[bitnami/postgresql] container crashes when starting for the first time if you use a custom pg_hba.conf

[sss-ng]

Name and Version

bitnami/postgres:15.3.0, 15.0, 14.0, 13.0, 12.0 (probably others too)

What architecture are you using?

amd64

What steps will reproduce the bug?

The goal is to be able to use a custom pg_hba.conf when doing a docker-compose up for the first time. However, it seems that this is not possible for version 15.3, 15.0, 14.0, 13.0, 12.0, etc.
Maybe this is by design? I'm not a postgres expert, but it seems like something you should be able to do.

Here is my setup:

./docker-compose.yml:

---
services:
  postgresql:
    image: docker.io/bitnami/postgresql:15.3.0
    ports:
      - 5432:5432
    volumes:
      - "./pg_hba.conf:/bitnami/postgresql/conf/pg_hba.conf"
    environment:
      POSTGRES_USER: myuser
      POSTGRES_PASSWORD: mypass
      POSTGRES_DATABASE: mydb
      POSTGRES_POSTGRES_PASSWORD: root      ### Note, I tried it with and without this line

./pg_hba.conf:
Note: this is the same as the one that the scripts generate if there is none given

host     all             all             0.0.0.0/0               md5
host     all             all             ::/0                    md5
local    all             all                                     md5
host     all             all        127.0.0.1/32                 md5
host     all             all        ::1/128                      md5

The attempt:

bill@comp:/tmp/bitnami$ docker-compose down -v # just to make sure we are starting fresh
bill@comp:/tmp/bitnami$ sudo chmod 777 pg_hba.conf
bill@comp:/tmp/bitnami$ docker-compose up

[+] Building 0.0s (0/0)                                                                                  
[+] Running 2/2
 ✔ Network bitnami_default         Created                                                          0.0s 
 ✔ Container bitnami-postgresql-1  Created                                                          0.1s 
Attaching to bitnami-postgresql-1
bitnami-postgresql-1  | postgresql 22:16:21.27 
bitnami-postgresql-1  | postgresql 22:16:21.28 Welcome to the Bitnami postgresql container
bitnami-postgresql-1  | postgresql 22:16:21.28 Subscribe to project updates by watching https://github.com/bitnami/containers
bitnami-postgresql-1  | postgresql 22:16:21.28 Submit issues and feature requests at https://github.com/bitnami/containers/issues
bitnami-postgresql-1  | postgresql 22:16:21.29 
bitnami-postgresql-1  | postgresql 22:16:21.30 INFO  ==> ** Starting PostgreSQL setup **
bitnami-postgresql-1  | postgresql 22:16:21.33 INFO  ==> Validating settings in POSTGRESQL_* env vars..
bitnami-postgresql-1  | postgresql 22:16:21.34 INFO  ==> Loading custom pre-init scripts...
bitnami-postgresql-1  | postgresql 22:16:21.35 INFO  ==> Initializing PostgreSQL database...
bitnami-postgresql-1  | postgresql 22:16:21.36 INFO  ==> Custom configuration /opt/bitnami/postgresql/conf/pg_hba.conf detected
bitnami-postgresql-1  | postgresql 22:16:22.14 INFO  ==> Starting PostgreSQL in background...
bitnami-postgresql-1  | postgresql 22:16:22.30 INFO  ==> Stopping PostgreSQL...
bitnami-postgresql-1  | waiting for server to shut down.... done
bitnami-postgresql-1  | server stopped
bitnami-postgresql-1 exited with code 2

What is the expected behavior?

The container should come up configured with the given pg_hba.conf

Additional information

I exec-ed into the container, and I think one of the scripts is failing because it's asking the user to enter a password. Steps to see that below. It doesnt do that if I dont mount a pg_hba.conf

bill@comp:/tmp/bitnami$ docker exec -it bitnami-postgresql-1 bash

I have no name!@348e48dc59f1:/$ /opt/bitnami/scripts/postgresql/entrypoint.sh /opt/bitnami/scripts/postgresql/run.sh 
postgresql 22:33:35.50 
postgresql 22:33:35.51 Welcome to the Bitnami postgresql container
postgresql 22:33:35.51 Subscribe to project updates by watching https://github.com/bitnami/containers
postgresql 22:33:35.52 Submit issues and feature requests at https://github.com/bitnami/containers/issues
postgresql 22:33:35.52 
postgresql 22:33:35.55 INFO  ==> ** Starting PostgreSQL setup **
postgresql 22:33:35.57 INFO  ==> Validating settings in POSTGRESQL_* env vars..
postgresql 22:33:35.58 INFO  ==> Loading custom pre-init scripts...
postgresql 22:33:35.59 INFO  ==> Initializing PostgreSQL database...
postgresql 22:33:35.60 INFO  ==> Custom configuration /opt/bitnami/postgresql/conf/pg_hba.conf detected
postgresql 22:33:36.48 INFO  ==> Starting PostgreSQL in background...
Password for user postgres: 

To do this, I override the entrypoint with a sleep:

---
services:
  postgresql:
    image: docker.io/bitnami/postgresql:15.3.0
    entrypoint: ["sleep"]
    command: ["600"]
    ports:
      - 5432:5432
    volumes:
      - "./pg_hba.conf:/bitnami/postgresql/conf/pg_hba.conf"
    environment:
      POSTGRES_USER: myuser
      POSTGRES_PASSWORD: mypass
      POSTGRES_DATABASE: mydb
      # POSTGRES_POSTGRES_PASSWORD: root

[sss-ng]

Here are the debug logs:

bill@comp:/tmp/bitnami$ docker-compose up
[+] Building 0.0s (0/0)                                                                                                                                                                                       
[+] Running 2/2
 ✔ Network bitnami_default         Created                                                                                                                                                               0.0s 
 ✔ Container bitnami-postgresql-1  Created                                                                                                                                                               0.1s 
Attaching to bitnami-postgresql-1
bitnami-postgresql-1  | postgresql 23:46:53.29 
bitnami-postgresql-1  | postgresql 23:46:53.29 Welcome to the Bitnami postgresql container
bitnami-postgresql-1  | postgresql 23:46:53.29 Subscribe to project updates by watching https://github.com/bitnami/containers
bitnami-postgresql-1  | postgresql 23:46:53.29 Submit issues and feature requests at https://github.com/bitnami/containers/issues
bitnami-postgresql-1  | postgresql 23:46:53.29 
bitnami-postgresql-1  | postgresql 23:46:53.30 DEBUG ==> Configuring libnss_wrapper...
bitnami-postgresql-1  | postgresql 23:46:53.31 INFO  ==> ** Starting PostgreSQL setup **
bitnami-postgresql-1  | postgresql 23:46:53.33 INFO  ==> Validating settings in POSTGRESQL_* env vars..
bitnami-postgresql-1  | postgresql 23:46:53.34 INFO  ==> Loading custom pre-init scripts...
bitnami-postgresql-1  | postgresql 23:46:53.34 INFO  ==> Initializing PostgreSQL database...
bitnami-postgresql-1  | postgresql 23:46:53.35 DEBUG ==> Copying files from /bitnami/postgresql/conf to /opt/bitnami/postgresql/conf
bitnami-postgresql-1  | postgresql 23:46:53.36 INFO  ==> Custom configuration /opt/bitnami/postgresql/conf/pg_hba.conf detected
bitnami-postgresql-1  | postgresql 23:46:53.37 DEBUG ==> Ensuring expected directories/files exist...
bitnami-postgresql-1  | The files belonging to this database system will be owned by user "postgres".
bitnami-postgresql-1  | This user must also own the server process.
bitnami-postgresql-1  | 
bitnami-postgresql-1  | The database cluster will be initialized with locale "en_US.UTF-8".
bitnami-postgresql-1  | The default text search configuration will be set to "english".
bitnami-postgresql-1  | 
bitnami-postgresql-1  | Data page checksums are disabled.
bitnami-postgresql-1  | 
bitnami-postgresql-1  | fixing permissions on existing directory /bitnami/postgresql/data ... ok
bitnami-postgresql-1  | creating subdirectories ... ok
bitnami-postgresql-1  | selecting dynamic shared memory implementation ... posix
bitnami-postgresql-1  | selecting default max_connections ... 100
bitnami-postgresql-1  | selecting default shared_buffers ... 128MB
bitnami-postgresql-1  | selecting default time zone ... Etc/UTC
bitnami-postgresql-1  | creating configuration files ... ok
bitnami-postgresql-1  | running bootstrap script ... ok
bitnami-postgresql-1  | performing post-bootstrap initialization ... ok
bitnami-postgresql-1  | syncing data to disk ... ok
bitnami-postgresql-1  | 
bitnami-postgresql-1  | 
bitnami-postgresql-1  | Success. You can now start the database server using:
bitnami-postgresql-1  | 
bitnami-postgresql-1  |     /opt/bitnami/postgresql/bin/pg_ctl -D /bitnami/postgresql/data -l logfile start
bitnami-postgresql-1  | 
bitnami-postgresql-1  | initdb: warning: enabling "trust" authentication for local connections
bitnami-postgresql-1  | initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb.
bitnami-postgresql-1  | postgresql 23:46:54.20 INFO  ==> Starting PostgreSQL in background...
bitnami-postgresql-1  | waiting for server to start....2023-07-19 23:46:54.237 GMT [65] LOG:  starting PostgreSQL 15.3 on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
bitnami-postgresql-1  | 2023-07-19 23:46:54.238 GMT [65] LOG:  listening on IPv4 address "127.0.0.1", port 5432
bitnami-postgresql-1  | 2023-07-19 23:46:54.238 GMT [65] LOG:  could not bind IPv6 address "::1": Cannot assign requested address
bitnami-postgresql-1  | 2023-07-19 23:46:54.243 GMT [65] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
bitnami-postgresql-1  | 2023-07-19 23:46:54.251 GMT [68] LOG:  database system was shut down at 2023-07-19 23:46:53 GMT
bitnami-postgresql-1  | 2023-07-19 23:46:54.259 GMT [65] LOG:  database system is ready to accept connections
bitnami-postgresql-1  |  done
bitnami-postgresql-1  | server started
bitnami-postgresql-1  | 2023-07-19 23:46:54.326 GMT [73] FATAL:  password authentication failed for user "postgres"
bitnami-postgresql-1  | 2023-07-19 23:46:54.326 GMT [73] DETAIL:  User "postgres" has no password assigned.
bitnami-postgresql-1  |         Connection matched pg_hba.conf line 3: "local    all             all                                     md5"
bitnami-postgresql-1  | 2023-07-19 23:46:54.327 GMT [73] LOG:  could not send data to client: Broken pipe
bitnami-postgresql-1  | Password for user postgres: 
bitnami-postgresql-1  | 2023-07-19 23:46:54.342 GMT [77] FATAL:  password authentication failed for user "postgres"
bitnami-postgresql-1  | 2023-07-19 23:46:54.342 GMT [77] DETAIL:  User "postgres" has no password assigned.
bitnami-postgresql-1  |         Connection matched pg_hba.conf line 3: "local    all             all                                     md5"
bitnami-postgresql-1  | 2023-07-19 23:46:54.342 GMT [77] LOG:  could not send data to client: Broken pipe
bitnami-postgresql-1  | 2023-07-19 23:46:54.359 GMT [78] FATAL:  password authentication failed for user "postgres"
bitnami-postgresql-1  | 2023-07-19 23:46:54.359 GMT [78] DETAIL:  User "postgres" has no password assigned.
bitnami-postgresql-1  |         Connection matched pg_hba.conf line 3: "local    all             all                                     md5"
bitnami-postgresql-1  | psql: error: connection to server on socket "/tmp/.s.PGSQL.5432" failed: FATAL:  password authentication failed for user "postgres"
bitnami-postgresql-1  | postgresql 23:46:54.36 INFO  ==> Stopping PostgreSQL...
bitnami-postgresql-1  | waiting for server to shut down....2023-07-19 23:46:54.374 GMT [65] LOG:  received fast shutdown request
bitnami-postgresql-1  | 2023-07-19 23:46:54.377 GMT [65] LOG:  aborting any active transactions
bitnami-postgresql-1  | 2023-07-19 23:46:54.383 GMT [65] LOG:  background worker "logical replication launcher" (PID 71) exited with exit code 1
bitnami-postgresql-1  | 2023-07-19 23:46:54.385 GMT [66] LOG:  shutting down
bitnami-postgresql-1  | 2023-07-19 23:46:54.391 GMT [66] LOG:  checkpoint starting: shutdown immediate
bitnami-postgresql-1  | 2023-07-19 23:46:54.420 GMT [66] LOG:  checkpoint complete: wrote 3 buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.007 s, sync=0.003 s, total=0.035 s; sync files=2, longest=0.002 s, average=0.002 s; distance=0 kB, estimate=0 kB
bitnami-postgresql-1  | 2023-07-19 23:46:54.427 GMT [65] LOG:  database system is shut down
bitnami-postgresql-1  |  done
bitnami-postgresql-1  | server stopped
bitnami-postgresql-1 exited with code 2

[sss-ng]

After doing some more research, it seems that the function failing is postgresql_create_custom_database on this line:

containers/bitnami/postgresql/15/debian-11/rootfs/opt/bitnami/scripts/libpostgresql.sh

Line 640 in b0b0239

[[ -n "${POSTGRESQL_DATABASE}" ]] && [[ "$POSTGRESQL_DATABASE" != "postgres" ]] && postgresql_create_custom_database

So, I guess in my case the pg_hba.conf file requires login via an md5 password, but the postgres user doesnt have a password yet.

I think a potential workaround would be to always (whether pg_hba.conf is mounted or not) generate initial 'trust' pg_hba.conf, use that through the setup phase, then change the server to use the mounted pg_hba.conf file.

Not sure what your thoughts are on this

[sss-ng]

I think the following demonstrates a potential workaround (use POSTGRES_EXTRA_FLAGS to set the location of the pg_hba.conf file, and mount it somewhere that postgres isn't looking by default):

docker run --name some-postgres  \
-e POSTGRES_USERNAME=bill \
-e POSTGRES_PASSWORD=mysecretpassword \
-e POSTGRES_POSTGRES_PASSWORD=root \
-e POSTGRESQL_EXTRA_FLAGS='hba_file=/tmp/pg_hba.conf'   \
      -v ./pg_hba.conf:/tmp/pg_hba.conf  \
      -p 54321:5432    \
      bitnami/postgresql:15                                    


postgresql 01:25:56.99                                                                                                                         
postgresql 01:25:56.99 Welcome to the Bitnami postgresql container                                                                             
postgresql 01:25:56.99 Subscribe to project updates by watching https://github.com/bitnami/containers                                          
postgresql 01:25:57.00 Submit issues and feature requests at https://github.com/bitnami/containers/issues                                      
postgresql 01:25:57.00                                                                                                                         
postgresql 01:25:57.04 INFO  ==> ** Starting PostgreSQL setup **                                                                               
postgresql 01:25:57.10 INFO  ==> Validating settings in POSTGRESQL_* env vars..                                                                
postgresql 01:25:57.12 INFO  ==> Loading custom pre-init scripts...                                                                            
postgresql 01:25:57.13 INFO  ==> Initializing PostgreSQL database...                                                                           
postgresql 01:25:57.16 INFO  ==> pg_hba.conf file not detected. Generating it...                                                               
postgresql 01:25:57.16 INFO  ==> Generating local authentication configuration                                                                 
postgresql 01:25:58.62 INFO  ==> Starting PostgreSQL in background...                                                                                                       
postgresql 01:25:58.77 INFO  ==> Changing password of postgres                                                                                 
postgresql 01:25:58.80 INFO  ==> Creating user bill                                                                                             
postgresql 01:25:58.84 INFO  ==> Granting access to "bill" to the database "postgres"                                                          
postgresql 01:25:58.88 INFO  ==> Setting ownership for the 'public' schema database "postgres" to "bill"                                          
postgresql 01:25:58.92 INFO  ==> Configuring replication parameters                                                                            
postgresql 01:25:58.97 INFO  ==> Configuring synchronous_replication                                                                                
postgresql 01:25:58.98 INFO  ==> Configuring fsync                                                                                                      
postgresql 01:25:59.02 INFO  ==> Stopping PostgreSQL...                                                                                           
waiting for server to shut down.... done                                                                                                          
server stopped                                                                                                                                                     
postgresql 01:25:59.14 INFO  ==> Loading custom scripts...                                                                                          
postgresql 01:25:59.14 INFO  ==> Enabling remote connections                                                                                                               
postgresql 01:25:59.16 INFO  ==> ** PostgreSQL setup finished! **                                                                                                           
                                                                                                                                                                             
postgresql 01:25:59.20 INFO  ==> ** Starting PostgreSQL **                                                                                        
2023-07-21 01:25:59.226 GMT [1] LOG:  pgaudit extension initialized                                                                               
2023-07-21 01:25:59.243 GMT [1] LOG:  starting PostgreSQL 15.3 on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit    
2023-07-21 01:25:59.243 GMT [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432                                                                    
2023-07-21 01:25:59.243 GMT [1] LOG:  listening on IPv6 address "::", port 5432                                                                         
2023-07-21 01:25:59.247 GMT [1] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"                                                                        
2023-07-21 01:25:59.253 GMT [141] LOG:  database system was shut down at 2023-07-21 01:25:59 GMT                                                                   
2023-07-21 01:25:59.261 GMT [1] LOG:  database system is ready to accept connections      

[github-actions]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[corico44]

Thank you @sss-ng. I understand that finally with the workaround it has worked. Thanks for the contribution.

[sss-ng]

I think that this issue needs a comment in the documentation at minimum. If you support me fixing the bug as described before I'd be glad to do that as well @corico44

[corico44]

@sss-ng We encourage you to open a PR and we will be happy to review it!

[github-actions]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[github-actions]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

[sss-ng]

Reopen

[siddjellali]

reopen please

[MaxwellDAssistek]

Stale bot strikes again. This is still an ongoing issue that was never resolved. @carrodher