[WIP] Upgrade postgres to 10.1

Dockerfile

@@ -1,9 +1,9 @@
-FROM       phusion/baseimage:0.9.12
+FROM       phusion/baseimage:latest
 MAINTAINER Abe Voelker <[email protected]>
 
 ENV USERNAME postgres
 ENV PASSWORD password
-ENV VERSION  9.4
+ENV VERSION  10
 
 # Temporary hack around a Docker Hub `docker build` issue. See:
 # https://github.com/docker/docker/issues/6345#issuecomment-49245365
@@ -31,7 +31,7 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get update
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y wget
 
 # Add PostgreSQL Global Development Group apt source
-RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main" > /etc/apt/sources.list.d/pgdg.list
+RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ xenial-pgdg main" > /etc/apt/sources.list.d/pgdg.list
 
 # Add PGDG repository key
 RUN wget -qO - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt-key add -
@@ -48,20 +48,20 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get install -y \
 # Install WAL-E dependencies
   libxml2-dev \
   libxslt1-dev \
-  python-dev \
-  python-pip \
+  python3-dev \
+  python3-pip \
   daemontools \
   libevent-dev \
   lzop \
   pv \
   libffi-dev \
   libssl-dev &&\
-  pip install virtualenv
+  pip3 install virtualenv
 
 # Install WAL-E into a virtualenv
 RUN virtualenv /var/lib/postgresql/wal-e &&\
   . /var/lib/postgresql/wal-e/bin/activate &&\
-  pip install wal-e &&\
+  pip3 install wal-e google-cloud-storage &&\
   ln -s /var/lib/postgresql/wal-e/bin/wal-e /usr/local/bin/wal-e
 
 # Create directory for storing secret WAL-E environment variables
@@ -107,7 +107,7 @@ CMD ["/data/scripts/start_postgres.sh"]
 # Keep Postgres log, config and storage outside of union filesystem
 VOLUME ["/var/log/postgresql", \
         "/var/log/supervisor", \
-        "/etc/postgresql/9.4/main", \
-        "/var/lib/postgresql/9.4/main"]
+        "/etc/postgresql/10/main", \
+        "/var/lib/postgresql/10/main"]
 
 EXPOSE 5432

README.md

@@ -1,6 +1,6 @@
 # Postgres Dockerfile
 
-Docker image for Postgres 9.4 + WAL-E + PL/Python and PL/V8 languages
+Docker image for Postgres 10.1 + WAL-E + PL/Python and PL/V8 languages
 
 ## Basic usage
 
@@ -30,7 +30,7 @@ This image comes with [WAL-E][wal-e] for performing continuous archiving of Post
 
   ```
   PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-  0 2 * * * postgres envdir /etc/wal-e.d/env wal-e backup-push /var/lib/postgresql/9.4/main
+  0 2 * * * postgres envdir /etc/wal-e.d/env wal-e backup-push /var/lib/postgresql/10/main
   0 3 * * * postgres envdir /etc/wal-e.d/env wal-e delete --confirm retain 7
   ```
 
@@ -47,7 +47,7 @@ $ ls -1 /tmp/cron
 wal-e
 $ cat /tmp/cron/wal-e
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-0 2 * * * postgres envdir /etc/wal-e.d/env wal-e backup-push /var/lib/postgresql/9.4/main
+0 2 * * * postgres envdir /etc/wal-e.d/env wal-e backup-push /var/lib/postgresql/10/main
 0 3 * * * postgres envdir /etc/wal-e.d/env wal-e delete --confirm retain 7
 $ docker run -v /tmp/env:/etc/wal-e.d/env -v /tmp/cron:/etc/cron.d abevoelker/postgres /sbin/my_init
 *** Running /etc/rc.local...

pg_hba.conf

@@ -42,10 +42,10 @@
 # or "samenet" to match any address in any subnet that the server is
 # directly connected to.
 #
-# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
-# "krb5", "ident", "peer", "pam", "ldap", "radius" or "cert".  Note that
-# "password" sends passwords in clear text; "md5" is preferred since
-# it sends encrypted passwords.
+# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
+# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
+# Note that "password" sends passwords in clear text; "md5" or
+# "scram-sha-256" are preferred since they send encrypted passwords.
 #
 # OPTIONS are a set of options for the authentication in the format
 # NAME=VALUE.  The available options depend on the different
@@ -59,11 +59,11 @@
 # its special character, and just match a database or username with
 # that name.
 #
-# This file is read on server startup and when the postmaster receives
-# a SIGHUP signal.  If you edit the file on a running system, you have
-# to SIGHUP the postmaster for the changes to take effect.  You can
-# use "pg_ctl reload" to do that.
-
+# This file is read on server startup and when the server receives a
+# SIGHUP signal.  If you edit the file on a running system, you have to
+# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
+# or execute "SELECT pg_reload_conf()".
+#
 # Put your actual configuration here
 # ----------------------------------
 #
@@ -87,13 +87,13 @@ local   all             postgres                                peer
 # TYPE  DATABASE        USER            ADDRESS                 METHOD
 
 # "local" is for Unix domain socket connections only
-#local   all             all                                     peer
+local   all             all                                     peer
 # IPv4 connections:
 host    all             all             0.0.0.0/0               password
 # IPv6 connections:
 host    all             all             ::/0                    password
 # Allow replication connections from localhost, by a user with the
 # replication privilege.
-#local   replication     postgres                                peer
-#host    replication     postgres        127.0.0.1/32            md5
-#host    replication     postgres        ::1/128                 md5
+#local   replication     all                                     peer
+#host    replication     all             127.0.0.1/32            md5
+#host    replication     all             ::1/128                 md5

pg_hba.conf.default

@@ -42,10 +42,10 @@
 # or "samenet" to match any address in any subnet that the server is
 # directly connected to.
 #
-# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
-# "krb5", "ident", "peer", "pam", "ldap", "radius" or "cert".  Note that
-# "password" sends passwords in clear text; "md5" is preferred since
-# it sends encrypted passwords.
+# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
+# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
+# Note that "password" sends passwords in clear text; "md5" or
+# "scram-sha-256" are preferred since they send encrypted passwords.
 #
 # OPTIONS are a set of options for the authentication in the format
 # NAME=VALUE.  The available options depend on the different
@@ -59,11 +59,11 @@
 # its special character, and just match a database or username with
 # that name.
 #
-# This file is read on server startup and when the postmaster receives
-# a SIGHUP signal.  If you edit the file on a running system, you have
-# to SIGHUP the postmaster for the changes to take effect.  You can
-# use "pg_ctl reload" to do that.
-
+# This file is read on server startup and when the server receives a
+# SIGHUP signal.  If you edit the file on a running system, you have to
+# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
+# or execute "SELECT pg_reload_conf()".
+#
 # Put your actual configuration here
 # ----------------------------------
 #
@@ -88,12 +88,12 @@ local   all             postgres                                peer
 
 # "local" is for Unix domain socket connections only
 local   all             all                                     peer
-# IPv4 local connections:
-host    all             all             127.0.0.1/32            md5
-# IPv6 local connections:
-host    all             all             ::1/128                 md5
+# IPv4 connections:
+host    all             all             0.0.0.0/0               password
+# IPv6 connections:
+host    all             all             ::/0                    password
 # Allow replication connections from localhost, by a user with the
 # replication privilege.
-#local   replication     postgres                                peer
-#host    replication     postgres        127.0.0.1/32            md5
-#host    replication     postgres        ::1/128                 md5
+#local   replication     all                                     peer
+#host    replication     all             127.0.0.1/32            md5
+#host    replication     all             ::1/128                 md5