how to set sshd service to start automatically in official postgresql docker image

Question

I am trying to create a postgres pgpool cluster across multiple docker hosts.

I am trying to do something like;

entrypoint: ["bash -c '/usr/local/bin/docker-entrypoint.sh postgres && service ssh start'"]

I added openssh-server to the postgres:13-bullseye image but cannot get the sshd service to start when the container is started.

I have also tried to put both the postgres entrypoint and the service ssh start command together in the doker file entrypoint.

I tried adding an entry point to the docker file and a command in the docker compose file but this interferes with the postgres database starting.

I am not quite finished with the cluster configuration, but would like to solve the sshd service problem first.

my dockerfile:

    FROM postgres:13-bullseye AS build

    USER root

    ENV http_proxy="http://gateway.zscloud.net:9480" ENV https_proxy="http://gateway.zscloud.net:9480" ENV no_proxy="127.0.0.1, localhost, 192.168., 10."

    COPY postgres-*.sh /docker-entrypoint-initdb.d/

    RUN mkdir /run/sshd && apt-get update && apt-get install -y openssh-server pgpool2 gosu sudo && apt-get clean && echo "postgres ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/postgres && mkdir /var/lib/postgresql/.ssh && chown postgres:postgres /var/lib/postgresql/.ssh && chmod 755 /docker-entrypoint-initdb.d/postgres-*.sh

my docker-compose file:

    version: '3.1'
    services:
      postgresql:
        build:
          context: .
          dockerfile: Dockerfile
        container_name: pg_${HOSTNAME}
        hostname: pg_${HOSTNAME}
        environment:
          - http_proxy=http://gateway.zscloud.net:9480
          - https_proxy=http://gateway.zscloud.net:9480
          - no_proxy=127.0.0.1, localhost, 192.168.*, 10.*
          - POSTGRES_USER=postgres
          - POSTGRES_PASSWORD=postgres
          - PGDATA=/var/lib/postgresql/data
        ports:
          - '2345:5432'
        volumes: 
          - postgres_home:/var/lib/postgresql
          - postgres_data:/var/lib/postgresql/data
          - pgpool_etc:/etc/pgpool2
        networks:
          postgresql:
            ipv4_address: 10.0.3.1
    volumes:
      postgres_home:
        driver: local
      postgres_data:
        driver: local
      pgpool_etc:
        driver: local
    networks:
      postgresql:
        external: true

my postgres-init.sh file:

    #!/bin/sh
    set -e

    cat << EOF >> /var/lib/postgresql/data/pg_hba.conf
    host replication replicator 10.0.3.1/32 trust
    host replication replicator 10.0.3.2/32 trust
    host replication replicator 10.0.3.3/32 trust
    host replication replicator 10.0.3.4/32 trust
    host all         all        all         scram-sha-256
    EOF

    cat << EOF >> /var/lib/postgresql/.bash_profile
    export http_proxy="http://gateway.zscloud.net:9480"
    export https_proxy="http://gateway.zscloud.net:9480"
    export no_proxy="127.0.0.1, localhost, 192.168.*, 10.*"
    export POSTGRES_USER=postgres
    export POSTGRES_PASSWORD=postgres
    export PGDATA=/var/lib/postgresql/data
    export PGPASSFILE="~/.pgpass"
    EOF

    cd ~/.ssh ; ssh-keygen -t rsa -b 2048 -q -N "" -f ~/.ssh/id_rsa

    cat << EOF >> /var/lib/postgresql/.pgpass
    *:*:*:pgpool:pgpool
    *:*:*:replicator:replicator
    *:*:*:postgres:postgres
    EOF

    cd ~/data

    cat << EOF >> /var/lib/postgresql/data/openssl.conf 
    [req]
    default_bits = 2048
    prompt = no
    default_md = sha256
    req_extensions = req_ext
    distinguished_name = dn

    [ dn ]
    C=DE
    ST=BW
    L=Stuttgart
    O=Vector Informatik GmbH
    OU=Postgres
    CN=$HOSTNAME.vi.vector.int

    [ req_ext ]
    subjectAltName = @alt_names

    [ alt_names ]
    DNS.1 = $HOSTNAME.vi.vector.int
    DNS.2 = $HOSTNAME
    EOF

    openssl req -new -x509 -nodes -out server.crt -newkey rsa:2048 -keyout server.key -config /var/lib/postgresql/data/openssl.conf 

    cat << EOF >> /var/lib/postgresql/data/postgresql.conf
    listen_addresses = '*'
    password_encryption = scram-sha-256
    ssl = on

    archive_mode = on
    archive_command = 'cp "%p" "/var/lib/postgresql/data/wal_archive/%f"'
    max_wal_senders = 100
    max_replication_slots = 10
    wal_level = replica
    hot_standby = on
    wal_log_hints = on
    primary_conninfo = 'user=replicator password=replicator host=10.0.3.3 port=5432 sslmode=prefer sslcompression=1'
    primary_slot_name = '$HOSTNAME'
    wal_keep_size = 100

    synchronous_commit = on
    synchronous_standby_names = 'ANY 1(*)'
      
    EOF

    mkdir /var/lib/postgresql/data/wal_archive

    psql << END_OF_SQL
        SET password_encryption = 'scram-sha-256';
        ALTER USER postgres PASSWORD 'postgres';
        CREATE ROLE pgpool WITH LOGIN;
        CREATE ROLE replicator WITH REPLICATION LOGIN;
        ALTER USER pgpool PASSWORD 'pgpool';
        ALTER USER replicator PASSWORD 'replicator';
        GRANT pg_monitor TO pgpool;
    END_OF_SQL

Answer 1

I was looking for use of SSH in my postgres docker too for another purpose and I finally achieved to have it running at start, in your dockerfile, set postgres as sudoer with no password with:

RUN echo "postgres   ALL = (ALL) NOPASSWD:ALL" >> /etc/sudoers

In your init script, add:

sudo service ssh start