Created
December 22, 2018 21:18
-
-
Save eladtamary/5fb6317d033284671dde9877a105775b to your computer and use it in GitHub Desktop.
Adding pgAudit to the official PostgreSQL docker image
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM postgres:9.6.8 | |
RUN apt-get update && apt-get install -y --no-install-recommends \ | |
curl \ | |
ca-certificates \ | |
build-essential \ | |
postgresql-server-dev-${PG_MAJOR} \ | |
libssl-dev \ | |
libkrb5-dev | |
RUN mkdir -p /tmp/pgaudit && cd /tmp/pgaudit && curl -L https://github.com/pgaudit/pgaudit/archive/1.1.1.tar.gz | tar xz --strip 1 | |
RUN make -C /tmp/pgaudit/ install USE_PGXS=1 | |
COPY ./my-docker-entrypoint.sh /usr/local/bin/ | |
COPY init.sql /docker-entrypoint-initdb.d/ | |
ENTRYPOINT ["my-docker-entrypoint.sh"] | |
CMD ["postgres"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CREATE ROLE auditor; | |
SET pgaudit.role TO 'auditor'; | |
ALTER SYSTEM SET pgaudit.role = 'auditor'; | |
SELECT pg_reload_conf(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
IS_AUDIT_LOG_ENABLED=${IS_AUDIT_LOG_ENABLED:-false} | |
echo "IS_AUDIT_LOG_ENABLED=$IS_AUDIT_LOG_ENABLED" | |
PGAUDIT_LOG_ARGS="" | |
if [ ${IS_AUDIT_LOG_ENABLED} = "true" ] ; then | |
PGAUDIT_LOG=${PGAUDIT_LOG:-} | |
echo "PGAUDIT_LOG=$PGAUDIT_LOG" | |
PGAUDIT_LOG_LEVEL=${PGAUDIT_LOG_LEVEL:-LOG} | |
echo "PGAUDIT_LOG_LEVEL=$PGAUDIT_LOG_LEVEL" | |
PGAUDIT_LOG_CATALOG=${PGAUDIT_LOG_CATALOG:-on} | |
echo "PGAUDIT_LOG_CATALOG=$PGAUDIT_LOG_CATALOG" | |
PGAUDIT_LOG_PARAMETER=${PGAUDIT_LOG_PARAMETER:-on} | |
echo "PGAUDIT_LOG_PARAMETER=$PGAUDIT_LOG_PARAMETER" | |
PGAUDIT_LOG_ARGS="-c shared_preload_libraries=pgaudit -c log_destination=csvlog -c logging_collector=on -c pgaudit.log=$PGAUDIT_LOG -c pgaudit.log_level=$PGAUDIT_LOG_LEVEL -c pgaudit.log_catalog=$PGAUDIT_LOG_CATALOG -c pgaudit.log_parameter=$PGAUDIT_LOG_PARAMETER " | |
echo "PGAUDIT_LOG_ARGS=$PGAUDIT_LOG_ARGS" | |
fi | |
echo Running cmd: docker-entrypoint.sh "$@" $PGAUDIT_LOG_ARGS | |
exec docker-entrypoint.sh "$@" $PGAUDIT_LOG_ARGS |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I've made docker image using your code. So you're welcome to maintain.