tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 9 Pull requests Releases Activity

Postgres containers fail from a clean state #42

New issue
Closed
opened 2021-05-16 02:08:53 +01:00 by tlater · 2 comments
tlater commented 2021-05-16 02:08:53 +01:00
Owner
Copy link

This is because we're now relying on the trust auth-method for localhost in the pod network namespace. This should be ok because only the container that is supposed to connect to it can network to it; safe for kernel bugs of course.

This means that we can now un-set POSTGRES_PASSWORD, however, doing so results in postgres failing on loop. This is because it wants a password to be defined for the super user, even if it is not actually used (because the default config does allow trust networking on localhost even if a password is set...).

Instead, we should configure the auth methods to only allow logins from localhost at all, and disallow anything else, regardless of password use.

See docs here.

This is because we're now relying on the `trust` auth-method for localhost in the pod network namespace. This should be ok because only the container that is supposed to connect to it can network to it; safe for kernel bugs of course. This means that we can now un-set `POSTGRES_PASSWORD`, however, doing so results in postgres failing on loop. This is because it wants *a* password to be defined for the super user, even if it is not actually used (because the default config does allow trust networking on localhost even if a password is set...). Instead, we should configure the auth methods to only allow logins from localhost at all, and disallow anything else, regardless of password use. See docs [here](https://hub.docker.com/_/postgres).
tlater added the
important
 label 2021-05-17 00:37:34 +01:00
tlater added the
Needs research
 label 2021-05-17 00:45:39 +01:00
tlater commented 2021-06-10 23:39:13 +01:00
Author
Owner
Copy link

See https://github.com/docker-library/postgres/issues/858.

See https://github.com/docker-library/postgres/issues/858.
tlater removed the
Needs research
 label 2021-06-11 00:00:17 +01:00
tlater commented 2022-10-14 06:17:58 +01:00
Author
Owner
Copy link

Resolved in #58

Resolved in #58
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
tlater/with-minecraft
tlater/nixpkgs-formatting
tlater/authelia
No results found.
Labels
Clear labels   
blocked

   
flake

   
important

Important issues

  
Needs research

   
nextcloud
No labels
blocked
flake
important
Needs research
nextcloud
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: tlaternet/tlaternet-server#42
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?