Skip to content

Latest commit

 

History

History
825 lines (581 loc) · 25.3 KB

README.md

File metadata and controls

825 lines (581 loc) · 25.3 KB

dokku postgres Build Status IRC Network

Official postgres plugin for dokku. Currently defaults to installing postgres 17.2.

Requirements

  • dokku 0.19.x+
  • docker 1.8.x

Installation

# on 0.19.x+
sudo dokku plugin:install https://github.com/dokku/dokku-postgres.git postgres

Commands

postgres:app-links <app>                           # list all postgres service links for a given app
postgres:backup <service> <bucket-name> [--use-iam] # create a backup of the postgres service to an existing s3 bucket
postgres:backup-auth <service> <aws-access-key-id> <aws-secret-access-key> <aws-default-region> <aws-signature-version> <endpoint-url> # set up authentication for backups on the postgres service
postgres:backup-deauth <service>                   # remove backup authentication for the postgres service
postgres:backup-schedule <service> <schedule> <bucket-name> [--use-iam] # schedule a backup of the postgres service
postgres:backup-schedule-cat <service>             # cat the contents of the configured backup cronfile for the service
postgres:backup-set-encryption <service> <passphrase> # set encryption for all future backups of postgres service
postgres:backup-set-public-key-encryption <service> <public-key-id> # set GPG Public Key encryption for all future backups of postgres service
postgres:backup-unschedule <service>               # unschedule the backup of the postgres service
postgres:backup-unset-encryption <service>         # unset encryption for future backups of the postgres service
postgres:backup-unset-public-key-encryption <service> # unset GPG Public Key encryption for future backups of the postgres service
postgres:clone <service> <new-service> [--clone-flags...] # create container <new-name> then copy data from <name> into <new-name>
postgres:connect <service>                         # connect to the service via the postgres connection tool
postgres:create <service> [--create-flags...]      # create a postgres service
postgres:destroy <service> [-f|--force]            # delete the postgres service/data/container if there are no links left
postgres:enter <service>                           # enter or run a command in a running postgres service container
postgres:exists <service>                          # check if the postgres service exists
postgres:export <service>                          # export a dump of the postgres service database
postgres:expose <service> <ports...>               # expose a postgres service on custom host:port if provided (random port on the 0.0.0.0 interface if otherwise unspecified)
postgres:import <service>                          # import a dump into the postgres service database
postgres:info <service> [--single-info-flag]       # print the service information
postgres:link <service> <app> [--link-flags...]    # link the postgres service to the app
postgres:linked <service> <app>                    # check if the postgres service is linked to an app
postgres:links <service>                           # list all apps linked to the postgres service
postgres:list                                      # list all postgres services
postgres:logs <service> [-t|--tail] <tail-num-optional> # print the most recent log(s) for this service
postgres:pause <service>                           # pause a running postgres service
postgres:promote <service> <app>                   # promote service <service> as DATABASE_URL in <app>
postgres:restart <service>                         # graceful shutdown and restart of the postgres service container
postgres:set <service> <key> <value>               # set or clear a property for a service
postgres:start <service>                           # start a previously stopped postgres service
postgres:stop <service>                            # stop a running postgres service
postgres:unexpose <service>                        # unexpose a previously exposed postgres service
postgres:unlink <service> <app>                    # unlink the postgres service from the app
postgres:upgrade <service> [--upgrade-flags...]    # upgrade service <service> to the specified versions

Usage

Help for any commands can be displayed by specifying the command as an argument to postgres:help. Plugin help output in conjunction with any files in the docs/ folder is used to generate the plugin documentation. Please consult the postgres:help command for any undocumented commands.

Basic Usage

create a postgres service

# usage
dokku postgres:create <service> [--create-flags...]

flags:

  • -c|--config-options "--args --go=here": extra arguments to pass to the container create command (default: None)
  • -C|--custom-env "USER=alpha;HOST=beta": semi-colon delimited environment variables to start the service with
  • -i|--image IMAGE: the image name to start the service with
  • -I|--image-version IMAGE_VERSION: the image version to start the service with
  • -m|--memory MEMORY: container memory limit in megabytes (default: unlimited)
  • -N|--initial-network INITIAL_NETWORK: the initial network to attach the service to
  • -p|--password PASSWORD: override the user-level service password
  • -P|--post-create-network NETWORKS: a comma-separated list of networks to attach the service container to after service creation
  • -r|--root-password PASSWORD: override the root-level service password
  • -S|--post-start-network NETWORKS: a comma-separated list of networks to attach the service container to after service start
  • -s|--shm-size SHM_SIZE: override shared memory size for postgres docker container

Create a postgres service named lollipop:

dokku postgres:create lollipop

You can also specify the image and image version to use for the service. It must be compatible with the postgres image.

export POSTGRES_IMAGE="postgres"
export POSTGRES_IMAGE_VERSION="${PLUGIN_IMAGE_VERSION}"
dokku postgres:create lollipop

You can also specify custom environment variables to start the postgres service in semicolon-separated form.

export POSTGRES_CUSTOM_ENV="USER=alpha;HOST=beta"
dokku postgres:create lollipop

Official Postgres "$DOCKER_BIN" image ls does not include postgis extension (amongst others). The following example creates a new postgres service using postgis/postgis:13-3.1 image, which includes the postgis extension.

# use the appropriate image-version for your use-case
dokku postgres:create postgis-database --image "postgis/postgis" --image-version "13-3.1"

To use pgvector instead, run the following:

# use the appropriate image-version for your use-case
dokku postgres:create pgvector-database --image "pgvector/pgvector" --image-version "pg17"

print the service information

# usage
dokku postgres:info <service> [--single-info-flag]

flags:

  • --config-dir: show the service configuration directory
  • --data-dir: show the service data directory
  • --dsn: show the service DSN
  • --exposed-ports: show service exposed ports
  • --id: show the service container id
  • --internal-ip: show the service internal ip
  • --initial-network: show the initial network being connected to
  • --links: show the service app links
  • --post-create-network: show the networks to attach to after service container creation
  • --post-start-network: show the networks to attach to after service container start
  • --service-root: show the service root directory
  • --status: show the service running status
  • --version: show the service image version

Get connection information as follows:

dokku postgres:info lollipop

You can also retrieve a specific piece of service info via flags:

dokku postgres:info lollipop --config-dir
dokku postgres:info lollipop --data-dir
dokku postgres:info lollipop --dsn
dokku postgres:info lollipop --exposed-ports
dokku postgres:info lollipop --id
dokku postgres:info lollipop --internal-ip
dokku postgres:info lollipop --initial-network
dokku postgres:info lollipop --links
dokku postgres:info lollipop --post-create-network
dokku postgres:info lollipop --post-start-network
dokku postgres:info lollipop --service-root
dokku postgres:info lollipop --status
dokku postgres:info lollipop --version

list all postgres services

# usage
dokku postgres:list

List all services:

dokku postgres:list

print the most recent log(s) for this service

# usage
dokku postgres:logs <service> [-t|--tail] <tail-num-optional>

flags:

  • -t|--tail [<tail-num>]: do not stop when end of the logs are reached and wait for additional output

You can tail logs for a particular service:

dokku postgres:logs lollipop

By default, logs will not be tailed, but you can do this with the --tail flag:

dokku postgres:logs lollipop --tail

The default tail setting is to show all logs, but an initial count can also be specified:

dokku postgres:logs lollipop --tail 5

link the postgres service to the app

# usage
dokku postgres:link <service> <app> [--link-flags...]

flags:

  • -a|--alias "BLUE_DATABASE": an alternative alias to use for linking to an app via environment variable
  • -q|--querystring "pool=5": ampersand delimited querystring arguments to append to the service link
  • -n|--no-restart "false": whether or not to restart the app on link (default: true)

A postgres service can be linked to a container. This will use native docker links via the docker-options plugin. Here we link it to our playground app.

NOTE: this will restart your app

dokku postgres:link lollipop playground

The following environment variables will be set automatically by docker (not on the app itself, so they won’t be listed when calling dokku config):

DOKKU_POSTGRES_LOLLIPOP_NAME=/lollipop/DATABASE
DOKKU_POSTGRES_LOLLIPOP_PORT=tcp://172.17.0.1:5432
DOKKU_POSTGRES_LOLLIPOP_PORT_5432_TCP=tcp://172.17.0.1:5432
DOKKU_POSTGRES_LOLLIPOP_PORT_5432_TCP_PROTO=tcp
DOKKU_POSTGRES_LOLLIPOP_PORT_5432_TCP_PORT=5432
DOKKU_POSTGRES_LOLLIPOP_PORT_5432_TCP_ADDR=172.17.0.1

The following will be set on the linked application by default:

DATABASE_URL=postgres://lollipop:SOME_PASSWORD@dokku-postgres-lollipop:5432/lollipop

The host exposed here only works internally in docker containers. If you want your container to be reachable from outside, you should use the expose subcommand. Another service can be linked to your app:

dokku postgres:link other_service playground

It is possible to change the protocol for DATABASE_URL by setting the environment variable POSTGRES_DATABASE_SCHEME on the app. Doing so will after linking will cause the plugin to think the service is not linked, and we advise you to unlink before proceeding.

dokku config:set playground POSTGRES_DATABASE_SCHEME=postgres2
dokku postgres:link lollipop playground

This will cause DATABASE_URL to be set as:

postgres2://lollipop:SOME_PASSWORD@dokku-postgres-lollipop:5432/lollipop

unlink the postgres service from the app

# usage
dokku postgres:unlink <service> <app>

flags:

  • -n|--no-restart "false": whether or not to restart the app on unlink (default: true)

You can unlink a postgres service:

NOTE: this will restart your app and unset related environment variables

dokku postgres:unlink lollipop playground

set or clear a property for a service

# usage
dokku postgres:set <service> <key> <value>

Set the network to attach after the service container is started:

dokku postgres:set lollipop post-create-network custom-network

Set multiple networks:

dokku postgres:set lollipop post-create-network custom-network,other-network

Unset the post-create-network value:

dokku postgres:set lollipop post-create-network

Service Lifecycle

The lifecycle of each service can be managed through the following commands:

connect to the service via the postgres connection tool

# usage
dokku postgres:connect <service>

Connect to the service via the postgres connection tool:

NOTE: disconnecting from ssh while running this command may leave zombie processes due to moby/moby#9098

dokku postgres:connect lollipop

enter or run a command in a running postgres service container

# usage
dokku postgres:enter <service>

A bash prompt can be opened against a running service. Filesystem changes will not be saved to disk.

NOTE: disconnecting from ssh while running this command may leave zombie processes due to moby/moby#9098

dokku postgres:enter lollipop

You may also run a command directly against the service. Filesystem changes will not be saved to disk.

dokku postgres:enter lollipop touch /tmp/test

expose a postgres service on custom host:port if provided (random port on the 0.0.0.0 interface if otherwise unspecified)

# usage
dokku postgres:expose <service> <ports...>

Expose the service on the service's normal ports, allowing access to it from the public interface (0.0.0.0):

dokku postgres:expose lollipop 5432

Expose the service on the service's normal ports, with the first on a specified ip adddress (127.0.0.1):

dokku postgres:expose lollipop 127.0.0.1:5432

unexpose a previously exposed postgres service

# usage
dokku postgres:unexpose <service>

Unexpose the service, removing access to it from the public interface (0.0.0.0):

dokku postgres:unexpose lollipop

promote service as DATABASE_URL in

# usage
dokku postgres:promote <service> <app>

If you have a postgres service linked to an app and try to link another postgres service another link environment variable will be generated automatically:

DOKKU_DATABASE_BLUE_URL=postgres://other_service:ANOTHER_PASSWORD@dokku-postgres-other-service:5432/other_service

You can promote the new service to be the primary one:

NOTE: this will restart your app

dokku postgres:promote other_service playground

This will replace DATABASE_URL with the url from other_service and generate another environment variable to hold the previous value if necessary. You could end up with the following for example:

DATABASE_URL=postgres://other_service:ANOTHER_PASSWORD@dokku-postgres-other-service:5432/other_service
DOKKU_DATABASE_BLUE_URL=postgres://other_service:ANOTHER_PASSWORD@dokku-postgres-other-service:5432/other_service
DOKKU_DATABASE_SILVER_URL=postgres://lollipop:SOME_PASSWORD@dokku-postgres-lollipop:5432/lollipop

start a previously stopped postgres service

# usage
dokku postgres:start <service>

Start the service:

dokku postgres:start lollipop

stop a running postgres service

# usage
dokku postgres:stop <service>

Stop the service and removes the running container:

dokku postgres:stop lollipop

pause a running postgres service

# usage
dokku postgres:pause <service>

Pause the running container for the service:

dokku postgres:pause lollipop

graceful shutdown and restart of the postgres service container

# usage
dokku postgres:restart <service>

Restart the service:

dokku postgres:restart lollipop

upgrade service to the specified versions

# usage
dokku postgres:upgrade <service> [--upgrade-flags...]

flags:

  • -c|--config-options "--args --go=here": extra arguments to pass to the container create command (default: None)
  • -C|--custom-env "USER=alpha;HOST=beta": semi-colon delimited environment variables to start the service with
  • -i|--image IMAGE: the image name to start the service with
  • -I|--image-version IMAGE_VERSION: the image version to start the service with
  • -N|--initial-network INITIAL_NETWORK: the initial network to attach the service to
  • -P|--post-create-network NETWORKS: a comma-separated list of networks to attach the service container to after service creation
  • -R|--restart-apps "true": whether or not to force an app restart (default: false)
  • -S|--post-start-network NETWORKS: a comma-separated list of networks to attach the service container to after service start
  • -s|--shm-size SHM_SIZE: override shared memory size for postgres docker container

You can upgrade an existing service to a new image or image-version:

dokku postgres:upgrade lollipop

Postgres does not handle upgrading data for major versions automatically (eg. 11 => 12). Upgrades should be done manually. Users are encouraged to upgrade to the latest minor release for their postgres version before performing a major upgrade.

While there are many ways to upgrade a postgres database, for safety purposes, it is recommended that an upgrade is performed by exporting the data from an existing database and importing it into a new database. This also allows testing to ensure that applications interact with the database correctly after the upgrade, and can be used in a staging environment.

The following is an example of how to upgrade a postgres database named lollipop-11 from 11.13 to 12.8.

# stop any linked apps
dokku ps:stop linked-app

# export the database contents
dokku postgres:export lollipop-11 > /tmp/lollipop-11.export

# create a new database at the desired version
dokku postgres:create lollipop-12 --image-version 12.8

# import the export file
dokku postgres:import lollipop-12 < /tmp/lollipop-11.export

# run any sql tests against the new database to verify the import went smoothly

# unlink the old database from your apps
dokku postgres:unlink lollipop-11 linked-app

# link the new database to your apps
dokku postgres:link lollipop-12 linked-app

# start the linked apps again
dokku ps:start linked-app

Service Automation

Service scripting can be executed using the following commands:

list all postgres service links for a given app

# usage
dokku postgres:app-links <app>

List all postgres services that are linked to the playground app.

dokku postgres:app-links playground

create container then copy data from into

# usage
dokku postgres:clone <service> <new-service> [--clone-flags...]

flags:

  • -c|--config-options "--args --go=here": extra arguments to pass to the container create command (default: None)
  • -C|--custom-env "USER=alpha;HOST=beta": semi-colon delimited environment variables to start the service with
  • -i|--image IMAGE: the image name to start the service with
  • -I|--image-version IMAGE_VERSION: the image version to start the service with
  • -m|--memory MEMORY: container memory limit in megabytes (default: unlimited)
  • -N|--initial-network INITIAL_NETWORK: the initial network to attach the service to
  • -p|--password PASSWORD: override the user-level service password
  • -P|--post-create-network NETWORKS: a comma-separated list of networks to attach the service container to after service creation
  • -r|--root-password PASSWORD: override the root-level service password
  • -S|--post-start-network NETWORKS: a comma-separated list of networks to attach the service container to after service start
  • -s|--shm-size SHM_SIZE: override shared memory size for postgres docker container

You can clone an existing service to a new one:

dokku postgres:clone lollipop lollipop-2

check if the postgres service exists

# usage
dokku postgres:exists <service>

Here we check if the lollipop postgres service exists.

dokku postgres:exists lollipop

check if the postgres service is linked to an app

# usage
dokku postgres:linked <service> <app>

Here we check if the lollipop postgres service is linked to the playground app.

dokku postgres:linked lollipop playground

list all apps linked to the postgres service

# usage
dokku postgres:links <service>

List all apps linked to the lollipop postgres service.

dokku postgres:links lollipop

Data Management

The underlying service data can be imported and exported with the following commands:

import a dump into the postgres service database

# usage
dokku postgres:import <service>

Import a datastore dump:

dokku postgres:import lollipop < data.dump

export a dump of the postgres service database

# usage
dokku postgres:export <service>

By default, datastore output is exported to stdout:

dokku postgres:export lollipop

You can redirect this output to a file:

dokku postgres:export lollipop > data.dump

Note that the export will result in a file containing the binary postgres export data. It can be converted to plain text using pg_restore as follows

pg_restore data.dump -f plain.sql

Backups

Datastore backups are supported via AWS S3 and S3 compatible services like minio.

You may skip the backup-auth step if your dokku install is running within EC2 and has access to the bucket via an IAM profile. In that case, use the --use-iam option with the backup command.

Backups can be performed using the backup commands:

set up authentication for backups on the postgres service

# usage
dokku postgres:backup-auth <service> <aws-access-key-id> <aws-secret-access-key> <aws-default-region> <aws-signature-version> <endpoint-url>

Setup s3 backup authentication:

dokku postgres:backup-auth lollipop AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY

Setup s3 backup authentication with different region:

dokku postgres:backup-auth lollipop AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_REGION

Setup s3 backup authentication with different signature version and endpoint:

dokku postgres:backup-auth lollipop AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_REGION AWS_SIGNATURE_VERSION ENDPOINT_URL

More specific example for minio auth:

dokku postgres:backup-auth lollipop MINIO_ACCESS_KEY_ID MINIO_SECRET_ACCESS_KEY us-east-1 s3v4 https://YOURMINIOSERVICE

remove backup authentication for the postgres service

# usage
dokku postgres:backup-deauth <service>

Remove s3 authentication:

dokku postgres:backup-deauth lollipop

create a backup of the postgres service to an existing s3 bucket

# usage
dokku postgres:backup <service> <bucket-name> [--use-iam]

flags:

  • -u|--use-iam: use the IAM profile associated with the current server

Backup the lollipop service to the my-s3-bucket bucket on AWS:`

dokku postgres:backup lollipop my-s3-bucket --use-iam

Restore a backup file (assuming it was extracted via tar -xf backup.tgz):

dokku postgres:import lollipop < backup-folder/export

set encryption for all future backups of postgres service

# usage
dokku postgres:backup-set-encryption <service> <passphrase>

Set the GPG-compatible passphrase for encrypting backups for backups:

dokku postgres:backup-set-encryption lollipop

set GPG Public Key encryption for all future backups of postgres service

# usage
dokku postgres:backup-set-public-key-encryption <service> <public-key-id>

Set the GPG Public Key for encrypting backups:

dokku postgres:backup-set-public-key-encryption lollipop

unset encryption for future backups of the postgres service

# usage
dokku postgres:backup-unset-encryption <service>

Unset the GPG encryption passphrase for backups:

dokku postgres:backup-unset-encryption lollipop

unset GPG Public Key encryption for future backups of the postgres service

# usage
dokku postgres:backup-unset-public-key-encryption <service>

Unset the GPG Public Key encryption for backups:

dokku postgres:backup-unset-public-key-encryption lollipop

schedule a backup of the postgres service

# usage
dokku postgres:backup-schedule <service> <schedule> <bucket-name> [--use-iam]

flags:

  • -u|--use-iam: use the IAM profile associated with the current server

Schedule a backup:

'schedule' is a crontab expression, eg. "0 3 * * *" for each day at 3am

dokku postgres:backup-schedule lollipop "0 3 * * *" my-s3-bucket

Schedule a backup and authenticate via iam:

dokku postgres:backup-schedule lollipop "0 3 * * *" my-s3-bucket --use-iam

cat the contents of the configured backup cronfile for the service

# usage
dokku postgres:backup-schedule-cat <service>

Cat the contents of the configured backup cronfile for the service:

dokku postgres:backup-schedule-cat lollipop

unschedule the backup of the postgres service

# usage
dokku postgres:backup-unschedule <service>

Remove the scheduled backup from cron:

dokku postgres:backup-unschedule lollipop

Disabling docker image pull calls

If you wish to disable the docker image pull calls that the plugin triggers, you may set the POSTGRES_DISABLE_PULL environment variable to true. Once disabled, you will need to pull the service image you wish to deploy as shown in the stderr output.

Please ensure the proper images are in place when docker image pull is disabled.