search

linuxserver / docker-netbox

GNU General Public License v3.0
79 stars 17 forks source link

Docker secrets not recognized #21

Closed jchue closed 3 years ago

jchue commented 3 years ago

linuxserver.io

Expected Behavior

Should be able to prepend FILE__ to an environment variable to derive it from a file (i.e., for Docker secrets). The container should pick up the contents and set the environment variable at runtime. I am currently using this for the Postgres password.

Current Behavior

Authentication with Postgres fails during initial migration steps and Netbox fails to start up.

Steps to Reproduce

  1. Create docker-compose.yml file with secrets attached to both the Netbox and the Postgres containers.
  2. Run docker-compose up.

Environment

OS: Ubuntu 20.04.2 LTS CPU architecture: x86_64 How docker service was installed: Official Docker repo - sudo apt-get install docker-ce docker-ce-cli containerd.io - Steps here

Command used to create docker container (run/create/compose/screenshot)

docker-compose.yml
---
version: "3.8"

services:
  netbox:
    image: ghcr.io/linuxserver/netbox
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - SUPERUSER_EMAIL=${SUPERUSER_EMAIL}
      - SUPERUSER_PASSWORD=${SUPERUSER_PASSWORD}
      - ALLOWED_HOST=${ALLOWED_HOST}
      - DB_HOST=postgres
      - DB_PORT=5432
      - DB_NAME=${POSTGRES_DB}
      - DB_USER=${POSTGRES_USER}
      - FILE__DB_PASSWORD=/run/secrets/postgres_password
      - REDIS_HOST=redis
    volumes:
      - ./config/:/config/
    ports:
      - ${NETBOX_HOST_PORT}:8000
    secrets:
      - postgres_password
    restart: unless-stopped

  postgres:
    image: postgres:12
    environment:
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
    volumes:
      - ./dbdata/:/var/lib/postgresql/data/
    secrets:
      - postgres_password
    restart: unless-stopped

  adminer:
    image: adminer
    ports:
      - ${ADMINER_HOST_PORT}:8080

  redis:
    image: redis
    restart: unless-stopped

secrets:
  postgres_password:
    file: postgres_password.secret

Docker logs

nodename: cda99b4ffee0,
machine: x86_64,
clock source: unix,
pcre jit disabled,
detected number of CPU cores: 2,
current working directory: /app/netbox/netbox,
detected binary path: /usr/sbin/uwsgi,
your memory page size is 4096 bytes,
detected max file descriptor number: 1048576,
building mime-types dictionary from file /etc/mime.types...1293 entry found,
lock engine: pthread robust mutexes,
thunder lock: disabled (you can enable it with --thunder-lock),
uwsgi socket 0 bound to TCP address :8000 fd 3,
Python version: 3.8.10 (default, May  6 2021, 06:30:44)  [GCC 9.3.0],
[services.d] done.,
Python main interpreter initialized at 0x55716d9ceb60,
python threads support enabled,
your server socket listen backlog is limited to 100 connections,
your mercy for graceful operations on workers is 60 seconds,
mapped 145840 bytes (142 KB) for 1 cores,
*** Operational MODE: single process ***,
running "exec:/usr/bin/python3 ./manage.py collectstatic --noinput" (pre app)...,
,
957 static files copied to '/app/netbox/netbox/static'.,
running "exec:/usr/bin/python3 ./manage.py remove_stale_contenttypes --no-input" (pre app)...,
Traceback (most recent call last):,
  File "/usr/lib/python3.8/site-packages/django/db/backends/base/base.py", line 219, in ensure_connection,
    self.connect(),
  File "/usr/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner,
    return func(*args, **kwargs),
  File "/usr/lib/python3.8/site-packages/django/db/backends/base/base.py", line 200, in connect,
    self.connection = self.get_new_connection(conn_params),
  File "/usr/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner,
    return func(*args, **kwargs),
  File "/usr/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 187, in get_new_connection,
    connection = Database.connect(**conn_params),
  File "/usr/lib/python3.8/site-packages/psycopg2/__init__.py", line 122, in connect,
    conn = _connect(dsn, connection_factory=connection_factory, **kwasync),
psycopg2.OperationalError: FATAL:  password authentication failed for user "netbox",
,
,
The above exception was the direct cause of the following exception:,
,
Traceback (most recent call last):,
  File "./manage.py", line 10, in <module>,
    execute_from_command_line(sys.argv),
  File "/usr/lib/python3.8/site-packages/django/core/management/__init__.py", line 419, in execute_from_command_line,
    utility.execute(),
  File "/usr/lib/python3.8/site-packages/django/core/management/__init__.py", line 413, in execute,
    self.fetch_command(subcommand).run_from_argv(self.argv),
  File "/usr/lib/python3.8/site-packages/django/core/management/base.py", line 354, in run_from_argv,
    self.execute(*args, **cmd_options),
  File "/usr/lib/python3.8/site-packages/django/core/management/base.py", line 398, in execute,
    output = self.handle(*args, **options),
  File "/usr/lib/python3.8/site-packages/django/contrib/contenttypes/management/commands/remove_stale_contenttypes.py", line 39, in handle,
    apps_content_types = itertools.groupby(,
  File "/usr/lib/python3.8/site-packages/django/db/models/query.py", line 280, in __iter__,
    self._fetch_all(),
  File "/usr/lib/python3.8/site-packages/cacheops/query.py", line 271, in _fetch_all,
    return self._no_monkey._fetch_all(self),
  File "/usr/lib/python3.8/site-packages/django/db/models/query.py", line 1324, in _fetch_all,
    self._result_cache = list(self._iterable_class(self)),
  File "/usr/lib/python3.8/site-packages/django/db/models/query.py", line 51, in __iter__,
    results = compiler.execute_sql(chunked_fetch=self.chunked_fetch, chunk_size=self.chunk_size),
  File "/usr/lib/python3.8/site-packages/django/db/models/sql/compiler.py", line 1173, in execute_sql,
    cursor = self.connection.cursor(),
  File "/usr/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner,
    return func(*args, **kwargs),
  File "/usr/lib/python3.8/site-packages/django/db/backends/base/base.py", line 259, in cursor,
    return self._cursor(),
  File "/usr/lib/python3.8/site-packages/django/db/backends/base/base.py", line 235, in _cursor,
    self.ensure_connection(),
  File "/usr/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner,
    return func(*args, **kwargs),
  File "/usr/lib/python3.8/site-packages/django/db/backends/base/base.py", line 219, in ensure_connection,
    self.connect(),
  File "/usr/lib/python3.8/site-packages/django/db/utils.py", line 90, in __exit__,
    raise dj_exc_value.with_traceback(traceback) from exc_value,
  File "/usr/lib/python3.8/site-packages/django/db/backends/base/base.py", line 219, in ensure_connection,
    self.connect(),
  File "/usr/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner,
    return func(*args, **kwargs),
  File "/usr/lib/python3.8/site-packages/django/db/backends/base/base.py", line 200, in connect,
    self.connection = self.get_new_connection(conn_params),
  File "/usr/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner,
    return func(*args, **kwargs),
  File "/usr/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 187, in get_new_connection,
    connection = Database.connect(**conn_params),
  File "/usr/lib/python3.8/site-packages/psycopg2/__init__.py", line 122, in connect,
    conn = _connect(dsn, connection_factory=connection_factory, **kwasync),
django.db.utils.OperationalError: FATAL:  password authentication failed for user "netbox",
,
command "/usr/bin/python3 ./manage.py remove_stale_contenttypes --no-input" exited with non-zero code: 1,
Tue Jun 29 16:12:17 2021 - FATAL hook failed, destroying instance,
SIGINT/SIGQUIT received...killing workers...,
WSGI app 0 (mountpoint='') ready in 1 seconds on interpreter 0x55716d9ceb60 pid: 286 (default app),
*** uWSGI is running in multiple interpreter mode ***,
spawned uWSGI master process (pid: 286),
spawned uWSGI worker 1 (pid: 310, cores: 1),
[uwsgi-daemons] spawning "/usr/bin/python3 ./manage.py rqworker" (uid: 1004 gid: 1001)
github-actions[bot] commented 3 years ago

Thanks for opening your first issue here! Be sure to follow the bug or feature issue templates!

aptalca commented 3 years ago

I'm gonna venture a guess that your password file contains a trailing newline

jchue commented 3 years ago

@aptalca Thanks for the quick response. No, I don't think so.

Screenshot 2021-06-29 at 17-55-54 Portainer primary

I'm also able to authenticate via Adminer.

aptalca commented 3 years ago

That shows a trailing newline. You want the next line starting with root on the same line as the password with no break.

Follow the instructions on the docker docs for creating docker secrets.

jchue commented 3 years ago

Ah, you're right. Sorry about that, and thanks.

printf "password" > postgres_password.secret works.