Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error when POSTGRES_PASSWORD is unset like mysql #658

Merged
merged 2 commits into from Feb 12, 2020

Conversation

yosifkit
Copy link
Member

@yosifkit yosifkit commented Dec 23, 2019

Add POSTGRES_HOST_AUTH_METHOD to bring back old behavior and be similar to MYSQL_ALLOW_EMPTY_PASSWORD, but add warning when "trust" is used since it disables all passwords

Fixes #580.

docker-entrypoint.sh Outdated Show resolved Hide resolved
tianon
tianon approved these changes Dec 23, 2019
Copy link
Member

@tianon tianon left a comment

This is a breaking change, but I think it's one that makes sense overall (and that the benefit outweighs the pain in this instance).

tianon
tianon approved these changes Dec 23, 2019
@Andrew-Morozko
Copy link

@Andrew-Morozko Andrew-Morozko commented Dec 28, 2019

Thank you for considering my request seriously. I'm much happier with this behaviour.

One little nitpick is the result when both POSTGRES_PASSWORD and POSTGRES_DISABLE_PASSWORDS are set. Currently it ignores the supplied POSTGRES_PASSWORD. If we're going for clarity this should error-out, otherwise POSTGRES_PASSWORD should overrule the POSTGRES_DISABLE_PASSWORDS.

Ether way, I'm much less sympathetic if someone forgets to remove POSTGRES_DISABLE_PASSWORDS from production config, but still, somebody will make that mistake given time...

Proposed patches

Add to docker_verify_minimum_env, before if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]

Error-out on incompatible options:

	if [ -n "$POSTGRES_PASSWORD" ] && [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
		cat >&2 <<-'EOE'
			Error: Both POSTGRES_PASSWORD and POSTGRES_DISABLE_PASSWORDS are specified.
			       You must specify one and only one.
		EOE
		exit 1
	fi

OR

Ignore POSTGRES_DISABLE_PASSWORDS on incompatible options:

	if [ -n "$POSTGRES_PASSWORD" ] && [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
		cat >&2 <<-'EOE'
			WARNING: Both POSTGRES_PASSWORD and POSTGRES_DISABLE_PASSWORDS are specified.
			         Using POSTGRES_PASSWORD, ignoring POSTGRES_DISABLE_PASSWORDS.
		EOE
		unset POSTGRES_DISABLE_PASSWORDS
	fi

Tested on postgres/12 and postgres/12/alpine, works as intended.

P.S.: Sorry for slow feedback, end of the year crazyness left me with full inbox...

@ringerc
Copy link

@ringerc ringerc commented Dec 30, 2019

Erroring on incompatible options probably makes more sense.

The error wording looks sensible.

I'm surprised you had to change so many places. No include files or snippets? Seems like plenty of room to miss one and leave things inconsistent. But that's not really the issue at hand.

Thankyou for this. I hope you're able to get it merged, it'd help reduce the rate at which potentially wormable wide-open postgres instances are created by people who don't realise what they're doing.

@tianon
Copy link
Member

@tianon tianon commented Jan 8, 2020

Erroring on incompatible options probably makes more sense.

Sure, but in this case they aren't actually incompatible -- they're orthogonal. When one sets POSTGRES_DISABLE_PASSWORDS, the database is configured to allow all connections, regardless of their authentication parameters. Separately, POSTGRES_PASSWORD configures the password which is set on the default user, and that gets set/stored regardless of the authentication method.

In other words, if the user asks us to disable password authentication, we do so (including spitting out a large warning).

Rethinking in this context, I think the name of the variable is misleading and should more directly correspond to what it does instead of what the user intends -- we're not actually disabling "passwords" in PostgreSQL but rather asking PostgreSQL not to prompt for them by setting the authentication method to be trust.

So, perhaps we should instead call it something more explicit like POSTGRES_AUTH_METHOD and warn when the value is set to trust. This would have the added benefit of allowing users to opt into newer authentication methods like scram-sha-256 (https://www.postgresql.org/docs/11/auth-password.html), increasing security further.

I'm surprised you had to change so many places. No include files or snippets? Seems like plenty of room to miss one and leave things inconsistent. But that's not really the issue at hand.

They're all templated -- we just have to commit the templating result so that Travis tests the right thing.

yosifkit added 2 commits Jan 10, 2020
Add POSTGRES_HOST_AUTH_METHOD to bring back old behavior and be similar to MYSQL_ALLOW_EMPTY_PASSWORD, but add warning when "trust" is used since it disables all passwords
@yosifkit
Copy link
Member Author

@yosifkit yosifkit commented Jan 10, 2020

Swapped POSTGRES_DISABLE_PASSWORDS to POSTGRES_HOST_AUTH_METHOD so that users configure the value of the auth-method rather than an opt-in to "disable passwords".

I'll try to get a docs PR going soon that will link to https://www.postgresql.org/docs/current/auth-pg-hba-conf.html

tianon
tianon approved these changes Feb 1, 2020
Copy link
Member

@tianon tianon left a comment

LGTM (pending a corresponding docs PR)

@yosifkit
Copy link
Member Author

@yosifkit yosifkit commented Feb 8, 2020

Docs PR created: docker-library/docs#1653

@yosifkit yosifkit merged commit 16dd8db into docker-library:master Feb 12, 2020
1 check passed
@yosifkit yosifkit deleted the more-mysql branch Feb 12, 2020
docker-library-bot added a commit to docker-library-bot/official-images that referenced this issue Feb 13, 2020
Changes:

- docker-library/postgres@16dd8db: Merge pull request docker-library/postgres#658 from infosiftr/more-mysql
docker-library-bot added a commit to docker-library-bot/official-images that referenced this issue Feb 14, 2020
Changes:

- docker-library/postgres@d21499f: Update to 10.12-1.pgdg90+1
- docker-library/postgres@33e66cd: Update to 9.5.21
- docker-library/postgres@505eda1: Update to 11.7-1.pgdg90+1
- docker-library/postgres@d3908b0: Update to 11.7
- docker-library/postgres@f45fb74: Update to 9.5.21-1.pgdg90+1
- docker-library/postgres@ef7af12: Update to 9.4.26-1.pgdg90+1
- docker-library/postgres@9558084: Update to 9.6.17-1.pgdg90+1
- docker-library/postgres@8bebabd: Update to 10.12
- docker-library/postgres@06bd57c: Update to 9.6.17
- docker-library/postgres@10fe2ae: Update to 12.2-1.pgdg100+1
- docker-library/postgres@691a785: Update to 12.2
- docker-library/postgres@473b58e: Update to 9.4.26
- docker-library/postgres@16dd8db: Merge pull request docker-library/postgres#658 from infosiftr/more-mysql
hutchic added a commit to hutchic/developer-scripts that referenced this issue Feb 14, 2020
hutchic added a commit to hutchic/developer-scripts that referenced this issue Feb 14, 2020
tianon referenced this issue in docker-library/official-images Feb 14, 2020
@BYK
Copy link

@BYK BYK commented Feb 14, 2020

This is a breaking change, but I think it's one that makes sense overall (and that the benefit outweighs the pain in this instance).

Burnt by this @tianon - now our setup requires POSTGRES_HOST_AUTH_METHOD=trust to be passed. Not sure how this passed the bar for a "patch" release.

ezkl added a commit to ezkl/redash that referenced this issue Mar 17, 2020
Redash's docker-compose file will no longer bring up an environment from
a cold start due to recent upstream changes to the postgres image that
force the user to either set a password for the default superuser or
opt-in to allowing all connections without a password via environment
variable.

Upstream PR: docker-library/postgres#658
Related Discussion: docker-library/postgres#681
arikfr pushed a commit to getredash/redash that referenced this issue Mar 18, 2020
Redash's docker-compose file will no longer bring up an environment from
a cold start due to recent upstream changes to the postgres image that
force the user to either set a password for the default superuser or
opt-in to allowing all connections without a password via environment
variable.

Upstream PR: docker-library/postgres#658
Related Discussion: docker-library/postgres#681
jmbott added a commit to SEL-Columbia/minigrid-server that referenced this issue Apr 7, 2020
DeeDeeG added a commit to RefugeRestrooms/refugerestrooms that referenced this issue Apr 12, 2020
Squashed commit of the following:

commit a3ba4b7
Author: DeeDeeG <DeeDeeG@users.noreply.github.com>
Date:   Fri Apr 3 22:10:09 2020 -0400

    Update Node.JS and Ruby Dependencies (#617)
    
    * Gemfile[.lock]: Update rails to 5.2.4.2
    
    Also update its dependencies, as required.
    
    * Gemfile[.lock]: Update grape and grape-swagger
    
    Also update their dependencies, as needed.
    
    * Gemfile[.lock]: Update activeadmin
    
    * Gemfile: Pin sprockets to "< 4"
    
    The 4.x major version upgrade requires some configuration changes.
    
    Pinning keeps the app from breaking when doing `bundle update`.
    
    * Gemfile.lock: Update all packages
    
    * yarn.lock: Update all packages

commit 15fe9f7
Author: DeeDeeG <DeeDeeG@users.noreply.github.com>
Date:   Thu Apr 2 16:02:39 2020 -0400

    Ruby: Update from 2.5.7 to 2.5.8 (#618)

commit cc9f2a7
Author: DeeDeeG <DeeDeeG@users.noreply.github.com>
Date:   Tue Mar 17 15:02:57 2020 -0400

    Update docker config (#616)
    
    * Dockerfile: Use better PhantomJS URL
    
    GitHub's CDN is more reliable than BitBucket's.
    
    (This is the URL we originally used as of PR #435,
    which was the initial implementation of our Docker setup.)
    
    * docker-compose.yml: Add password for PostgreSQL db
    
    This is in response to a recent change in the PostgreSQL Docker image.
    
    Either the database must be configured to not check passwords, i.e.
    `POSTGRESQL_HOST_AUTH_METHOD=trust`, or a password must now be set.
    
    For explanation and context, see:
    
    - docker-library/postgres#658
    - docker-library/postgres#681
    - docker-library/postgres#580
    - https://discuss.circleci.com/t/postgresql-image-password-not-specified-issue/34555
mi-wood added a commit to RefugeRestrooms/refugerestrooms that referenced this issue Apr 13, 2020
* db/seeds.rb: Give restroom entries an edit_id (#567)

Only applies during development and testing
when we use the "db/export.csv" data.

Doesn't affect production, which uses the real data in its db.

* Explain how to run individual tests and access psql (#570)

Also, clarify that there are two containers, web and db,
rather than just one; these can be viewed using
docker ps

* Make filter with "focus" class more readable

* Remove unused li

* Allow dropdown menu text to wrap and fit within the dropdown

Add border bottom to give each menu item more separation

* yarn.lock: Update jquery (#587)

* Dockerfile: Update and streamline steps (#586)

Does effectively the same things as before,
but now in a simpler/faster way.

Some of the changes take inspiration from
@btyy77c's dockerAlpine branch:
https://github.com/btyy77c/refugerestrooms/blob/dockerAlpine/Dockerfile

The PhantomJS install is based on (mostly copy-pasted from)
@nkovacs' phantomjs image from Docker Hub:
https://github.com/nkovacs/selenium-standalone-phantomjs/blob/c5f6bba218472270/Dockerfile#L19-L22

* Dockerfile: Get latest Node.js in a major version (#589)

(Also installs Node.js in /usr/local/
instead of installing Node.js in the root directory.)

With this updated script, we specify just a major version
and the script picks the latest minor/patch version within that.

--

Nodejs.org does most of the work by maintaining the "latest-v[MAJOR]"
folders; We only need to parse the "SHASUMS256.txt" file from there,
and pick the "linux-x64" variant, which works with our Docker setup.

At this point we can use the known directory URL, plus the filename
extracted from "SHASUMS256.txt", and download with curl, or wget, etc.

(e.g. "curl -L https://nodejs.org/dist/latest-v10.x/node-v10.16.0-linux-x64.tar.xz -o nodejs.tar.xz")

--

There is no "latest-LTS" folder or similar, so automatically getting
the latest LTS version would be more difficult.

We could search "nodejs.org/dist/" for folders with
the name "latest-[LETTERS-ONLY-STRING]", which would be the folders
of all the LTS codenames. Among these, the one with
the alphabetically last name is the latest LTS.

This would work at least until around 2040, when they may have
to loop around and re-use some earlier letters (a, b, c, etc.)

* Update Node.js and Ruby dependencies (#590)

* yarn.lock: Update Node.js packages

* Gemfile.lock: Update gems

* Add Bugsnag to readme

To fufill the open source agreement, we have to link to bugsnag now in our readme.

* .travis.yml: Use minimal base image for Travis CI

We do all the setup/build steps inside a Docker container,
so we don't need ruby tools outside of Docker
(on the Travis CI virtual machine instances).

Should save about 20 seconds of Travis CI build time.

--

Inspired by @btyy77c who did this first at their dockerAlpine branch:
  - btyy77c@393cf46

Documentation at Travis re: minimal/generic images:
  - https://docs.travis-ci.com/user/languages/minimal-and-generic/

* docker-compose.yml: Use postgresql:alpine image

This (the Alpine Linux-based postgresql image) is a smaller image
than the debian-based postgresql image,
so it should be marginally faster to download.

Seems like a good idea in general,
to speed up build times (even outside of Travis CI).

Also should save some disk space for developers.

--

Inspired by the general concept of @btyy77c's dockerAlpine branch:
  - https://github.com/btyy77c/refugerestrooms/commits/dockerAlpine

Docker Hub documentation on the alpine vs debian postgres images:
  - https://hub.docker.com/_/postgres#image-variants

* layouts/_footer.html.haml: Remove tumblr link

* stylesheets/.../common: Remove tumblr icon stlye

* en/footer.en.yml: Remove string for tumblr blog

This isn't needed anymore,
since we have removed the tumblr link from the footer.

* removed tumblr from about page (#593)

I noticed we were removing tumblr, here's one more instance

* Create about.fil.yml (#465)

* Filipino Translation devise.fil.yml (#454)

* Create devise.fil.yml

* Update devise.fil.yml

* Update for devise.fil.yml @100% Translation

* Update and rename devise.fil.yml to devise.fl.yml

* Update and rename devise.fl.yml to devise.fil.yml

* 100% completed for restroom.fil.yml file  (#467)

* Create restroom.fil.yml

* Translations for EN to FIL Issue 451 (#556)

Translated files from EN to FIL #451

* config/locales/fil/: Remove tumblr

See #592 and #593

* Updated filipino translations

* switched sass-rails gem (#595)

* switched sass-rails gem (sass-rails --> sassc-rails)

* Changed the word `restroom` to `banyo` to be mroe understandable to most Filipinos

* Fixed some unnoticed words that needed some changes in translation

* additional translation changes

* config/application.rb: Add 'fil' locale (Filipino)

Enables translations as merged in #596

* .travis.yml: Set "dist" to "trusty" (#600)

Should allow our CI tests to pass
while we investigate test failures on xenial and newer.

* production.rb: Fix i18n.fallbacks deprecation warn

* config/application.rb: Add Tagalog (:tl) locale

* production.rb: I18n fallbacks for :tl --> :fil

We don't maintain separate translations for
"Tagalog" and Filipino, since they are arguably the same language.

However, Firefox only allows users to set "Tagalog" as preferred,
and Chrome only allows users to set "Filipino" as preferred.

To support both browsers, we must support both the "Tagalog"
and the "Filipino" locales.

(These locales use the "tl" and "fil" locale codes, respectively.)

* config/application.rb: Set default locale to "en"

* package.json: Update swagger to master with patch

* yarn.lock: Commit updated (indirect) dependencies

* yarn.lock: Update all packages

* Gemfile[.lock]: Update devise, simple_form

* yarn.lock: Upgrade swagger-ui's dependencies

* Ruby: Upgrade from 2.5.3 to 2.5.7

* Dockerfile: Work around an issue with phantomjs

When running the tests, cliver tries to check that PhantomJS's version
is within a certain range, by running "phantomjs --version".

The "phantomjs --version" command fails for some reason
on the new ruby:2.5.7-slim Docker base image.

Perhaps because the new Docker image is based on Debian 10 "Buster,"
whereas the old Docker image was based on Debian 9 "Stretch"?

This commit's workaround allows "phantomjs --version" to work again.

* Fix Travis tests failing on distributions other than trusty (#606)

* Revert ".travis.yml: Set "dist" to "trusty" (#600)"

This reverts commit ac8f6ab.

Doing this to run tests on Travis to investigate why they
aren't passing.

* Explicitly require locations.rb in rspec.rb

Tentative fix for tests not passing in xenial but passing in trusty.
This might be because different distributions load files in a
different order. In xenial, `rspec.rb` might get loaded before
`locations.rb`, making `Locations` uninitialized. Explicit require
fixes this.

* Dockerfile: Upgrade Node from v10.x to v12.x (#603)

Node 12 "Erbium" is the newest Long Term Service release.

We should either pin a version of Node in our package.json file,
or stay on the latest LTS version of Node;

Heroku will use the latest LTS version of Node 
in production if we don't have any versions pinned in our package.json

* Webpack Upgrade (#607)

* Updated webpacker gem

* Upgraded yarn packages

* Ran webpack:install process.  Working without rails-erb-loader

* Added rails-erb-loader to webpack

* Fixed include PgSearch warning

* Added .dockerignore

* PR #607: Minor tweaks/cleanup

- Adjust Gemfile[.lock] to specify webpacker within the 4.x series,
  rather than any version 4.0 or greater.

- Delete some duplicate entries in the .gitignore file

* CONTRIBUTING.md: Remove the reference to "Cmd + C"

The "Cmd + C" keyboard shortcut is for copying text,
not quitting programs in the terminal.

The proper way to quit programs in the terminal
under macOS is "Ctrl + C", the same as Linux.

Referring to "Cmd + C" here was based on
a mistaken assumption that "Ctrl" on Windows or Linux
always gets translated to "Cmd" on macOS.

(In fact, some uses of "Ctrl" on Windows/Linux
are preserved as-is on macOS. It's a mixed bag.)

Deleting the reference to "Ctrl + C", to make the guidance clearer.

* db/schema.rb: Commit with underscores in date

The date gets underscores added automatically
when running migrations on the database.

Committing with the underscores so the change isn't flagged by git
when no code has been changed.

* restrooms_spec.rb: Fix a test (#608)

Background:

The Mission Creek Cafe in San Francisco has been closed for some time.

Google Maps API now resolves "Mission Creek Cafe"
to a coffee shop in Washington state.

Washington is too far away from our stub restroom entries;
No stub restrooms are located near Washington,
so no restroom results are shown on our results page for this search.

The test expects to see a stub restroom entry on the reults page,
but does not see it, and so the test fails.

---

Fix:

search the Maps API for "San Francisco," not "Mission Creek Cafe"

(This returns a lat/long associated with San Francisco not Washington)

* Update some dependencies, fix some deprecation warnings (#609)

* Gemfile[.lock]: Update simplecov

Fixes a deprecation warning

* restrooms_spec.rb: Use 'successful' not 'success'

Rspec's `be_success` and `.success?` are deprecated.

Rspec's `be_successful` and `.successful?`
are the non-deprecated versions of this check.

(This fixes the associated deprecation warning)

* Gemfile.lock: Bump some dependencies

Upgraded loofah, puma, rack, and rack-cors,
plus their dependencies.

* Tweak CSS a bit for narrow screens (e.g. mobile phones) (#610)

* CSS: Add some styles for narrow screens

For screen widths ~340px or narrower.

(Such a narrow screen is found, for example, on the original iPhone
through to the iPhone 5S and iPhone SE.)

- Makes the "+" icon on the "Add A Restroom" button
  appear in a more correct-looking position.

- Fixes the overlap of the "Refuge Restrooms" text
  with the "hamburger" drop-down menu button in the header/nav section.

- Adds a class via the haml source (.nav-column)
  to make applying one of the style rules easier.

* CSS: No double-padding on nested `.container`s

Eliminate double-padding in cases of
an [element].container immediately inside another [element].container.

(Doing this only directly under the header div, just to be conservative.)

The 15px + 15px = 30px of padding on both sides
seemed unintentionally wide. Also, I think this looks nicer.
Helps with the tight fit on mobile devices, too.

(Should affect the header/nav on all pages other than the home page,
aka the splash page, due to the way the pages are coded.)

* CSS: Center logo and brand name on narrow screens (#611)

* _mobile.scss: Lower logo/brand on narrow screens

Adjust the CSS "top" property to set the logo and "brand name"
("Refuge Restrooms") slightly lower within the navbar on narrow
screens.

This is to adjust for the navbar being responsively taller
on narrower screens. "767px screen width" happens to be the responsive
threshold for that height change for the navbar.

* _mobile.scss: Move 342px rules, adjust whitespace

Moved the "max 342px" rules to the bottom, so all screen-width-related
style rules are in descending order of the sizes that they apply to.
(For consistency).

Adjusted the use of newlines in this stylesheet to be more consitent.

* Update docker config (#616)

* Dockerfile: Use better PhantomJS URL

GitHub's CDN is more reliable than BitBucket's.

(This is the URL we originally used as of PR #435,
which was the initial implementation of our Docker setup.)

* docker-compose.yml: Add password for PostgreSQL db

This is in response to a recent change in the PostgreSQL Docker image.

Either the database must be configured to not check passwords, i.e.
`POSTGRESQL_HOST_AUTH_METHOD=trust`, or a password must now be set.

For explanation and context, see:

- docker-library/postgres#658
- docker-library/postgres#681
- docker-library/postgres#580
- https://discuss.circleci.com/t/postgresql-image-password-not-specified-issue/34555

* Ruby: Update from 2.5.7 to 2.5.8 (#618)

* Update Node.JS and Ruby Dependencies (#617)

* Gemfile[.lock]: Update rails to 5.2.4.2

Also update its dependencies, as required.

* Gemfile[.lock]: Update grape and grape-swagger

Also update their dependencies, as needed.

* Gemfile[.lock]: Update activeadmin

* Gemfile: Pin sprockets to "< 4"

The 4.x major version upgrade requires some configuration changes.

Pinning keeps the app from breaking when doing `bundle update`.

* Gemfile.lock: Update all packages

* yarn.lock: Update all packages

* Implement Google's reCAPTCHA (#566)

* Add server reCAPTCHA verification for contacts

Added a temporary secret key for testing in .env, which is loaded by
the dotenv gem. In production, just put another key in the Heroku
env variable settings.

* Add reCAPTCHA to contacts submission page

* Enable browser form validation by default

This gets form input validated on the client side, which gives faster
feedback to the user, without the need for a custom solution. This
feature is supported in all modern browsers.

* Add reCAPTCHA to restrooms page

* Make stub for reCAPTCHA verification during tests

Co-authored-by: Mikena Wood <mi-wood@users.noreply.github.com>

Co-authored-by: DeeDeeG <DeeDeeG@users.noreply.github.com>
Co-authored-by: Kai Middleton <kai.middleton@hingehealth.com>
Co-authored-by: hkly <hannah.k.yiu@gmail.com>
Co-authored-by: Teagan <tkwidmer@gmail.com>
Co-authored-by: Joe Wadcan <joe.wadcan@github.com>
Co-authored-by: vinzruzell <35182720+vinzruzell@users.noreply.github.com>
Co-authored-by: hnarasaki <hnarasaki@indeed.com>
Co-authored-by: Bryan Mark Fajutag <fbryanmark@gmail.com>
Co-authored-by: Emily Ring <emily_ring@ymail.com>
Co-authored-by: Jason Chen <kbtpodifo@gmail.com>
igabaydulin added a commit to igabaydulin/debezium-postgres-shutdown that referenced this issue Apr 28, 2020
danp added a commit to OneBusAway/onebusaway-docker that referenced this issue May 3, 2020
In docker-library/postgres#658 a change was
made to the postgres image to require a password by default or
explicit disabling of auth.

For bin/ci, disable auth to keep configs simple. Add a note reminding
that doing this is highly insecure and should not be done in production.
vincejo added a commit to vincejo/cloud-code-samples that referenced this issue May 12, 2020
If this is not set, it shuts down DB containers. Causes users to not be able to Deploy or to Debug the containers.

Relevant PR:
docker-library/postgres#658
simonz130 pushed a commit to GoogleCloudPlatform/cloud-code-samples that referenced this issue May 12, 2020
If this is not set, it shuts down DB containers. Causes users to not be able to Deploy or to Debug the containers.

Relevant PR:
docker-library/postgres#658
bjgill added a commit to Crown-Commercial-Service/digitalmarketplace-runner that referenced this issue Jan 6, 2021
We need to upgrade to Postgres 12 by mid-February. We can't go directly, we need to go via Postgres 10 - https://docs.cloud.service.gov.uk/deploying_services/postgresql/#upgrade-to-postgresql-10.

Upgrade dmrunner to use postgres 10 so we can test locally. After pulling this commit, you will need to run `make data` to re-initialise the database.

We need to add `POSTGRES_HOST_AUTH_METHOD` because the postgres docker container has changed to require it: docker-library/postgres#658
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants