Postgres database is uninitialized and superuser password is not specified

[jmz-b]

A recent update to the official postgres docker image breaks xnat-docker-compose out the box, causing it to fail with the following error.

$ docker-compose up
Starting xnat-docker-compose_xnat-db_1 ... done
Recreating xnat-docker-compose_xnat-web_1 ... done
Creating xnat-docker-compose_xnat-nginx_1 ... done
Attaching to xnat-docker-compose_xnat-db_1, xnat-docker-compose_xnat-web_1, xnat-docker-compose_xnat-nginx_1
xnat-db_1     | Error: Database is uninitialized and superuser password is not specified.
xnat-db_1     |        You must specify POSTGRES_PASSWORD for the superuser. Use
xnat-db_1     |        "-e POSTGRES_PASSWORD=password" to set it in "docker run".
xnat-db_1     | 
xnat-db_1     |        You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
xnat-db_1     |        without a password. This is *not* recommended. See PostgreSQL
xnat-db_1     |        documentation about "trust":
xnat-db_1     |        https://www.postgresql.org/docs/current/auth-trust.html
xnat-web_1    | psql: could not translate host name "xnat-db" to address: Name does not resolve
xnat-web_1    | Postgres is unavailable - sleeping

One simple work around (which it appears you are aware of by looking at some of the more recent code in branches other than master) is to add the following lines to the xnat-db definition in docker-compose.yml:

    environment:
      POSTGRES_HOST_AUTH_METHOD: trust

However this is not really best practice security wise, as it means any other service on the same docker network can get access to the xnat postgres database without authentication.

Ideally I think the xnat-db image should be pre-configured with a password using the POSTGRES_PASSWORD environment variable, and the the xnat-web container should be made aware of this value and use it when connecting.

I would love to hear your thoughts on this.

[jvsoest]

experienced the same issue today. What did resolve it for me (temporarily) is updating the postgres/Dockerfile on line 1: FROM postgres:9.4.25-alpine

Including the patching to the previous version of postgres 9.4 did resolve it (version 25).
In the development branches of this repository I do see that they are bumping to postgres 12.xx in newer versions. So I think this is a breaking change at Postgres.

[rherrick]

One of the branches is using PostgreSQL 12.2, but this requires changes in core XNAT (in addition to changes in XNAT 1.7.6 that enabled using PostgreSQL 10 or higher). The changes are very minor, but it doesn’t really matter how minor they are if you have an earlier version of XNAT! So, if you are running XNAT 1.7.6, you should be able to use any version of PostgreSQL through the latest release of 11 by specifying the appropriate tag for the postgres Docker image. Another change<7fefa4b#diff-4e5e90c6228fd48698d074241c2ba760> in the latest update on the features/dependency-mgmt branch<https://github.com/NrgXnat/xnat-docker-compose/tree/features/dependency-mgmt> of the xnat-docker-compose project is the addition of the PGPASSWORD environment variable to both the xnat-web and orthanc container definitions: environment: - CATALINA_OPTS=-Xms128m -Xmx8192m -Dxnat.home=/data/xnat/home -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=8000 - PGPASSWORD=${XNAT_DATASOURCE_PASSWORD} That environment variable is one of the many ways PostgreSQL checks for authentication credentials<https://www.postgresql.org/docs/9.6/libpq-envars.html>. This is more secure than having the database simply set up for trust. Once we have the big new features in this branch ironed out, I’m hoping to spend some time adding stuff to make it both more secure and easier to manage, so hopefully this will be a bit more turnkey sometime soon!

…

-- Rick Herrick Sr. Programmer/Analyst Neuroinformatics Research Group Washington University School of Medicine Phone: +1 (314) 273-1645 From: Johan van Soest <notifications@github.com> Reply-To: NrgXnat/xnat-docker-compose <reply@reply.github.com> Date: Tuesday, March 17, 2020 at 9:55 AM To: NrgXnat/xnat-docker-compose <xnat-docker-compose@noreply.github.com> Cc: Subscribed <subscribed@noreply.github.com> Subject: Re: [NrgXnat/xnat-docker-compose] Postgres database is uninitialized and superuser password is not specified (#28) experienced the same issue today. What did resolve it for me (temporarily) is updating the postgres/Dockerfile on line 1: FROM postgres:9.4.25-alpine Including the patching to the previous version of postgres 9.4 did resolve it (version 25). In the development branches of this repository I do see that they are bumping to postgres 12.xx in newer versions. So I think this is a breaking change at Postgres. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub<#28 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAC2ZUK3XV4E3AGPSHZJ6TLRH6FK3ANCNFSM4LMH3VWA>.

________________________________ The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.

[dmd]

Why is this closed? The issue is not resolved in HEAD, at least.