search

RTXteam / RTX-KG2

Build system for the RTX-KG2 biomedical knowledge graph, part of the ARAX reasoning system (https://github.com/RTXTeam/RTX)
MIT License
38 stars 8 forks source link

Remedy sporadic failures of Neo4j set initial password #29

Open kvarforl opened 3 years ago

kvarforl commented 3 years ago

From Steve, in RTXteam/RTX#1157:

OK, so there may be a bug in setup-kg2-neo4j.sh or possibly in install-neo4j.sh. At line 74 of setup-kg2-neo4j.sh, there is this code:

 sudo su - neo4j -c "neo4j-admin set-initial-password ${kg2_neo4j_password}"

which should set the database password to our "usual" Neo4j password. But for some reason, often times, it doesn't work. This is by no means the first time I've seen this issue. But in my testing in Ubuntu 18.04 inside a Docker container, I didn't see this issue, which is why I originally checked in that code at L74. So this is an odd one. Now, one thing to know about this particular command (neo4j-admin set-initial-password) is that it has a huge limitation; it only works if Neo4j has never been previously started on the system. If for some reason install-neo4j.sh starts Neo4j, or if anything/anyone starts Neo4j before neo4j-admin set-initial-password is run, then the password setting silently fails, but does not tell Bash. Sigh. @kvarforl can you please log a separate issue on this? I think the set-initial-password issue is the root cause here, and we should try to address it by fixing install-neo4j.sh or setup-kg2-neo4j.sh at some point.

saramsey commented 3 years ago

I wonder if this is due to some kind of race condition, such that in the container (maybe b/c things are slower in the container?) things work fine, but in the host OS, the race condition is tripped and the password set fails?

saramsey commented 3 years ago

Would be good to get someone other than me to try to reproduce this bug, to make sure that it is, in fact, a bug and that I am not just hallucinating this issue. But IIRC, more than one person has reported this problem (right @ericawood?). Admittedly it doesn't occur all that often since we are rarely configuring a new EC2 instance from scratch to be a new Neo4j server. It would be nice to fix this bug at some point (admittedly it is low priority) just so we can eliminate this item from the documentation: https://github.com/RTXteam/RTX/tree/master/code/kg2#authentication-error-in-tsv-to-neo4jsh

saramsey commented 3 years ago

This probably isn't the cause of this issue, but the code

sudo su - neo4j -c "neo4j-admin set-initial-password ${kg2_neo4j_password}"

is old-school Linux and should probably be changed to something like:

sudo -u neo4j neo4j-admin set-initial-password "${kg2_neo4j_password}"

see https://serverfault.com/questions/601140/whats-the-difference-between-sudo-su-postgres-and-sudo-u-postgres

saramsey commented 3 years ago

Confirmed this is still an issue, and doing sudo service neo4j restart doesn't help.