Missing hint in documentation for mandatory postgres values
sindram opened this issue · 4 comments
The new version of postgres base image requires new values. Change documentation.
See:
Error: Database is uninitialized and superuser password is not specified. You must specify POSTGRES_PASSWORD to a non-empty value for the superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
connections without a password. This is not recommended.
See PostgreSQL documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
Thank's for letting me know.
This is caused by a change in the postgres entypoint script, which runs before the 3DCityDB Docker entrypoint script and throws this error, if POSTGRES_PASSWORD is not set. There are several ways to resovled this, however, there are some security considerations. In general, there are two options:
- Provide a default password: This can e.g. be done by adding a
POSTGRES_PASSWORDenv var to theDockerfilewhich would restore the bahavior of the image as we know it. This is a possible security threat, as the user is not encouraged/forced to set a non-default password. A warning message that the default password should be changed, is already implemented. - Force the user to set a password: Adopt behavior of the official postgres image and change the documentation.
The second option is probably more safe, however, less comfortable, as the env var has to be specified on each call of docker run. I personally would rather stick to option one for the easy of use of the image in some situations. What is your opinion on this @sindram @clausnagel @thomashkolbe ?
I would recommend to only change the documentation on the corresponding github page(s) and the docker hub. The example calls shown in the documentation should use a password that is non-standard (i.e. not like "postgresql" or "postgis"). A good visible hint should tell that people should replace the password with their own. However, it would be good, if for quick tests I could simply "copy and paste" the docker statements into my shell to quickly setup a local docker container with a running 3DCityDB instance, which I will throw away after some usage (e.g. to quickly import a CityGML file and export it to glTF).
One possible way to support both options would be to provide an alternative image version with a set default password for quick testing, e.g. tumgis/3dcitydb-postgis:testing.