From ccb43aeeaef1cd83e9426752ecd976cf8a00cc9a Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Sat, 10 Nov 2018 12:55:08 +0800 Subject: [PATCH 1/6] fix(Dockerfile): empty continuation lines will become errors in a future release --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 48e637e..da0f89e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,11 @@ FROM postgres:11 ARG DEBIAN_FRONTEND=noninteractive +ARG BUILD_DEPS='gcc git libffi-dev libssl-dev python3-dev python3-pip python3-wheel' -RUN buildDeps='gcc git libffi-dev libssl-dev python3-dev python3-pip python3-wheel' && \ - apt-get update && \ +RUN apt-get update && \ apt-get install -y --no-install-recommends \ - $buildDeps \ + $BUILD_DEPS \ gosu \ lzop \ libpq-dev \ From 779533ff7085af69a683ef1e7c456731c920d32a Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 12 Nov 2018 14:48:41 +0000 Subject: [PATCH 2/6] fix(WARNING): MSG: WALE_S3_ENDPOINT defined, ignoring AWS_REGION --- Dockerfile | 3 ++- rootfs/bin/create_bucket | 4 ++-- rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh | 2 +- .../{patch_wal_e_s3.py => patch_boto_s3.py} | 2 +- rootfs/patcher-script.py | 10 ++++++---- 5 files changed, 12 insertions(+), 9 deletions(-) rename rootfs/patcher-script.d/{patch_wal_e_s3.py => patch_boto_s3.py} (82%) diff --git a/Dockerfile b/Dockerfile index 16ba718..ff83d63 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,7 +36,8 @@ RUN apt-get purge -y --auto-remove $BUILD_DEPS && \ COPY rootfs / ENV WALE_ENVDIR=/etc/wal-e.d/env RUN mkdir -p $WALE_ENVDIR -RUN python3 /patcher-script.py +RUN python3 /patcher-script.py /bin/create_bucket +RUN python3 /patcher-script.py /usr/local/bin/wal-e CMD ["/docker-entrypoint.sh", "postgres"] EXPOSE 5432 diff --git a/rootfs/bin/create_bucket b/rootfs/bin/create_bucket index 2d23f63..21377d9 100755 --- a/rootfs/bin/create_bucket +++ b/rootfs/bin/create_bucket @@ -20,7 +20,7 @@ def bucket_exists(conn, name): return True bucket_name = os.getenv('BUCKET_NAME') -region = os.getenv('AWS_REGION') +region = os.getenv('S3_REGION') if os.getenv('DATABASE_STORAGE') == "s3": conn = boto.s3.connect_to_region(region) @@ -85,6 +85,6 @@ else: port=int(os.getenv('S3_PORT')), calling_format=OrdinaryCallingFormat()) # HACK(bacongobbler): allow boto to connect to minio by changing the region name for s3v4 auth - conn.auth_region_name = os.getenv('AWS_REGION') + conn.auth_region_name = os.getenv('S3_REGION') if not bucket_exists(conn, bucket_name): conn.create_bucket(bucket_name) diff --git a/rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh b/rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh index 9c343e1..e2c00af 100755 --- a/rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh +++ b/rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh @@ -36,7 +36,7 @@ if [[ "$DATABASE_STORAGE" == "s3" || "$DATABASE_STORAGE" == "minio" ]]; then else echo "1" > AWS_INSTANCE_PROFILE fi - echo $AWS_REGION > AWS_REGION + echo $AWS_REGION > S3_REGION echo $BUCKET_NAME > BUCKET_NAME elif [ "$DATABASE_STORAGE" == "gcs" ]; then GOOGLE_APPLICATION_CREDENTIALS="/var/run/secrets/deis/objectstore/creds/key.json" diff --git a/rootfs/patcher-script.d/patch_wal_e_s3.py b/rootfs/patcher-script.d/patch_boto_s3.py similarity index 82% rename from rootfs/patcher-script.d/patch_wal_e_s3.py rename to rootfs/patcher-script.d/patch_boto_s3.py index 1cdd429..1ac58d3 100644 --- a/rootfs/patcher-script.d/patch_wal_e_s3.py +++ b/rootfs/patcher-script.d/patch_boto_s3.py @@ -4,7 +4,7 @@ def patch_wal_e_hmac_auth_v4_handler(): _init = HmacAuthV4Handler.__init__ def wrap_init(self, *args, **kwargs): _init(self, *args, **kwargs) - self.region_name = os.getenv('AWS_REGION', self.region_name) + self.region_name = os.getenv('S3_REGION', self.region_name) HmacAuthV4Handler.__init__ = wrap_init diff --git a/rootfs/patcher-script.py b/rootfs/patcher-script.py index 2f6a7cc..3e7e178 100644 --- a/rootfs/patcher-script.py +++ b/rootfs/patcher-script.py @@ -1,3 +1,5 @@ +import sys + patch_script = """ def run_patch_scripts(patch_script_path): @@ -15,18 +17,18 @@ def run_patch_scripts(patch_script_path): """ -def main(): +def main(patch_file): result_list = [] - with open("/usr/local/bin/wal-e", "r") as f: + with open(patch_file, "r") as f: has_patched = False for line in f: if not has_patched and line.startswith('import'): result_list.append(patch_script) has_patched = True result_list.append(line) - with open("/usr/local/bin/wal-e", "w") as f: + with open(patch_file, "w") as f: for line in result_list: f.write(line) if __name__ == '__main__': - main() + main(sys.argv[1]) From 589cb44e16d83f14a0551616fdb2d4a226c69c0d Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 12 Nov 2018 16:53:44 +0000 Subject: [PATCH 3/6] feat(minio): support the latest minio --- Dockerfile | 8 ++++-- rootfs/bin/create_bucket | 6 ++-- rootfs/patcher-script.d/patch_boto_s3.py | 7 ++--- rootfs/patcher-script.d/patch_wal_e_s3.py | 18 ++++++++++++ rootfs/patcher-script.py | 35 ++++++++++++++--------- 5 files changed, 51 insertions(+), 23 deletions(-) create mode 100644 rootfs/patcher-script.d/patch_wal_e_s3.py diff --git a/Dockerfile b/Dockerfile index ff83d63..e99e863 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,8 +36,12 @@ RUN apt-get purge -y --auto-remove $BUILD_DEPS && \ COPY rootfs / ENV WALE_ENVDIR=/etc/wal-e.d/env RUN mkdir -p $WALE_ENVDIR -RUN python3 /patcher-script.py /bin/create_bucket -RUN python3 /patcher-script.py /usr/local/bin/wal-e + +ARG PATCH_CMD="python3 /patcher-script.py" +RUN $PATCH_CMD file /bin/create_bucket /patcher-script.d/patch_boto_s3.py +RUN $PATCH_CMD file /usr/local/bin/wal-e /patcher-script.d/patch_boto_s3.py +RUN $PATCH_CMD module wal_e.worker.worker_util /patcher-script.d/patch_wal_e_s3.py + CMD ["/docker-entrypoint.sh", "postgres"] EXPOSE 5432 diff --git a/rootfs/bin/create_bucket b/rootfs/bin/create_bucket index 21377d9..e9caec9 100755 --- a/rootfs/bin/create_bucket +++ b/rootfs/bin/create_bucket @@ -76,9 +76,11 @@ elif os.getenv('DATABASE_STORAGE') == "swift": conn.put_container(os.getenv('BUCKET_NAME')) else: - botoconfig.add_section('s3') + if not botoconfig.has_section("s3"): + botoconfig.add_section('s3') botoconfig.set('s3', 'use-sigv4', 'True') - botoconfig.add_section('Boto') + if not botoconfig.has_section("Boto"): + botoconfig.add_section('Boto') botoconfig.set('Boto', 'is_secure', 'False') conn = S3Connection( host=os.getenv('S3_HOST'), diff --git a/rootfs/patcher-script.d/patch_boto_s3.py b/rootfs/patcher-script.d/patch_boto_s3.py index 1ac58d3..1ebb176 100644 --- a/rootfs/patcher-script.d/patch_boto_s3.py +++ b/rootfs/patcher-script.d/patch_boto_s3.py @@ -1,4 +1,4 @@ -def patch_wal_e_hmac_auth_v4_handler(): +def patch_boto_s3_hmac_auth_v4_handler(): import os from boto.auth import HmacAuthV4Handler _init = HmacAuthV4Handler.__init__ @@ -6,7 +6,4 @@ def wrap_init(self, *args, **kwargs): _init(self, *args, **kwargs) self.region_name = os.getenv('S3_REGION', self.region_name) HmacAuthV4Handler.__init__ = wrap_init - - -if __name__ == '__main__': - patch_wal_e_hmac_auth_v4_handler() +patch_boto_s3_hmac_auth_v4_handler() diff --git a/rootfs/patcher-script.d/patch_wal_e_s3.py b/rootfs/patcher-script.d/patch_wal_e_s3.py new file mode 100644 index 0000000..1b2d4ea --- /dev/null +++ b/rootfs/patcher-script.d/patch_wal_e_s3.py @@ -0,0 +1,18 @@ +def patch_uri_put_file(): + import os + from wal_e.blobstore import s3 + from wal_e.blobstore.s3 import s3_util + def wrap_uri_put_file(creds, uri, fp, content_type=None, conn=None): + assert fp.tell() == 0 + k = s3_util._uri_to_key(creds, uri, conn=conn) + if content_type is not None: + k.content_type = content_type + if os.getenv('DATABASE_STORAGE') == 's3': + encrypt_key=True + else: + encrypt_key=False + k.set_contents_from_file(fp, encrypt_key=encrypt_key) + return k + s3.uri_put_file = wrap_uri_put_file + s3_util.uri_put_file = wrap_uri_put_file +patch_uri_put_file() diff --git a/rootfs/patcher-script.py b/rootfs/patcher-script.py index 3e7e178..56f149e 100644 --- a/rootfs/patcher-script.py +++ b/rootfs/patcher-script.py @@ -1,34 +1,41 @@ import sys -patch_script = """ +patch_script_tmp = """ def run_patch_scripts(patch_script_path): - import os - for patch in os.listdir(patch_script_path): - full_patch_file = os.path.join(patch_script_path, patch) - if full_patch_file.endswith('.py') and os.path.isfile(full_patch_file): - with open(full_patch_file, 'r') as f: - try: - exec(f.read()) - except: - pass -run_patch_scripts('/patcher-script.d') + with open(patch_script_path, 'r') as f: + try: + exec(f.read()) + except: + pass +run_patch_scripts("%s") """ -def main(patch_file): +def main(patch_file, patch_script_file): result_list = [] + patch_script = patch_script_tmp % patch_script_file with open(patch_file, "r") as f: has_patched = False for line in f: - if not has_patched and line.startswith('import'): + if (line.startswith('import') or line.startswith('from')) \ + and not has_patched: result_list.append(patch_script) has_patched = True result_list.append(line) + if not has_patched: result_list.append(patch_script) with open(patch_file, "w") as f: for line in result_list: f.write(line) if __name__ == '__main__': - main(sys.argv[1]) + patch_type = sys.argv[1] + if patch_type == 'file': + patch_file = sys.argv[2] + elif patch_type == 'module': + module = __import__(sys.argv[2], fromlist=True) + patch_file = module.__file__ + patch_script_file = sys.argv[3] + main(patch_file, patch_script_file) + From f854953db2430fae0f7d1f570f3b1e12ba195f90 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Sun, 18 Nov 2018 01:03:49 +0800 Subject: [PATCH 4/6] feat(postgres): modify the docker base image as postgres:11-alpine --- Dockerfile | 68 ++++++++----------- .../templates/database-deployment.yaml | 2 +- rootfs/bin/create_bucket | 2 +- rootfs/bin/is_running | 2 +- .../003_restore_from_backup.sh | 11 +-- .../004_run_backups.sh | 2 +- rootfs/docker-entrypoint.sh | 8 +-- 7 files changed, 45 insertions(+), 50 deletions(-) diff --git a/Dockerfile b/Dockerfile index e99e863..e6118e0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,47 +1,39 @@ -FROM postgres:11 - -ARG DEBIAN_FRONTEND=noninteractive -ARG BUILD_DEPS='gcc git libffi-dev libssl-dev python3-dev python3-pip python3-wheel' - -RUN apt-get update && \ - apt-get install -y --no-install-recommends \ - $BUILD_DEPS \ - gosu \ - lzop \ - libpq-dev \ - pv \ - python3 \ - util-linux \ - # swift package needs pkg_resources and setuptools - python3-pkg-resources \ - python3-setuptools \ - python3-pip && \ - ln -sf /usr/bin/python3 /usr/bin/python && \ - ln -sf /usr/bin/pip3 /usr/bin/pip - -# setuptools from ubuntu archives is too old for googleapis-common-protos -RUN pip install --upgrade setuptools && \ - pip install --disable-pip-version-check --no-cache-dir \ - envdir==1.0.1 \ - wal-e[aws,azure,google,swift]==1.1.0 \ - gcloud==0.18.3 \ - oauth2client==4.1.3 \ - azure-storage==0.20.0 - -# cleanup -RUN apt-get purge -y --auto-remove $BUILD_DEPS && \ - apt-get autoremove -y && \ - apt-get clean -y +FROM postgres:11-alpine + +ENV WALE_LOG_DESTINATION stderr +ENV WALE_ENVDIR /etc/wal-e.d/env + +RUN mkdir -p $WALE_ENVDIR \ + && echo 'http://dl-cdn.alpinelinux.org/alpine/v3.5/main' >> /etc/apk/repositories \ + && apk add --update --virtual .build-deps \ + git \ + build-base \ + libffi-dev \ + openssl-dev \ + python3-dev=3.5.6-r0 \ + linux-headers \ + && apk add \ + lzo \ + pv \ + util-linux \ + python3=3.5.6-r0 \ + && pip3 install --upgrade pip setuptools \ + && pip install --disable-pip-version-check --no-cache-dir \ + psycopg2-binary==2.7.6.1 \ + envdir==1.0.1 \ + wal-e[aws,azure,google,swift]==1.1.0 \ + gcloud==0.18.3 \ + oauth2client==4.1.3 \ + azure-storage==0.20.0 \ + && apk del .build-deps \ + && rm -rf /var/cache/apk/* COPY rootfs / -ENV WALE_ENVDIR=/etc/wal-e.d/env -RUN mkdir -p $WALE_ENVDIR ARG PATCH_CMD="python3 /patcher-script.py" RUN $PATCH_CMD file /bin/create_bucket /patcher-script.d/patch_boto_s3.py -RUN $PATCH_CMD file /usr/local/bin/wal-e /patcher-script.d/patch_boto_s3.py +RUN $PATCH_CMD module wal_e.cmd /patcher-script.d/patch_boto_s3.py RUN $PATCH_CMD module wal_e.worker.worker_util /patcher-script.d/patch_wal_e_s3.py - CMD ["/docker-entrypoint.sh", "postgres"] EXPOSE 5432 diff --git a/charts/database/templates/database-deployment.yaml b/charts/database/templates/database-deployment.yaml index e588c09..9b232f9 100644 --- a/charts/database/templates/database-deployment.yaml +++ b/charts/database/templates/database-deployment.yaml @@ -45,7 +45,7 @@ spec: preStop: exec: command: - - gosu + - su-exec - postgres - do_backup readinessProbe: diff --git a/rootfs/bin/create_bucket b/rootfs/bin/create_bucket index e9caec9..c03dfe9 100755 --- a/rootfs/bin/create_bucket +++ b/rootfs/bin/create_bucket @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 import os diff --git a/rootfs/bin/is_running b/rootfs/bin/is_running index 4f66c3a..dd7aed5 100755 --- a/rootfs/bin/is_running +++ b/rootfs/bin/is_running @@ -8,4 +8,4 @@ if [[ -f "$PGDATA/recovery.conf" ]]; then exit 1 fi -gosu postgres pg_ctl status +su-exec postgres pg_ctl status diff --git a/rootfs/docker-entrypoint-initdb.d/003_restore_from_backup.sh b/rootfs/docker-entrypoint-initdb.d/003_restore_from_backup.sh index 5846881..e1992da 100755 --- a/rootfs/docker-entrypoint-initdb.d/003_restore_from_backup.sh +++ b/rootfs/docker-entrypoint-initdb.d/003_restore_from_backup.sh @@ -13,13 +13,13 @@ chmod 0700 "$PGDATA" # reboot the server for wal_level to be set before backing up echo "Rebooting postgres to enable archive mode" -gosu postgres pg_ctl -D "$PGDATA" -w restart +su-exec postgres pg_ctl -D "$PGDATA" -w restart # check if there are any backups -- if so, let's restore # we could probably do better than just testing number of lines -- one line is just a heading, meaning no backups if [[ $(envdir "$WALE_ENVDIR" wal-e --terse backup-list | wc -l) -gt "1" ]]; then echo "Found backups. Restoring from backup..." - gosu postgres pg_ctl -D "$PGDATA" -w stop + su-exec postgres pg_ctl -D "$PGDATA" -w stop rm -rf "$PGDATA/*" envdir "$WALE_ENVDIR" wal-e backup-fetch "$PGDATA" LATEST cat << EOF > "$PGDATA/postgresql.conf" @@ -50,7 +50,7 @@ EOF echo "restore_command = 'envdir /etc/wal-e.d/env wal-e wal-fetch \"%f\" \"%p\"'" >> "$PGDATA/recovery.conf" chown -R postgres:postgres "$PGDATA" chmod 0700 "$PGDATA" - gosu postgres pg_ctl -D "$PGDATA" \ + su-exec postgres pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start @@ -59,10 +59,13 @@ EOF do sleep 2 done + su-exec postgres pg_ctl -D "$PGDATA" \ + -o "-c listen_addresses=''" \ + -w restart fi echo "Performing an initial backup..." -gosu postgres envdir "$WALE_ENVDIR" wal-e backup-push "$PGDATA" +su-exec postgres envdir "$WALE_ENVDIR" wal-e backup-push "$PGDATA" # ensure $PGDATA has the right permissions chown -R postgres:postgres "$PGDATA" diff --git a/rootfs/docker-entrypoint-initdb.d/004_run_backups.sh b/rootfs/docker-entrypoint-initdb.d/004_run_backups.sh index d311bd4..54f7592 100755 --- a/rootfs/docker-entrypoint-initdb.d/004_run_backups.sh +++ b/rootfs/docker-entrypoint-initdb.d/004_run_backups.sh @@ -1,4 +1,4 @@ #!/usr/bin/env bash # Run periodic backups in the background -gosu postgres backup & +su-exec postgres backup & diff --git a/rootfs/docker-entrypoint.sh b/rootfs/docker-entrypoint.sh index 0913006..4ca4784 100755 --- a/rootfs/docker-entrypoint.sh +++ b/rootfs/docker-entrypoint.sh @@ -23,7 +23,7 @@ if [ "$1" = 'postgres' ]; then # look specifically for PG_VERSION, as it is expected in the DB dir if [ ! -s "$PGDATA/PG_VERSION" ]; then - gosu postgres initdb + su-exec postgres initdb # check password first so we can output the warning before postgres # messes it up @@ -54,7 +54,7 @@ if [ "$1" = 'postgres' ]; then # internal start of server in order to allow set-up using psql-client # does not listen on TCP/IP and waits until start finishes - gosu postgres pg_ctl -D "$PGDATA" \ + su-exec postgres pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start @@ -94,7 +94,7 @@ if [ "$1" = 'postgres' ]; then echo done - gosu postgres pg_ctl -D "$PGDATA" -m fast -w stop + su-exec postgres pg_ctl -D "$PGDATA" -m fast -w stop set_listen_addresses '*' echo @@ -102,7 +102,7 @@ if [ "$1" = 'postgres' ]; then echo fi - exec gosu postgres "$@" + exec su-exec postgres "$@" fi exec "$@" From 1086b75d5772c763eaebe4eccd985f5d3468c5ca Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Sun, 18 Nov 2018 07:40:58 +0800 Subject: [PATCH 5/6] chore(scripts): avoid different scripts doing the same thing --- Dockerfile | 1 + rootfs/bin/do_backup | 1 + .../003_restore_from_backup.sh | 12 ------------ 3 files changed, 2 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index e6118e0..b0397b9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,6 +16,7 @@ RUN mkdir -p $WALE_ENVDIR \ lzo \ pv \ util-linux \ + ca-certificates \ python3=3.5.6-r0 \ && pip3 install --upgrade pip setuptools \ && pip install --disable-pip-version-check --no-cache-dir \ diff --git a/rootfs/bin/do_backup b/rootfs/bin/do_backup index 10dcc6d..cd5b476 100755 --- a/rootfs/bin/do_backup +++ b/rootfs/bin/do_backup @@ -5,6 +5,7 @@ export BACKUPS_TO_RETAIN=${BACKUPS_TO_RETAIN:-5} echo "Performing a base backup..." if [[ -f "$PGDATA/recovery.conf" ]] ; then echo "Database is currently recovering from a backup. Aborting" + sleep 9 else # perform a backup envdir "$WALE_ENVDIR" wal-e backup-push "$PGDATA" diff --git a/rootfs/docker-entrypoint-initdb.d/003_restore_from_backup.sh b/rootfs/docker-entrypoint-initdb.d/003_restore_from_backup.sh index e1992da..a46c63d 100755 --- a/rootfs/docker-entrypoint-initdb.d/003_restore_from_backup.sh +++ b/rootfs/docker-entrypoint-initdb.d/003_restore_from_backup.sh @@ -53,20 +53,8 @@ EOF su-exec postgres pg_ctl -D "$PGDATA" \ -o "-c listen_addresses=''" \ -w start - - echo "Waiting for recovery completion..." - while [ ! -f "$PGDATA/recovery.done" ] - do - sleep 2 - done - su-exec postgres pg_ctl -D "$PGDATA" \ - -o "-c listen_addresses=''" \ - -w restart fi -echo "Performing an initial backup..." -su-exec postgres envdir "$WALE_ENVDIR" wal-e backup-push "$PGDATA" - # ensure $PGDATA has the right permissions chown -R postgres:postgres "$PGDATA" chmod 0700 "$PGDATA" From 90431d8df4c990acebe959fde75e3c22119bc502 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Sat, 24 Nov 2018 23:56:05 +0800 Subject: [PATCH 6/6] feat(wal-e): add WALE_S3_SSE environment variable --- charts/database/templates/database-deployment.yaml | 4 ++++ rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh | 5 +++++ rootfs/patcher-script.d/patch_wal_e_s3.py | 6 +++--- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/charts/database/templates/database-deployment.yaml b/charts/database/templates/database-deployment.yaml index 9b232f9..41f145a 100644 --- a/charts/database/templates/database-deployment.yaml +++ b/charts/database/templates/database-deployment.yaml @@ -41,6 +41,10 @@ spec: value: "{{.Values.global.storage}}" - name: PGCTLTIMEOUT value: "{{.Values.postgres.timeout}}" +{{- if eq .Values.global.storage "s3" }} + - name: S3_SSE + value: "{{.Values.s3.use_sse}}" +{{- end}} lifecycle: preStop: exec: diff --git a/rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh b/rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh index e2c00af..d18904f 100755 --- a/rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh +++ b/rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh @@ -17,6 +17,11 @@ if [[ "$DATABASE_STORAGE" == "s3" || "$DATABASE_STORAGE" == "minio" ]]; then else echo "https+path://s3-${AWS_REGION}.amazonaws.com:443" > WALE_S3_ENDPOINT fi + if [[ $S3_SSE ]]; then + echo $S3_SSE > WALE_S3_SSE + else + echo "false" > WALE_S3_SSE + fi else AWS_REGION="us-east-1" BUCKET_NAME="dbwal" diff --git a/rootfs/patcher-script.d/patch_wal_e_s3.py b/rootfs/patcher-script.d/patch_wal_e_s3.py index 1b2d4ea..fd248b3 100644 --- a/rootfs/patcher-script.d/patch_wal_e_s3.py +++ b/rootfs/patcher-script.d/patch_wal_e_s3.py @@ -7,10 +7,10 @@ def wrap_uri_put_file(creds, uri, fp, content_type=None, conn=None): k = s3_util._uri_to_key(creds, uri, conn=conn) if content_type is not None: k.content_type = content_type + encrypt_key = False if os.getenv('DATABASE_STORAGE') == 's3': - encrypt_key=True - else: - encrypt_key=False + if os.getenv('WALE_S3_SSE', 'false') == 'true': + encrypt_key = True k.set_contents_from_file(fp, encrypt_key=encrypt_key) return k s3.uri_put_file = wrap_uri_put_file