It’s a nightmare, it’s tricky, it isn’t reliable…
Second: why the heck somebody are still using Postgres 8.2? Well, don’t ask me…
If you are still here, let’s do it.
What’s the real problem here? Well, the key point is that Postgres has a very restrict acess to its directory $PGDATA (default path is $PG_HOME/data). The reason isn’t too much hard to find: it stores all databases files.
So the user that owns the Postgres process must be the same that owns the $PGDATA directory. Otherwise the process simply won’t run.
If you just run a default Postgres container, the things go smoothly. But you are not a default developer, so you may want to mount the “data” to an external directory in the host. This is where the things become funny (or not).
If you run Docker in Linux/Mac, don’t worry: just give the directory ownership to the same user that owns the Docker process. Run and sleep the sleeping of the just.
But if you are trying the Docker for Windows the things go a little further. For instance there is an issue opened at: https://github.com/docker/for-win/issues/39
In a happy Linux world you would do this mounting just like this:
docker run -d --name postgres \ -v /opt/postgres/data:/var/lib/postgresql/data -p 5432:5432 postgres
Don’t try this at home if yours is a Windows home. Docker will say to you that you that the host volume must be owned by the same user that owns the Docker process.
So you go happy and confident and change the directory ownership. Wrong! No result at all. Don’t change a thing, don’t move an inch.
Then you spend the whole night trying to handle this and begins to think it’s better to give up the project… When you realize you could handle it with Docker Volumes. Yay!
docker volume create --name postgres_data -d local
And now mount the $PGDATA to the just created volume
docker run -d --name postgres \ -v postgres_data:/var/lib/postgresql/data -p 5432:5432 postgres
And it worked! Awesome! Makes totally sense as the volume is managed by the Docker service itself so it handle its permission.
Let’s finally sleep and keep the client happy…
Not so fast. Your container is really working and you can access the Postgres as usual… until you decide to stop the container and run it again…
/var/lib/postgresql/data has group or world access
Long story short… for some reason that I don’t know and really don’t care Docker mess up with the permissions after it start the container just once.
Let’s dig a little deeper…
You must to manage this crazy permissions in the Dockerfile before the volume is defined. And you have to do it in a right defined order! Just like this:
ENV PGDATA /var/lib/postgresql/data RUN mkdir -p $PGDATA RUN chown -R postgres $PGDATA RUN chmod 0700 -R $PGDATA VOLUME /var/lib/postgresql/data
If you change this order it won’t work.
If you are using some image from Docker Hub I recommend you to take it’s Dockerfile and customized as you need, because if the original Dockerfile deal with this volume in a different way, doesn’t matter what you do… it will not work!
Hope it maybe useful for somebody!