topic Re: IOX Docker Root issue in Edge Computing Infrastructure

IOX Docker Root issue

anlgrses — Tue, 09 Jul 2019 11:05:19 GMT

Hello,

I am currently trying to deploy a PostgreSQL container to IOX. The container works as expected at my local machine. However, when I deploy to IOX, the app is not started. The problem is, docker container does not work at IOX as works on the computer. I tried with different OS packages such as alpine, Ubuntu and, Debian. However, I can't start the PostgreSQL. There are a couple of problems,

1- When the container starts, user come as root.When the app boots up,

"root" execution of the PostgreSQL server is not permitted.
The server must be started under an unprivileged user ID to prevent
possible system security compromise.  See the documentation for
more information on how to properly start the server.
App postgU completed with exit code: 1
APP END TIME:1562667239

This error comes.

2- I can pass this error by just starting PostgreSQL from Postgres user as written below,

su -c '/usr/lib/postgresql/9.3/bin/postgres -D /var/lib/postgresql/9.3/main -c config_file=/etc/postgresql/9.3/main/postgresql.conf' postgres

3- However, when I run this command, other problems come up:

[283] FATAL:  could not open lock file "postmaster.pid": Permission denied

4- I tried to change the owner and root permission of the lock file. System returns me that :

# chmod 700 /var/lib/postgresql/9.3/main/postmaster.pid
chmod: changing permissions of '/var/lib/postgresql/9.3/main/postmaster.pid': Permission denied
# whoami
root

I have IR829. That's mean I can't deploy VM type applications. I have to do that on the IR829. Does anyone have an idea?

Re: IOX Docker Root issue

suressan — Wed, 10 Jul 2019 00:06:04 GMT

Could you pls share your dockerfile contents, package.yaml OR just app pkg.tar?

Also which version of IOx are you using in IR829 ?

Also generate techsupport snapshot from Local Manager System Troubleshoot tab and share the same.

Re: IOX Docker Root issue

anlgrses — Thu, 11 Jul 2019 10:02:15 GMT

Hi,

IOX version is 1.6.0.1.My Dockerfile is below:

FROM ubuntu:16.04

# Add the PostgreSQL PGP key to verify their Debian packages.
# It should be the same key as https://www.postgresql.org/media/keys/ACCC4CF8.asc
RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8


RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main" > /etc/apt/sources.list.d/pgdg.list


RUN apt-get update && apt-get install -y python-software-properties software-properties-common postgresql-9.3 postgresql-client-9.3 postgresql-contrib-9.3


RUN apt-get install sudo 

USER postgres


RUN    /etc/init.d/postgresql start &&\
    psql --command "CREATE USER docker WITH SUPERUSER PASSWORD 'cisco';" &&\
    createdb -O docker docker

# Adjusting PostgreSQL configuration so that remote connections to the
# database are possible.
RUN echo "host all  all    0.0.0.0/0  md5" >> /etc/postgresql/9.3/main/pg_hba.conf

# And add ``listen_addresses`` to ``/etc/postgresql/9.3/main/postgresql.conf``
RUN echo "listen_addresses='*'" >> /etc/postgresql/9.3/main/postgresql.conf

# Expose the PostgreSQL port
EXPOSE 5432

# Add VOLUMEs to allow backup of config, logs and databases
VOLUME  ["/etc/postgresql", "/var/log/postgresql", "/var/lib/postgresql"]

# Set the default command to run when starting the container
# This just for the local development.When deploying to IOX, removed from the dockerfile.It can still stay there.However, that doesn't make any sense.
CMD ["/usr/lib/postgresql/9.3/bin/postgres", "-D", "/var/lib/postgresql/9.3/main", "-c", "config_file=/etc/postgresql/9.3/main/postgresql.conf"]

My Package.yaml is below:

descriptor-schema-version: "2.5"

info:
  name: PostgreSQL
  description: "PostgreSQL"
  version: "1.0"
  author-link: "https://www.gursesanil.com"
  author-name: "SirAnil"

app:
  cpuarch: "x86_64"
  type: docker
  resources:
    profile: custom
    cpu: 120
    memory: 400
    disk: 2000
    network:
      -
        interface-name: eth0
        ports:
          tcp:
            - 5432
           

  startup:
    rootfs: rootfs.tar
    target: ["/usr/lib/postgresql/9.3/bin/postgres", "-D", "/var/lib/postgresql/9.3/main", "-c", "config_file=/etc/postgresql/9.3/main/postgresql.conf"]

Also I included the error log files. I tried a lot of images such as alpine, Debian, and Ubuntu. Log files differ. I also tried to install mysql but it didn't work.I am also including those log files.

Postgresql.log

"root" execution of the PostgreSQL server is not permitted.
The server must be started under an unprivileged user ID to prevent
possible system security compromise.  See the documentation for
more information on how to properly start the server.
App postgU completed with exit code: 1
APP END TIME:1562667239
Time taken by App : 0 minutes and 0 seconds.
Main process died, so dropping the container in to shell for debugging

MySql.log

/run.sh: line 78: [: ==: unary operator expected
/run.sh: line 82: [: ==: unary operator expected
=> Using an existing volume of MySQL
=> Starting MySQL ...
=> Waiting for confirmation of MySQL service startup, trying 0/60 ...
=> Waiting for confirmation of MySQL service startup, trying 1/60 ...
=> Waiting for confirmation of MySQL service startup, trying 2/60 ...
=> Waiting for confirmation of MySQL service startup, trying 3/60 ...
=> Waiting for confirmation of MySQL service startup, trying 4/60 ...
=> Waiting for confirmation of MySQL service startup, trying 5/60 ...
=> Waiting for confirmation of MySQL service startup, trying 6/60 ...
=> Waiting for confirmation of MySQL service startup, trying 7/60 ...
=> Waiting for confirmation of MySQL service startup, trying 8/60 ...
=> Waiting for confirmation of MySQL service startup, trying 9/60 ...
=> Waiting for confirmation of MySQL service startup, trying 10/60 ...
=> Waiting for confirmation of MySQL service startup, trying 11/60 ...
=> Waiting for confirmation of MySQL service startup, trying 12/60 ...
=> Waiting for confirmation of MySQL service startup, trying 13/60 ...
=> Waiting for confirmation of MySQL service startup, trying 14/60 ...
=> Waiting for confirmation of MySQL service startup, trying 15/60 ...
=> Waiting for confirmation of MySQL service startup, trying 16/60 ...
=> Waiting for confirmation of MySQL service startup, trying 17/60 ...
=> Waiting for confirmation of MySQL service startup, trying 18/60 ...
=> Waiting for confirmation of MySQL service startup, trying 19/60 ...
=> Waiting for confirmation of MySQL service startup, trying 20/60 ...
=> Waiting for confirmation of MySQL service startup, trying 21/60 ...
=> Waiting for confirmation of MySQL service startup, trying 22/60 ...
=> Waiting for confirmation of MySQL service startup, trying 23/60 ...
=> Waiting for confirmation of MySQL service startup, trying 24/60 ...
=> Waiting for confirmation of MySQL service startup, trying 25/60 ...
=> Waiting for confirmation of MySQL service startup, trying 26/60 ...
=> Waiting for confirmation of MySQL service startup, trying 27/60 ...
=> Waiting for confirmation of MySQL service startup, trying 28/60 ...
=> Waiting for confirmation of MySQL service startup, trying 29/60 ...
=> Waiting for confirmation of MySQL service startup, trying 30/60 ...
=> Waiting for confirmation of MySQL service startup, trying 31/60 ...
=> Waiting for confirmation of MySQL service startup, trying 32/60 ...
=> Waiting for confirmation of MySQL service startup, trying 33/60 ...
=> Waiting for confirmation of MySQL service startup, trying 34/60 ...
=> Waiting for confirmation of MySQL service startup, trying 35/60 ...
=> Waiting for confirmation of MySQL service startup, trying 36/60 ...
=> Waiting for confirmation of MySQL service startup, trying 37/60 ...
=> Waiting for confirmation of MySQL service startup, trying 38/60 ...
=> Waiting for confirmation of MySQL service startup, trying 39/60 ...
=> Waiting for confirmation of MySQL service startup, trying 40/60 ...
=> Waiting for confirmation of MySQL service startup, trying 41/60 ...
=> Waiting for confirmation of MySQL service startup, trying 42/60 ...
=> Waiting for confirmation of MySQL service startup, trying 43/60 ...
=> Waiting for confirmation of MySQL service startup, trying 44/60 ...
=> Waiting for confirmation of MySQL service startup, trying 45/60 ...
=> Waiting for confirmation of MySQL service startup, trying 46/60 ...
=> Waiting for confirmation of MySQL service startup, trying 47/60 ...
=> Waiting for confirmation of MySQL service startup, trying 48/60 ...
=> Waiting for confirmation of MySQL service startup, trying 49/60 ...
=> Waiting for confirmation of MySQL service startup, trying 50/60 ...
=> Waiting for confirmation of MySQL service startup, trying 51/60 ...
=> Waiting for confirmation of MySQL service startup, trying 52/60 ...
=> Waiting for confirmation of MySQL service startup, trying 53/60 ...
=> Waiting for confirmation of MySQL service startup, trying 54/60 ...
=> Waiting for confirmation of MySQL service startup, trying 55/60 ...
=> Waiting for confirmation of MySQL service startup, trying 56/60 ...
=> Waiting for confirmation of MySQL service startup, trying 57/60 ...
=> Waiting for confirmation of MySQL service startup, trying 58/60 ...
=> Waiting for confirmation of MySQL service startup, trying 59/60 ...
Time out. Error log is shown as below:
2019-07-08 12:26:19 340 [Note] InnoDB: The first specified data file ./ibdata1 did not exist: a new database to be created!
2019-07-08 12:26:19 340 [Note] InnoDB: Setting file ./ibdata1 size to 12 MB
2019-07-08 12:26:19 340 [Note] InnoDB: Database physically writes the file full: wait...
2019-07-08 12:26:19 340 [Note] InnoDB: Setting log file ./ib_logfile101 size to 48 MB
2019-07-08 12:26:19 340 [Note] InnoDB: Setting log file ./ib_logfile1 size to 48 MB
2019-07-08 12:26:19 340 [Note] InnoDB: Renaming log file ./ib_logfile101 to ./ib_logfile0
2019-07-08 12:26:19 340 [Warning] InnoDB: New log files created, LSN=45781
2019-07-08 12:26:19 340 [Note] InnoDB: Doublewrite buffer not found: creating new
2019-07-08 12:26:20 340 [Note] InnoDB: Doublewrite buffer created
2019-07-08 12:26:20 340 [Note] InnoDB: 128 rollback segment(s) are active.
2019-07-08 12:26:20 340 [Warning] InnoDB: Creating foreign key constraint system tables.
2019-07-08 12:26:20 340 [Note] InnoDB: Foreign key constraint system tables created
2019-07-08 12:26:20 340 [Note] InnoDB: Creating tablespace and datafile system tables.
2019-07-08 12:26:20 340 [Note] InnoDB: Tablespace and datafile system tables created.
2019-07-08 12:26:20 340 [Note] InnoDB: Waiting for purge to start
2019-07-08 12:26:20 340 [Note] InnoDB: 5.6.33 started; log sequence number 0
2019-07-08 12:26:20 340 [Warning] 'user' entry 'root@a2dc7fee8e2f' ignored in --skip-name-resolve mode.
2019-07-08 12:26:20 340 [Warning] 'proxies_priv' entry '@ root@a2dc7fee8e2f' ignored in --skip-name-resolve mode.
2019-07-08 12:26:20 340 [Note] Binlog end
2019-07-08 12:26:20 340 [Note] InnoDB: FTS optimize thread exiting.
2019-07-08 12:26:20 340 [Note] InnoDB: Starting shutdown...
2019-07-08 12:26:21 340 [Note] InnoDB: Shutdown completed; log sequence number 1625977
2019-07-08 12:26:22 377 [Warning] Using unique option prefix myisam-recover instead of myisam-recover-options is deprecated and will be removed in a future release. Please use the full name instead.
2019-07-08 12:26:22 377 [Note] Plugin 'FEDERATED' is disabled.
2019-07-08 12:26:22 377 [Note] InnoDB: Using atomics to ref count buffer pool pages
2019-07-08 12:26:22 377 [Note] InnoDB: The InnoDB memory heap is disabled
2019-07-08 12:26:22 377 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2019-07-08 12:26:22 377 [Note] InnoDB: Memory barrier is not used
2019-07-08 12:26:22 377 [Note] InnoDB: Compressed tables use zlib 1.2.8
2019-07-08 12:26:22 377 [Note] InnoDB: Using Linux native AIO
2019-07-08 12:26:22 377 [Note] InnoDB: Using CPU crc32 instructions
2019-07-08 12:26:22 377 [Note] InnoDB: Initializing buffer pool, size = 128.0M
2019-07-08 12:26:22 377 [Note] InnoDB: Completed initialization of buffer pool
2019-07-08 12:26:22 377 [Note] InnoDB: Highest supported file format is Barracuda.
2019-07-08 12:26:22 377 [Note] InnoDB: 128 rollback segment(s) are active.
2019-07-08 12:26:22 377 [Note] InnoDB: Waiting for purge to start
2019-07-08 12:26:22 377 [Note] InnoDB: 5.6.33 started; log sequence number 1625977
2019-07-08 12:26:22 377 [Note] Binlog end
2019-07-08 12:26:22 377 [Note] InnoDB: FTS optimize thread exiting.
2019-07-08 12:26:22 377 [Note] InnoDB: Starting shutdown...
2019-07-08 12:26:23 377 [Note] InnoDB: Shutdown completed; log sequence number 1625987
2019-07-08 12:26:24 402 [Warning] Using unique option prefix myisam-recover instead of myisam-recover-options is deprecated and will be removed in a future release. Please use the full name instead.
2019-07-08 12:26:24 402 [Note] Plugin 'FEDERATED' is disabled.
2019-07-08 12:26:24 402 [Note] InnoDB: Using atomics to ref count buffer pool pages
2019-07-08 12:26:24 402 [Note] InnoDB: The InnoDB memory heap is disabled
2019-07-08 12:26:24 402 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2019-07-08 12:26:24 402 [Note] InnoDB: Memory barrier is not used
2019-07-08 12:26:24 402 [Note] InnoDB: Compressed tables use zlib 1.2.8
2019-07-08 12:26:24 402 [Note] InnoDB: Using Linux native AIO
2019-07-08 12:26:24 402 [Note] InnoDB: Using CPU crc32 instructions
2019-07-08 12:26:24 402 [Note] InnoDB: Initializing buffer pool, size = 128.0M
2019-07-08 12:26:24 402 [Note] InnoDB: Completed initialization of buffer pool
2019-07-08 12:26:24 402 [Note] InnoDB: Highest supported file format is Barracuda.
2019-07-08 12:26:24 402 [Note] InnoDB: 128 rollback segment(s) are active.
2019-07-08 12:26:24 402 [Note] InnoDB: Waiting for purge to start
2019-07-08 12:26:24 402 [Note] InnoDB: 5.6.33 started; log sequence number 1625987
2019-07-08 12:26:24 402 [Note] Binlog end
2019-07-08 12:26:24 402 [Note] InnoDB: FTS optimize thread exiting.
2019-07-08 12:26:24 402 [Note] InnoDB: Starting shutdown...
2019-07-08 12:26:25 402 [Note] InnoDB: Shutdown completed; log sequence number 1625997
2019-07-08 12:26:26 474 [Note] InnoDB: Using atomics to ref count buffer pool pages
2019-07-08 12:26:26 474 [Note] InnoDB: The InnoDB memory heap is disabled
2019-07-08 12:26:26 474 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2019-07-08 12:26:26 474 [Note] InnoDB: Memory barrier is not used
2019-07-08 12:26:26 474 [Note] InnoDB: Compressed tables use zlib 1.2.8
2019-07-08 12:26:26 474 [Note] InnoDB: Using Linux native AIO
2019-07-08 12:26:26 474 [Note] InnoDB: Using CPU crc32 instructions
2019-07-08 12:26:26 474 [Note] InnoDB: Initializing buffer pool, size = 128.0M
2019-07-08 12:26:26 474 [Note] InnoDB: Completed initialization of buffer pool
2019-07-08 12:26:26 474 [Note] InnoDB: Highest supported file format is Barracuda.
2019-07-08 12:26:26 474 [Note] InnoDB: 128 rollback segment(s) are active.
2019-07-08 12:26:26 474 [Note] InnoDB: Waiting for purge to start
2019-07-08 12:26:26 474 [Note] InnoDB: 5.6.33 started; log sequence number 1625997
2019-07-08 12:26:26 474 [Note] Binlog end
2019-07-08 12:26:26 474 [Note] InnoDB: FTS optimize thread exiting.
2019-07-08 12:26:26 474 [Note] InnoDB: Starting shutdown...
2019-07-08 12:26:28 474 [Note] InnoDB: Shutdown completed; log sequence number 1626007
2019-07-08 12:26:28 498 [Note] InnoDB: Using atomics to ref count buffer pool pages
2019-07-08 12:26:28 498 [Note] InnoDB: The InnoDB memory heap is disabled
2019-07-08 12:26:28 498 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2019-07-08 12:26:28 498 [Note] InnoDB: Memory barrier is not used
2019-07-08 12:26:28 498 [Note] InnoDB: Compressed tables use zlib 1.2.8
2019-07-08 12:26:28 498 [Note] InnoDB: Using Linux native AIO
2019-07-08 12:26:28 498 [Note] InnoDB: Using CPU crc32 instructions
2019-07-08 12:26:28 498 [Note] InnoDB: Initializing buffer pool, size = 128.0M
2019-07-08 12:26:28 498 [Note] InnoDB: Completed initialization of buffer pool
2019-07-08 12:26:28 498 [Note] InnoDB: Highest supported file format is Barracuda.
2019-07-08 12:26:28 498 [Note] InnoDB: 128 rollback segment(s) are active.
2019-07-08 12:26:28 498 [Note] InnoDB: Waiting for purge to start
2019-07-08 12:26:28 498 [Note] InnoDB: 5.6.33 started; log sequence number 1626007
2019-07-08 12:26:28 498 [Note] Binlog end
2019-07-08 12:26:28 498 [Note] InnoDB: FTS optimize thread exiting.
2019-07-08 12:26:28 498 [Note] InnoDB: Starting shutdown...
2019-07-08 12:26:30 498 [Note] InnoDB: Shutdown completed; log sequence number 1626017
190708 12:52:16 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
2019-07-08 12:52:16 0 [Warning] Using unique option prefix key_buffer instead of key_buffer_size is deprecated and will be removed in a future release. Please use the full name instead.
2019-07-08 12:52:16 0 [Warning] Using unique option prefix key_buffer instead of key_buffer_size is deprecated and will be removed in a future release. Please use the full name instead.
2019-07-08 12:52:16 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2019-07-08 12:52:16 0 [Note] /usr/sbin/mysqld (mysqld 5.6.33-0ubuntu0.14.04.1) starting as process 951 ...
190708 12:52:16 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
App mysql completed with exit code: 1
APP END TIME:1562590395
Time taken by App : 1 minutes and 1 seconds.
Main process died, so dropping the container in to shell for debugging

I can't attach the snapshot.Instead of that, I am adding google drive link.

https://drive.google.com/open?id=1Ckdv5qcehpQiJY1SnMZzUo0SfUQTvA93

Re: IOX Docker Root issue

anlgrses — Tue, 23 Jul 2019 12:42:10 GMT

Any update?

Re: IOX Docker Root issue

suressan — Wed, 24 Jul 2019 05:13:37 GMT

I could recreate the issue #1. But with the workaround you suggested to execute postgres process as user "postgres, i could get the process up and running and access the "docker" database.

Is there any particular operation you are trying which lead to the error ?

[283] FATAL:  could not open lock file "postmaster.pid": Permission denied

Re: IOX Docker Root issue

anlgrses — Wed, 24 Jul 2019 09:52:09 GMT

Thank you for your response. When you start process of Postgres, can you access remotely? Did you prepare bash script or something for starting up the postgres? If did, could you please share with me.

Re: IOX Docker Root issue

suressan — Thu, 25 Jul 2019 02:19:19 GMT

Few things to change from your end. We identified the root cause in overlayfs and it will be addressed in next IR829 release. In the intermediate term, here is the workaround.

1. Use linux development machine to rebuild iox app package.

2. Setup package.yaml's rootfs attribute value as "app.ext2" and add user attribute in startup section. Here is the final version.

descriptor-schema-version: "2.7"
info:
  name: postgre_829
  version: latest
app:
  cpuarch: x86_64
  env:
    PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  resources:
    network:
    - interface-name: eth0
      ports:
        tcp:
        - "5432"
    profile: c1.large
  startup:
    rootfs: app.ext2
    target: ["/usr/lib/postgresql/9.3/bin/postgres", "-D", "/var/lib/postgresql/9.3/main", "-c", "config_file=/etc/postgresql/9.3/main/postgresql.conf"]
    user: postgres
  type: docker

3. Repackage iox app using this command. -p ext2 option will not take overlayfs path and instead mount as ext2 fs.

$ ioxclient docker package -p ext2 <docker_image> <dir path containing package.yaml>

4. Upload/activate/start the app. Make sure to Activate the app in debug mode, so that container is up and running even if target process is down.

5. At this point, i still see postgres exiting due to this error.

root@IR800-GOS-1:/# cat /data/logs/watchDog.log
2019-07-25 02:11:42.161 UTC [152] FATAL: could not access private key file "/etc/ssl/private/ssl-cert-snakeoil.key": Permission denied
App postgres_ext2 completed with exit code: 1
APP END TIME:1564020702
Time taken by App : 0 minutes and 1 seconds.
Main process died, so dropping the container in to shell for debugging

6. Get inside application console using command

$ ioxclient app console <appname>

7. Now try to manually start the app as postgres user and i could see the postgres getting started fine. Try to see if ssl-cert-snakeoil.key permission needs to be changed for fixing the error in step 5.

root@IR800-GOS-1:/# su postgres
postgres@IR800-GOS-1:/$
postgres@IR800-GOS-1:/$ whoami
postgres
postgres@IR800-GOS-1:/$ /usr/lib/postgresql/9.3/bin/postgres -D /var/lib/postgresql/9.3/main -c config_file=/etc/postgresql/9.3/main/postgresql.conf
2019-07-25 02:12:19.354 UTC [161] LOG:  database system was interrupted; last known up at 2019-07-12 18:34:46 UTC
2019-07-25 02:12:20.446 UTC [161] LOG:  database system was not properly shut down; automatic recovery in progress
2019-07-25 02:12:20.451 UTC [161] LOG:  redo starts at 0/1784C28
2019-07-25 02:12:20.453 UTC [161] LOG:  record with zero length at 0/1784C68
2019-07-25 02:12:20.453 UTC [161] LOG:  redo done at 0/1784C28
2019-07-25 02:12:20.454 UTC [161] LOG:  last completed transaction was at log time 2019-07-12 18:34:46.275325+00
2019-07-25 02:12:20.480 UTC [161] LOG:  MultiXact member wraparound protections are now enabled
2019-07-25 02:12:20.512 UTC [160] LOG:  database system is ready to accept connections
2019-07-25 02:12:20.508 UTC [165] LOG:  autovacuum launcher started

Let me know if you are not able to get this still working.

Re: IOX Docker Root issue

anlgrses — Wed, 31 Jul 2019 15:02:58 GMT

Hi, Thank you for your response. I worked the Postgres as you told. However, as you mentioned at your reply, permission denied error still exists. I want to go to the production stage with that product and I can't do that with this situation. I need to learn when the next release will be available. Could you tell me the specific time range for the release?

Re: IOX Docker Root issue

suressan — Fri, 02 Aug 2019 23:12:29 GMT

>>However, as you mentioned at your reply, permission denied error still exists

Resolved this issue. Use below package.yaml and repackage the application. Your init user needs to be postgres and initgroup needs to be ssl-cert. That was the issue. Now the postgres process is up and running with app start.

descriptor-schema-version: "2.7"
info:
  name: postgre_829
  version: latest
app:
  cpuarch: x86_64
  env:
    PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  resources:
    network:
    - interface-name: eth0
      ports:
        tcp:
        - "5432"
    profile: c1.large
  startup:
    rootfs: app.ext2
    target: ["/usr/lib/postgresql/9.3/bin/postgres", "-D", "/var/lib/postgresql/9.3/main", "-c", "config_file=/etc/postgresql/9.3/main/postgresql.conf"]
    user: postgres
    group: ssl-cert
  type: docker

>>I need to learn when the next release will be available. Could you tell me the specific time range for the release?

The release with overlay fs fix is targeted sometime in Aug/Sep. Keep in mind, even in that release you need to use correct inituser and initgroup to get the postgres up and running.