Unset NOTIFY_SOCKET when running the temporary server. #1325
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some container runtimes, such as podman, can expose a notify socket when used in combination with systemd. The socket's path is available in the `NOTIFY_SOCKET` envirionment variable. Postgres has native support for this notification socket, and will write a `READY=1` message once it is ready and accepting connections. Unfortunately, the temporary server used by the `docker-entrypoint.sh` to populate the database also sends a message on the socket, making it appear as though the container is ready and serving connections when it is not. To avoid this issue we need to unset the NOTIFY_SOCKET envirionment variable before starting the temporary server. The real server will eventually find the socket and send the appropriate message. The easiest way to test this is through the systemd-run command, which creates a transient service: ```sh systemd-run --user --service-type=notify \ podman run -e POSTGRES_PASSWORD=password postgres ``` When looking at the logs for this command, prior to this change systemd prints a "Started" message mid-way through the container startup (I've omitted a lot of irrelevant lines for the sake of brevity): ``` systemd[2970]: Starting run-r916adefbc19c4465a1b0afc892980bd6.service - /usr/bin/podman run --log-driver none -e POSTGRES_PASSWORD=password postgres... [...] podman[851405]: waiting for server to start....2025-02-25 17:37:39.378 UTC [48] LOG: starting PostgreSQL 17.4 (Debian 17.4-1.pgdg120+2) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit podman[851405]: 2025-02-25 17:37:39.381 UTC [48] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432" podman[851405]: 2025-02-25 17:37:39.393 UTC [51] LOG: database system was shut down at 2025-02-25 17:37:39 UTC podman[851405]: 2025-02-25 17:37:39.400 UTC [48] LOG: database system is ready to accept connections systemd[2970]: Started run-r916adefbc19c4465a1b0afc892980bd6.service - /usr/bin/podman run --log-driver none -e POSTGRES_PASSWORD=password postgres. podman[851405]: done podman[851405]: server started podman[851405]: /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/* podman[851405]: waiting for server to shut down...2025-02-25 17:37:39.520 UTC [48] LOG: received fast shutdown request [...] podman[851405]: 2025-02-25 17:37:39.556 UTC [48] LOG: database system is shut down podman[851405]: done podman[851405]: server stopped podman[851405]: PostgreSQL init process complete; ready for start up. podman[851405]: 2025-02-25 17:37:39.677 UTC [1] LOG: starting PostgreSQL 17.4 (Debian 17.4-1.pgdg120+2) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit podman[851405]: 2025-02-25 17:37:39.677 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432 podman[851405]: 2025-02-25 17:37:39.677 UTC [1] LOG: listening on IPv6 address "::", port 5432 podman[851405]: 2025-02-25 17:37:39.684 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432" podman[851405]: 2025-02-25 17:37:39.693 UTC [62] LOG: database system was shut down at 2025-02-25 17:37:39 UTC podman[851405]: 2025-02-25 17:37:39.700 UTC [1] LOG: database system is ready to accept connections ``` After applying this change, the log output is very similar except the log line from systemd is moved to the very end, after the database server has started listening on the IPv4 and IPv6 addresses.
tianon
reviewed
Feb 25, 2025
docker-entrypoint.sh
Outdated
Comment on lines
272
to
279
| # Unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify | ||
| # any process supervisor. | ||
| env \ | ||
| --unset NOTIFY_SOCKET \ | ||
| PGUSER="${PGUSER:-$POSTGRES_USER}" \ | ||
| pg_ctl -D "$PGDATA" \ | ||
| -o "$(printf '%q ' "$@")" \ | ||
| -w start |
There was a problem hiding this comment.
Just setting it to the empty value should be sufficient, right?
Suggested change
| # Unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify | |
| # any process supervisor. | |
| env \ | |
| --unset NOTIFY_SOCKET \ | |
| PGUSER="${PGUSER:-$POSTGRES_USER}" \ | |
| pg_ctl -D "$PGDATA" \ | |
| -o "$(printf '%q ' "$@")" \ | |
| -w start | |
| # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify any process supervisor | |
| NOTIFY_SOCKET= \ | |
| PGUSER="${PGUSER:-$POSTGRES_USER}" \ | |
| pg_ctl -D "$PGDATA" \ | |
| -o "$(printf '%q ' "$@")" \ | |
| -w start |
There was a problem hiding this comment.
Yes you're right. It is more concise this way. I've applied the suggested change and regenerated from the template.
plietar
force-pushed
the
unset-notify
branch
from
ec6055b to
184aaf6
Compare
yosifkit
approved these changes
Feb 27, 2025
docker-library-bot
added a commit
to docker-library-bot/official-images
that referenced
this pull request
Feb 27, 2025
Changes: - docker-library/postgres@cc254e8: Unset NOTIFY_SOCKET when running the temporary server. (docker-library/postgres#1325)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some container runtimes, such as podman, can expose a notify socket when used in combination with systemd. The socket's path is available in the
NOTIFY_SOCKETenvirionment variable.Postgres has native support for this notification socket, and will write a
READY=1message once it is ready and accepting connections. Unfortunately, the temporary server used by thedocker-entrypoint.shto populate the database also sends a message on the socket, making it appear as though the container is ready and serving connections when it is not.To avoid this issue we need to unset the NOTIFY_SOCKET envirionment variable before starting the temporary server. The real server will eventually find the socket and send the appropriate message.
The easiest way to test this is through the systemd-run command, which creates a transient service:
When looking at the logs for this command, prior to this change systemd prints a "Started" message mid-way through the container startup (I've omitted a lot of irrelevant lines for the sake of brevity):
After applying this change, the log output is very similar except the log line from systemd is moved to the very end, after the database server has started listening on the IPv4 and IPv6 addresses.