
|
|
|
# Generate SSH keypair and configure passwordless localhost access
|
|
RUN ssh-keygen -t rsa -b 2048 -N '' -f /root/.ssh/id_rsa \
|
|
&& cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys \
|
|
&& chmod 600 /root/.ssh/authorized_keys \
|
|
&& printf 'Host *\n StrictHostKeyChecking no\n UserKnownHostsFile /dev/null\n' >> /etc/ssh/ssh_config
|
|
|
|
#--------------------------------------------------------------#
|
|
# Sudo and Root Password
|
|
#--------------------------------------------------------------#
|
|
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/nopasswd \
|
|
&& chmod 440 /etc/sudoers.d/nopasswd \
|
|
&& echo 'root:pigsty' | chpasswd
|
|
|
|
#--------------------------------------------------------------#
|
|
# Install pig CLI and Initialize Pigsty
|
|
#--------------------------------------------------------------#
|
|
RUN echo "deb [trusted=yes] https://repo.pigsty.cc/apt/infra/ generic main" \
|
|
> /etc/apt/sources.list.d/pigsty.list \
|
|
&& apt-get update \
|
|
&& apt-get install -y --no-install-recommends pig \
|
|
&& apt-get clean \
|
|
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
|
|
|
# Initialize Pigsty source and install Ansible
|
|
RUN pig sty init -v ${PIGSTY_VERSION} \
|
|
&& pig sty boot \
|
|
&& pig sty conf -c docker --ip 127.0.0.1
|
|
|
|
RUN mkdir -p /data
|
|
WORKDIR /root/pigsty
|
|
VOLUME ["/data"]
|
|
EXPOSE 22 80 443 5432
|
|
STOPSIGNAL SIGRTMIN+3
|
|
CMD ["/lib/systemd/systemd"]
|