geonetwork / docker-geonetwork

Official Docker image repository for GeoNetwork
39 stars 39 forks source link

Best way to pre-set admin password #50

Open nbrinckm opened 4 years ago

nbrinckm commented 4 years ago

Hi there,

I'm a bit worried, about how the best way to set another admin password when I create a derived docker container. A lot of other docker images provide this kind of option to set those via env parameter (postgresql, wildfly, ...), but for the geonetwork I found no proper way to do this.

Is there a guideline / tutorial / pointer on how to do that?

KoalaGeo commented 4 years ago

Agree, I'm currently looking at this issue. Was thinking about using the API to change the admin password via CI/CD

nbrinckm commented 4 years ago

What I did for now was using the postgesql variant and using a script that updates the password hash in the user table (after the script waited for some minutes to make sure the db is up and running). Ugly as hell, but I fear there is no better way yet.

But you are right using an api call is a bit better

wshelley commented 4 years ago

Haha! Great minds think a like. I've been working with @KoalaGeo and ended up doing exactly the same thing! We're using kubernetes so used its healthchecks to check when the database and geonetwork are running.

# wait for geonetwork stack to become ready
kubectl wait --for=condition=ready pod --selector=app=postgres --timeout=250s
kubectl wait --for=condition=ready pod --selector=app=geonetwork --timeout=250s
sleep 20

# Update geonetwork admin password
export POD_NAME=$(kubectl get po -l "app=postgres" -o jsonpath="{.items[0].metadata.name}")
kubectl exec $POD_NAME -- psql --dbname=geonetwork --username=postgres --command="update users set password='"${GEONETWORK_ADMIN_PASSWORD_HASH}"' where name='admin';"

Only after successfully changing the password do we automatically re-enable network traffic to the container.