Add a placeholder for POSTGRES_PASSWORD

[progval]

It's a required environment variable, the postgresql container
crashes without it.

[ClearlyClaire]

Note that it's because of a breaking change in the postgres docker image: docker-library/postgres#658
It's only used at setup, so already-running images are fine.

We could revert to the old behavior, but this may not be advisable, especially if we end up merging #13941 (but docker-compose setups seem to not work without that…)

[SuperSandro2000]

We should encourage people to use credentials for their databases.

[ClearlyClaire]

We should encourage people to use credentials for their databases.

I mean, kinda, but people who did install using docker-compose in the past most probably have a password-less postgres anyway. We don't set a password either for Redis. And in the case of docker-compose this isn't an issue, thanks to the services being on their own network.

Requiring people to set a password for postgres is an extra step that, in this particular configuration, does not provide any extra security.

[SuperSandro2000]

I am afraid to tell you that in the default docker daemon configuration this is an issue cause icc (inter container communication) is enabled which allows everything to talk to everything cause networks and port publishs are ignored.

[ClearlyClaire]

I am afraid to tell you that in the default docker daemon configuration this is an issue cause icc (inter container communication) is enabled which allows everything to talk to everything cause networks and port publishs are ignored.

Ah, indeed. wtf

[shleeable]

Bootstrap the container before your boot the compose services.

# this is untested.
$ docker run -d --name bootstrap-postgres \
    -e POSTGRES_USER=mastodon \
    -e POSTGRES_PASSWORD=ThePasswordYouWannaUseHere \
    -e POSTGRES_DB=mastodonDB \
    -v ./postgres:/var/lib/postgresql/data postgres:9.6-alpine

[ClearlyClaire]

I mean, the current PR seems fine, with corresponding documentation to change that password.

[shleeable]

hey, if you're going to hardcode the password. Can you add the username and db values as well?

    environment:
      POSTGRES_USER: "mastodon"
      POSTGRES_PASSWORD: "ThePasswordYouWannaUseHere"
      POSTGRES_DB: "mastodonDB"

[ClearlyClaire]

Why? The setup tasks etc. default to db and postgres, not mastodonDB and mastodon

EDIT: postgres and postgres, sorry

[shleeable]

db is the hostname, not the database/schema name.
the default values are postgres for username and database.

If you wanted to keep the current defaults from https://github.com/tootsuite/mastodon/blob/9b7e3b4774d47c184aa759364d41f40e0cdfa210/lib/tasks/mastodon.rake#L43-64

    environment:
      POSTGRES_USER: "mastodon"
      POSTGRES_PASSWORD: "ThePasswordYouWannaUseHere"
      POSTGRES_DB: "mastodon_production"

then you could remove those conditions on using_docker

edit: infact, I'd like to request that change.

[ClearlyClaire]

If you wanted to keep the current defaults from https://github.com/tootsuite/mastodon/blob/9b7e3b4774d47c184aa759364d41f40e0cdfa210/lib/tasks/mastodon.rake#L43-64

This uses postgres and postgres as default when using docker. Sure, I guess we could change that. My only worry is that it could cause confusion for existing installs.

[shleeable]

1. thinking on it. I dislike the idea of hardcoding the password in the docker-compose.
   why add the password in plaintext in another location? plus because that value is only used once and isn't required after the container is bootstrapped. and I'll delete it every time and get merge conflicts every update.

I vote you don't merge this.

2. Would you all be happy If I just write some documentation and record the installation process using asciinema? end to end?

[ClearlyClaire]

yeah properly documenting it seems like a good plan, it'd just have been good if less documentation and user steps were needed

[shleeable]

@ThibG almost completed draft mastodon/documentation#778

[shleeable]

@progval please close this. I'll keep the docker documentation updated soon