diff --git a/entrypoint.postgres.sh.tmpl b/entrypoint.postgres.sh.tmpl index 8174cda..cbd032b 100644 --- a/entrypoint.postgres.sh.tmpl +++ b/entrypoint.postgres.sh.tmpl @@ -30,16 +30,29 @@ if [ -f $PGDATA/PG_VERSION ]; then apt-get update && apt-get install -y --no-install-recommends \ postgresql-$DATA_VERSION \ && rm -rf /var/lib/apt/lists/* + # pg_upgrade must run as the old cluster's bootstrap superuser (the "install + # user", oid 10), and the new cluster must be initialised with that same + # user. It is not necessarily $POSTGRES_USER (e.g. clusters created with the + # default "postgres" superuser and a separate app role), so read it from the + # old cluster: briefly start it and ask, connecting as the app role we know. + PGBIN=/usr/lib/postgresql/$DATA_VERSION/bin + gosu postgres $PGBIN/pg_ctl -D $PGDATA -w \ + -o "-c listen_addresses= -c unix_socket_directories=/tmp" start + INSTALL_USER=$(gosu postgres psql -h /tmp -U "$POSTGRES_USER" -d postgres -tAc \ + "select rolname from pg_roles where oid = 10") + gosu postgres $PGBIN/pg_ctl -D $PGDATA -w stop + echo "old cluster install user: $INSTALL_USER" echo "shuffling around" gosu postgres mkdir $OLDDATA $NEWDATA chmod 700 $OLDDATA $NEWDATA mv $PGDATA/* $OLDDATA/ || true echo "running initdb" - # abuse entrypoint script for initdb by making server error out - gosu postgres bash -c "export PGDATA=$NEWDATA ; /usr/local/bin/docker-entrypoint.sh --invalid-arg || true" + # abuse entrypoint script for initdb by making server error out; initialise + # the new cluster with the same superuser as the old one so pg_upgrade matches + gosu postgres bash -c "export PGDATA=$NEWDATA POSTGRES_USER=$INSTALL_USER ; /usr/local/bin/docker-entrypoint.sh --invalid-arg || true" echo "running pg_upgrade" cd /tmp - gosu postgres pg_upgrade --link -b /usr/lib/postgresql/$DATA_VERSION/bin -d $OLDDATA -D $NEWDATA -U $POSTGRES_USER + gosu postgres pg_upgrade --link -b /usr/lib/postgresql/$DATA_VERSION/bin -d $OLDDATA -D $NEWDATA -U $INSTALL_USER cp $OLDDATA/pg_hba.conf $NEWDATA/ mv $NEWDATA/* $PGDATA rm -rf $OLDDATA