Description
What is the bug or the crash?
It seems that the function non_root_permission is called on every startup, however it takes a long time to check each path (some more than others) and I propose that some of these chmod may be defined in the Dockerfile instead of having to be set on startup. Such as /var/lib/
I modified the non_root_permission function to provide timings per path it goes over:
function non_root_permission() {
USER="$1"
GROUP="$2"
path_envs=("${DATADIR}" "${WAL_ARCHIVE}" "${SCRIPTS_LOCKFILE_DIR}" "${CONF_LOCKFILE_DIR}" "${EXTRA_CONF_DIR}" "${SSL_DIR}" "${POSTGRES_INITDB_WALDIR}")
echo "[$(date +%T)] Starting permission checks..."
for dir_names in "${path_envs[@]}";do
if [ ! -z "${dir_names}" ];then
echo "[$(date +%T)] Checking path: ${dir_names}"
directory_checker "${dir_names}"
echo "[$(date +%T)] Finished path: ${dir_names}"
fi
done
services=("/usr/lib/postgresql/" "/etc/" "/var/log/postgresql" "/var/run/!(secrets)" "/var/lib/" "/usr/bin" "/tmp" "/scripts")
for paths in "${services[@]}"; do
echo "[$(date +%T)] Checking service path: ${paths}"
directory_checker "${paths}"
echo "[$(date +%T)] Finished service path: ${paths}"
done
echo "[$(date +%T)] Starting recursive chmod..."
chmod -R 750 "${DATADIR}" ${WAL_ARCHIVE}
echo "[$(date +%T)] Finished recursive chmod."
}Here is the output that I got:
[14:04:45] Starting permission checks...
[14:04:45] Checking path: /var/lib/postgresql/17/main
[14:04:45] Finished path: /var/lib/postgresql/17/main
[14:04:45] Checking path: /opt/archivedir
[14:04:45] Finished path: /opt/archivedir
[14:04:45] Checking path: /docker-entrypoint-initdb.d
[14:04:45] Finished path: /docker-entrypoint-initdb.d
[14:04:45] Checking path: /settings
[14:04:45] Finished path: /settings
[14:04:45] Checking path: /settings
[14:04:45] Finished path: /settings
[14:04:45] Checking path: /ssl_certificates
[14:04:45] Finished path: /ssl_certificates
[14:04:45] Checking service path: /usr/lib/postgresql/
[14:04:57] Finished service path: /usr/lib/postgresql/
[14:04:57] Checking service path: /etc/
[14:04:59] Finished service path: /etc/
[14:04:59] Checking service path: /var/log/postgresql
[14:04:59] Finished service path: /var/log/postgresql
[14:04:59] Checking service path: /var/run/!(secrets)
[14:04:59] Finished service path: /var/run/!(secrets)
[14:04:59] Checking service path: /var/lib/
[14:05:16] Finished service path: /var/lib/
[14:05:16] Checking service path: /usr/bin
[14:05:21] Finished service path: /usr/bin
[14:05:21] Checking service path: /tmp
[14:05:21] Finished service path: /tmp
[14:05:21] Checking service path: /scripts
[14:05:24] Finished service path: /scripts
[14:05:24] Starting recursive chmod...
[14:05:24] Finished recursive chmod.NOTE :Anecdotally i recall this being faster previously (hence the bug card) but this is not something I can find support for when i see the
git logof changes to these files - feel free to close if that is not the case however.
Steps to reproduce the issue
docker run \ 10s
--rm \
-d \
--name test-db \
-e POSTGRES_USER=docker \
-e POSTGRES_PASSWORD=docker \
kartoza/postgis:17-3.5I used a modified env-data.sh mounted with the above mentioned timings:
docker run \
--rm \
-d \
--name test-db \
-e POSTGRES_USER=docker \
-e POSTGRES_PASSWORD=docker \
-v "$(pwd)/env-data.sh:/scripts/env-data.sh" \
kartoza/postgis:17-5.3Versions
17-5.3
Additional context
I use the image for CI/CD to run pgtap tests and thats the reason the time before the image is ready matters to me.