search

Peppermint-Lab / peppermint

An open source ticket management & help desk solution. A zendesk/freshdesk alternative
https://peppermint.sh
Other
1.95k stars 205 forks source link

Weird issue in Podman using Podman Compose - Wrong user name and failed authentication #225

Open luckylinux opened 8 months ago

luckylinux commented 8 months ago

I am a bit confused with what I am seeing to be honest.

For some reason, although the SECRET credentials specify user "peppermint" and database "peppermint", I see in the logs that "authentication failed for user pepppermint". There is one extra "p". Yeah it's also making my eyes roll ...

This is my compose.yml file

version: "3.1"

services:
  peppermint_postgres:
    container_name: peppermint_postgres
    image: postgres:latest
    restart: always
    ports:
      - 5432:5432
    networks:
    volumes:
#      - ~/data/peppermint/:/var/lib/postgresql/data
      - peppermint_pgdata:/var/lib/postgresql/data
    environment:
#    - POSTGRES_USER: peppermint
#    - POSTGRES_PASSWORD: 1234
#    - POSTGRES_DB: peppermint
     - POSTGRES_USER_FILE=/run/secrets/POSTGRES_USER
     - POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD
     - POSTGRES_DB_FILE=/run/secrets/POSTGRES_DB

    secrets:
      - POSTGRES_USER
      - POSTGRES_PASSWORD
      - POSTGRES_DB

  peppermint:
    container_name: peppermint
    image: pepperlabs/peppermint:latest
    ports:
      - 3000:3000
      - 5001:5003
    networks:
      - traefik
    restart: always
    depends_on:
      - peppermint_postgres
    healthcheck:
      test: ["CMD", "sh", "-c", "wget --spider $$API_URL"]
      interval: 30s
      timeout: 10s
      retries: 3
    environment:
#    - DB_USERNAME: "peppermint"
#    - DB_PASSWORD: "1234"
#    - DB_HOST: "peppermint_postgres"
      - DB_USERNAME_FILE=/run/secrets/POSTGRES_USER
      - DB_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD
#      - DB_HOST_FILE=/run/secrets/POSTGRES_HOST
      - DB_HOST=peppermint_postgres
      - SECRET_FILE=/run/secrets/SECRET

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.peppermint-router.rule=Host(`peppermint.MYDOMAIN.TLD`)"
      - "traefik.http.services.peppermint-service.loadbalancer.server.port=3000"
      - "traefik.docker.network=traefik"

    secrets:
#      - POSTGRES_HOST
      - POSTGRES_USER
      - POSTGRES_PASSWORD
      - SECRET

volumes:
  peppermint_pgdata:

networks:
  traefik:
    external: true

secrets:
  POSTGRES_USER:
    file: ~/secrets/peppermint/POSTGRES_USER
  POSTGRES_DB:
    file: ~/secrets/peppermint/POSTGRES_DB
  POSTGRES_PASSWORD:
    file: ~/secrets/peppermint/POSTGRES_PASSWORD
  POSTGRES_HOST:
    file: ~/secrets/peppermint/POSTGRES_HOST
  SECRET:
    file: ~/secrets/peppermint/SECRET

Logs from PostgreSQL

The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /var/lib/postgresql/data ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok

Success. You can now start the database server using:

    pg_ctl -D /var/lib/postgresql/data -l logfile start

initdb: warning: enabling "trust" authentication for local connections
initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb.
waiting for server to start....2024-02-02 16:12:58.892 UTC [43] LOG:  starting PostgreSQL 16.1 (Debian 16.1-1.pgdg120+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit
2024-02-02 16:12:58.899 UTC [43] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2024-02-02 16:12:58.908 UTC [46] LOG:  database system was shut down at 2024-02-02 16:12:57 UTC
2024-02-02 16:12:58.915 UTC [43] LOG:  database system is ready to accept connections
 done
server started
CREATE DATABASE

/usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*

2024-02-02 16:12:59.150 UTC [43] LOG:  received fast shutdown request
waiting for server to shut down....2024-02-02 16:12:59.152 UTC [43] LOG:  aborting any active transactions
2024-02-02 16:12:59.157 UTC [43] LOG:  background worker "logical replication launcher" (PID 49) exited with exit code 1
2024-02-02 16:12:59.157 UTC [44] LOG:  shutting down
2024-02-02 16:12:59.160 UTC [44] LOG:  checkpoint starting: shutdown immediate
2024-02-02 16:12:59.721 UTC [44] LOG:  checkpoint complete: wrote 923 buffers (5.6%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.009 s, sync=0.542 s, total=0.564 s; sync files=301, longest=0.020 s, average=0.002 s; distance=4257 kB, estimate=4257 kB; lsn=0/1913078, redo lsn=0/1913078
2024-02-02 16:12:59.728 UTC [43] LOG:  database system is shut down
 done
server stopped

PostgreSQL init process complete; ready for start up.

2024-02-02 16:12:59.805 UTC [1] LOG:  starting PostgreSQL 16.1 (Debian 16.1-1.pgdg120+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit
2024-02-02 16:12:59.805 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
2024-02-02 16:12:59.805 UTC [1] LOG:  listening on IPv6 address "::", port 5432
2024-02-02 16:12:59.811 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2024-02-02 16:12:59.818 UTC [59] LOG:  database system was shut down at 2024-02-02 16:12:59 UTC
2024-02-02 16:12:59.825 UTC [1] LOG:  database system is ready to accept connections
2024-02-02 16:13:00.205 UTC [63] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:13:00.205 UTC [63] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:13:04.500 UTC [64] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:13:04.500 UTC [64] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:13:08.826 UTC [65] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:13:08.826 UTC [65] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:13:13.064 UTC [66] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:13:13.064 UTC [66] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:13:17.323 UTC [67] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:13:17.323 UTC [67] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:13:21.573 UTC [68] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:13:21.573 UTC [68] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:13:25.847 UTC [69] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:13:25.847 UTC [69] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:13:30.106 UTC [71] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:13:30.106 UTC [71] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:13:34.434 UTC [72] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:13:34.434 UTC [72] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:13:39.148 UTC [73] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:13:39.148 UTC [73] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:13:44.005 UTC [74] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:13:44.005 UTC [74] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:13:48.568 UTC [75] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:13:48.568 UTC [75] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:13:52.837 UTC [76] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:13:52.837 UTC [76] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:13:57.120 UTC [77] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:13:57.120 UTC [77] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:14:01.464 UTC [79] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:14:01.464 UTC [79] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:14:05.750 UTC [80] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:14:05.750 UTC [80] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:14:09.987 UTC [81] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:14:09.987 UTC [81] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:14:14.239 UTC [82] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:14:14.239 UTC [82] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:14:18.526 UTC [85] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:14:18.526 UTC [85] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:14:22.882 UTC [86] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:14:22.882 UTC [86] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"
2024-02-02 16:14:27.155 UTC [87] FATAL:  password authentication failed for user "pepppermint"
2024-02-02 16:14:27.155 UTC [87] DETAIL:  Role "pepppermint" does not exist.
    Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 128: "host all all all scram-sha-256"

And Peppermint

2024-02-02T16:12:58: PM2 log: Launching in no daemon mode
2024-02-02T16:12:58: PM2 log: App [client:0] starting in -fork mode-
2024-02-02T16:12:58: PM2 log: App [api:1] starting in -fork mode-
2024-02-02T16:12:58: PM2 log: App [client:0] online
2024-02-02T16:12:58: PM2 log: App [api:1] online
> client@1.0.0 start
> next start
Error: Command failed: npx prisma migrate deploy
Error: P1000: Authentication failed against database server at `peppermint_postgres`, the provided database credentials for `pepppermint` are not valid.
Please make sure to provide valid database credentials for the database server at `peppermint_postgres`.
Environment variables loaded from .env
Prisma schema loaded from src/prisma/schema.prisma
Datasource "db": PostgreSQL database "peppermint", schema "public" at "peppermint_postgres:5432"
    at ChildProcess.exithandler (node:child_process:422:12)
    at ChildProcess.emit (node:events:514:28)
    at maybeClose (node:internal/child_process:1105:16)
    at ChildProcess._handle.onexit (node:internal/child_process:305:5) {
  code: 1,
  killed: false,
  signal: null,
  cmd: 'npx prisma migrate deploy'
}
Error: P1000: Authentication failed against database server at `peppermint_postgres`, the provided database credentials for `pepppermint` are not valid.
Please make sure to provide valid database credentials for the database server at `peppermint_postgres`.
2024-02-02T16:13:00: PM2 log: App [api:1] exited with code [1] via signal [SIGINT]
  ▲ Next.js 13.5.6
  - Local:        http://localhost:3000
 ✓ Ready in 1645ms
2024-02-02T16:13:03: PM2 log: App [api:1] starting in -fork mode-
2024-02-02T16:13:03: PM2 log: App [api:1] online
Error: Command failed: npx prisma migrate deploy
Error: P1000: Authentication failed against database server at `peppermint_postgres`, the provided database credentials for `pepppermint` are not valid.
Please make sure to provide valid database credentials for the database server at `peppermint_postgres`.
    at ChildProcess.exithandler (node:child_process:422:12)
    at ChildProcess.emit (node:events:514:28)
    at maybeClose (node:internal/child_process:1105:16)
    at ChildProcess._handle.onexit (node:internal/child_process:305:5) {
  code: 1,
  killed: false,
  signal: null,
  cmd: 'npx prisma migrate deploy'
}
Error: P1000: Authentication failed against database server at `peppermint_postgres`, the provided database credentials for `pepppermint` are not valid.
Please make sure to provide valid database credentials for the database server at `peppermint_postgres`.
Environment variables loaded from .env
Prisma schema loaded from src/prisma/schema.prisma
Datasource "db": PostgreSQL database "peppermint", schema "public" at "peppermint_postgres:5432"
2024-02-02T16:13:04: PM2 log: App [api:1] exited with code [1] via signal [SIGINT]
2024-02-02T16:13:07: PM2 log: App [api:1] starting in -fork mode-
2024-02-02T16:13:07: PM2 log: App [api:1] online
Error: Command failed: npx prisma migrate deploy
Error: P1000: Authentication failed against database server at `peppermint_postgres`, the provided database credentials for `pepppermint` are not valid.
Please make sure to provide valid database credentials for the database server at `peppermint_postgres`.
    at ChildProcess.exithandler (node:child_process:422:12)
    at ChildProcess.emit (node:events:514:28)
    at maybeClose (node:internal/child_process:1105:16)
    at ChildProcess._handle.onexit (node:internal/child_process:305:5) {
  code: 1,
  killed: false,
  signal: null,
  cmd: 'npx prisma migrate deploy'
}
Error: P1000: Authentication failed against database server at `peppermint_postgres`, the provided database credentials for `pepppermint` are not valid.
Please make sure to provide valid database credentials for the database server at `peppermint_postgres`.
Environment variables loaded from .env
Prisma schema loaded from src/prisma/schema.prisma
Datasource "db": PostgreSQL database "peppermint", schema "public" at "peppermint_postgres:5432"
2024-02-02T16:13:08: PM2 log: App [api:1] exited with code [1] via signal [SIGINT]
2024-02-02T16:13:11: PM2 log: App [api:1] starting in -fork mode-
2024-02-02T16:13:11: PM2 log: App [api:1] online
Error: Command failed: npx prisma migrate deploy
Error: P1000: Authentication failed against database server at `peppermint_postgres`, the provided database credentials for `pepppermint` are not valid.
Please make sure to provide valid database credentials for the database server at `peppermint_postgres`.
    at ChildProcess.exithandler (node:child_process:422:12)
    at ChildProcess.emit (node:events:514:28)
    at maybeClose (node:internal/child_process:1105:16)
    at ChildProcess._handle.onexit (node:internal/child_process:305:5) {
  code: 1,
  killed: false,
  signal: null,
  cmd: 'npx prisma migrate deploy'
}
Error: P1000: Authentication failed against database server at `peppermint_postgres`, the provided database credentials for `pepppermint` are not valid.
Please make sure to provide valid database credentials for the database server at `peppermint_postgres`.
Environment variables loaded from .env
Prisma schema loaded from src/prisma/schema.prisma
Datasource "db": PostgreSQL database "peppermint", schema "public" at "peppermint_postgres:5432"
2024-02-02T16:13:13: PM2 log: App [api:1] exited with code [1] via signal [SIGINT]
2024-02-02T16:13:16: PM2 log: App [api:1] starting in -fork mode-
2024-02-02T16:13:16: PM2 log: App [api:1] online
Error: Command failed: npx prisma migrate deploy
Error: P1000: Authentication failed against database server at `peppermint_postgres`, the provided database credentials for `pepppermint` are not valid.
Please make sure to provide valid database credentials for the database server at `peppermint_postgres`.
    at ChildProcess.exithandler (node:child_process:422:12)
    at ChildProcess.emit (node:events:514:28)
    at maybeClose (node:internal/child_process:1105:16)
    at ChildProcess._handle.onexit (node:internal/child_process:305:5) {
  code: 1,
  killed: false,
  signal: null,
  cmd: 'npx prisma migrate deploy'
}
potts99 commented 7 months ago

hmm never used podman myself, will do some testing

luckylinux commented 7 months ago

In case you need help setting it up, consider having a look at https://github.com/luckylinux/podman-tools (especially setup_podman_debian.sh but look at it before running it, default arguments might not work for you).

I tried to consolidate my local scripts but there are surely still some bugs in it.

Rootless podman requires some config (and with ZFS using Podman 4.3.1 which is on Debian Bookworm won't work - need to use APT pinning from Testing/Trixie Repositories - see upgrade_debian_podman_to_testing.sh).

There is apparently also a hard/soft limit on number of open files, see https://github.com/containers/podman/issues/5526#issuecomment-1440363593.

Yeah lots of things to think about. But I'm sure also Rootless Docker has its own set of issues ...

potts99 commented 7 months ago

thank you @luckylinux, always good to have different deployment solutions