Installation fails on CentOS 8 due to missing Postgres Superuser Password
waza-ari opened this issue · 7 comments
waza-ari commented
This issue tracker is reserved for bug reports.
I followed the docker-compose installation instructions, but installation failed while trying to initialise the DB, see logs below:
We will now setup the database.
Continue? (Y/n) y
Starting fabmanager_elasticsearch_1 ... done
Starting fabmanager_postgres_1 ... done
Starting fabmanager_redis_1 ... done
could not translate host name "postgres" to address: Try again
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/postgresql_adapter.rb:651:in `initialize'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/postgresql_adapter.rb:651:in `new'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/postgresql_adapter.rb:651:in `connect'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/postgresql_adapter.rb:242:in `initialize'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/postgresql_adapter.rb:44:in `new'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/postgresql_adapter.rb:44:in `postgresql_connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:438:in `new_connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:448:in `checkout_new_connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:422:in `acquire_connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:349:in `block in checkout'
/usr/local/lib/ruby/2.3.0/monitor.rb:214:in `mon_synchronize'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:348:in `checkout'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:263:in `block in connection'
/usr/local/lib/ruby/2.3.0/monitor.rb:214:in `mon_synchronize'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:262:in `connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:571:in `retrieve_connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_handling.rb:113:in `retrieve_connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_handling.rb:87:in `connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/tasks/postgresql_database_tasks.rb:6:in `connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/tasks/postgresql_database_tasks.rb:15:in `create'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/tasks/database_tasks.rb:93:in `create'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/tasks/database_tasks.rb:107:in `block in create_current'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/tasks/database_tasks.rb:278:in `block in each_current_configuration'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/tasks/database_tasks.rb:277:in `each'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/tasks/database_tasks.rb:277:in `each_current_configuration'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/tasks/database_tasks.rb:106:in `create_current'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/railties/databases.rake:17:in `block (2 levels) in <top (required)>'
/usr/local/bundle/gems/rake-13.0.0/lib/rake/task.rb:280:in `block in execute'
/usr/local/bundle/gems/rake-13.0.0/lib/rake/task.rb:280:in `each'
/usr/local/bundle/gems/rake-13.0.0/lib/rake/task.rb:280:in `execute'
/usr/local/bundle/gems/rake-13.0.0/lib/rake/task.rb:218:in `block in invoke_with_call_chain'
/usr/local/lib/ruby/2.3.0/monitor.rb:214:in `mon_synchronize'
/usr/local/bundle/gems/rake-13.0.0/lib/rake/task.rb:198:in `invoke_with_call_chain'
/usr/local/bundle/gems/rake-13.0.0/lib/rake/task.rb:187:in `invoke'
/usr/local/bundle/gems/rake-13.0.0/lib/rake/application.rb:160:in `invoke_task'
/usr/local/bundle/gems/rake-13.0.0/lib/rake/application.rb:116:in `block (2 levels) in top_level'
/usr/local/bundle/gems/rake-13.0.0/lib/rake/application.rb:116:in `each'
/usr/local/bundle/gems/rake-13.0.0/lib/rake/application.rb:116:in `block in top_level'
/usr/local/bundle/gems/rake-13.0.0/lib/rake/application.rb:125:in `run_with_threads'
/usr/local/bundle/gems/rake-13.0.0/lib/rake/application.rb:110:in `top_level'
/usr/local/bundle/gems/rake-13.0.0/lib/rake/application.rb:83:in `block in run'
/usr/local/bundle/gems/rake-13.0.0/lib/rake/application.rb:186:in `standard_exception_handling'
/usr/local/bundle/gems/rake-13.0.0/lib/rake/application.rb:80:in `run'
/usr/local/bundle/gems/rake-13.0.0/exe/rake:27:in `<top (required)>'
/usr/local/bundle/bin/rake:23:in `load'
/usr/local/bundle/bin/rake:23:in `<top (required)>'
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/cli/exec.rb:74:in `load'
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/cli/exec.rb:74:in `kernel_load'
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/cli/exec.rb:28:in `run'
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/cli.rb:463:in `exec'
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/vendor/thor/lib/thor/invocation.rb:126:in `invoke_command'
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/vendor/thor/lib/thor.rb:387:in `dispatch'
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/cli.rb:27:in `dispatch'
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/vendor/thor/lib/thor/base.rb:466:in `start'
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/cli.rb:18:in `start'
/usr/local/bin/bundle:30:in `block in <main>'
/usr/local/lib/ruby/site_ruby/2.3.0/bundler/friendly_errors.rb:124:in `with_friendly_errors'
/usr/local/bin/bundle:22:in `<main>'
Couldn't create database for {"adapter"=>"postgresql", "encoding"=>"unicode", "pool"=>25, "username"=>"postgres", "password"=>nil, "host"=>"postgres", "database"=>"fablab_production"}
Starting fabmanager_redis_1 ... done
Starting fabmanager_postgres_1 ... done
Starting fabmanager_elasticsearch_1 ... done
rake aborted!
PG::ConnectionBad: could not translate host name "postgres" to address: Try again
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/postgresql_adapter.rb:651:in `initialize'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/postgresql_adapter.rb:651:in `new'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/postgresql_adapter.rb:651:in `connect'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/postgresql_adapter.rb:242:in `initialize'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/postgresql_adapter.rb:44:in `new'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/postgresql_adapter.rb:44:in `postgresql_connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:438:in `new_connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:448:in `checkout_new_connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:422:in `acquire_connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:349:in `block in checkout'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:348:in `checkout'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:263:in `block in connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:262:in `connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:571:in `retrieve_connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_handling.rb:113:in `retrieve_connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/connection_handling.rb:87:in `connection'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/attributes.rb:93:in `columns'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/attributes.rb:98:in `columns_hash'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/core.rb:173:in `block in find_by'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/core.rb:173:in `each'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/core.rb:173:in `all?'
/usr/local/bundle/gems/activerecord-4.2.11.1/lib/active_record/core.rb:173:in `find_by'
/usr/src/app/app/models/auth_provider.rb:34:in `active'
/usr/src/app/lib/omni_auth/omni_auth.rb:3:in `<top (required)>'
/usr/src/app/config/initializers/devise.rb:236:in `require_relative'
/usr/src/app/config/initializers/devise.rb:236:in `block in <top (required)>'
/usr/local/bundle/gems/devise-4.7.1/lib/devise.rb:311:in `setup'
/usr/src/app/config/initializers/devise.rb:5:in `<top (required)>'
/usr/local/bundle/gems/activesupport-4.2.11.1/lib/active_support/dependencies.rb:268:in `load'
/usr/local/bundle/gems/activesupport-4.2.11.1/lib/active_support/dependencies.rb:268:in `block in load'
/usr/local/bundle/gems/activesupport-4.2.11.1/lib/active_support/dependencies.rb:240:in `load_dependency'
/usr/local/bundle/gems/activesupport-4.2.11.1/lib/active_support/dependencies.rb:268:in `load'
/usr/local/bundle/gems/railties-4.2.11.1/lib/rails/engine.rb:652:in `block in load_config_initializer'
/usr/local/bundle/gems/activesupport-4.2.11.1/lib/active_support/notifications.rb:166:in `instrument'
/usr/local/bundle/gems/railties-4.2.11.1/lib/rails/engine.rb:651:in `load_config_initializer'
/usr/local/bundle/gems/railties-4.2.11.1/lib/rails/engine.rb:616:in `block (2 levels) in <class:Engine>'
/usr/local/bundle/gems/railties-4.2.11.1/lib/rails/engine.rb:615:in `each'
/usr/local/bundle/gems/railties-4.2.11.1/lib/rails/engine.rb:615:in `block in <class:Engine>'
/usr/local/bundle/gems/railties-4.2.11.1/lib/rails/initializable.rb:30:in `instance_exec'
/usr/local/bundle/gems/railties-4.2.11.1/lib/rails/initializable.rb:30:in `run'
/usr/local/bundle/gems/railties-4.2.11.1/lib/rails/initializable.rb:55:in `block in run_initializers'
/usr/local/bundle/gems/railties-4.2.11.1/lib/rails/initializable.rb:44:in `each'
/usr/local/bundle/gems/railties-4.2.11.1/lib/rails/initializable.rb:44:in `tsort_each_child'
/usr/local/bundle/gems/railties-4.2.11.1/lib/rails/initializable.rb:54:in `run_initializers'
/usr/local/bundle/gems/railties-4.2.11.1/lib/rails/application.rb:352:in `initialize!'
/usr/src/app/config/environment.rb:7:in `<top (required)>'
/usr/local/bundle/gems/activesupport-4.2.11.1/lib/active_support/dependencies.rb:274:in `require'
/usr/local/bundle/gems/activesupport-4.2.11.1/lib/active_support/dependencies.rb:274:in `block in require'
/usr/local/bundle/gems/activesupport-4.2.11.1/lib/active_support/dependencies.rb:240:in `load_dependency'
/usr/local/bundle/gems/activesupport-4.2.11.1/lib/active_support/dependencies.rb:274:in `require'
/usr/local/bundle/gems/railties-4.2.11.1/lib/rails/application.rb:328:in `require_environment!'
/usr/local/bundle/gems/railties-4.2.11.1/lib/rails/application.rb:457:in `block in run_tasks_blocks'
/usr/local/bundle/gems/rake-13.0.0/exe/rake:27:in `<top (required)>'
/usr/local/bin/bundle:30:in `block in <main>'
/usr/local/bin/bundle:22:in `<main>'
Tasks: TOP => db:migrate => environment
(See full trace by running task with --trace)
Looking at the Postgres Logs, I can see the following:
postgres_1 | Error: Database is uninitialized and superuser password is not specified.
postgres_1 | You must specify POSTGRES_PASSWORD to a non-empty value for the
postgres_1 | superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
postgres_1 |
postgres_1 | You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
postgres_1 | connections without a password. This is *not* recommended.
postgres_1 |
postgres_1 | See PostgreSQL documentation about "trust":
postgres_1 | https://www.postgresql.org/docs/current/auth-trust.html
Looks like there is a problem with the automated installation.
sylvainbx commented
Hi @waza-ari
Thanks for your report.
- Are you using postgres 9.6?
- Can you try changing the docker-compose.yml file the way below and report if the postgres container starts:
postgres:
image: postgres:9.6
volumes:
- ${PWD}/postgresql:/var/lib/postgresql/data
restart: always
environment:
POSTGRES_HOST_AUTH_METHOD: trustsylvainbx commented
Ok, I've confirmed the bug with the last version of postgre 9.6. I'll publish a new release fixing the problem asap, maybe tomorrow
waza-ari commented
Hey @sylvainbx, thanks for your swift reply! Wondering if its a good idea to use this fix, as it essentially leaves the PGSQL db open for everyone to connect with max privileges.
sylvainbx commented
As long as the postgreSQL database is isolated inside the docker containter, himself isolated on a private virtual network with the app, the security seems high enough to my eyes, to use the postgres user without any password.
waza-ari commented
Well... it’s your application and your decision, but I cannot disagree enough. Anyway:
What about people who have multiple applications running in their docker environment and want to share the DB with other apps?
sylvainbx commented
This is not a ************ and all decisions are made to be discussed! 😉
Here are my thoughts :
- The default behavior of docker-compose is to isolate all the services from a single
docker-compose.ymlfile into a private virtual network, so the postgreSQL database is not accessible to other apps - If you want to override this behavior to share your postgreSQL database, you can create a NAT binding, or change the docker-compose file to bind the postgre service to an external network, or use another installation of postgresql and configure Fab-manager to use it.
- In any of those cases, you must know what you're doing, so you'll be able to configure the security of your database correctly to prevent exposing it to the world. That will also mean that you're quitting the default configuration of Fab-manager and I won't feel responsible for what you're doing in that case... Especially, I'm almost a single man to maintain this whole application (for free), so even if sleede is backing me up, we're a small company and we don't have enough resources to handle customized configurations during maintenance operations. I guess you'll understand...
- One more thing: if we set a password for the database, this password will be saved in the env file (as long as Fab-manager will need it to access the DB), so anyone with an access to the server will see that password... so I can't see where it improves security? But maybe you can put me in the picture?