连接到docker中的postgres -compose for metabase和postgres使用机密文件作为凭证
连接到docker中的postgres -compose for metabase和postgres使用机密文件作为凭证
提问于 2021-09-28 12:47:11
我已经使用postgres启动了metabase,并使用这个docker-组合文件运行:
$ cat docker-compose.yml
version: '3.7'
services:
metabase-secrets:
image: metabase/metabase:latest
container_name: metabase-secrets
hostname: metabase-secrets
volumes:
- /dev/urandom:/dev/random:ro
ports:
- 3000:3000
environment:
MB_DB_TYPE: postgres
MB_DB_DBNAME: metabase
MB_DB_PORT: 5432
MB_DB_USER: /run/secrets/db_user
MB_DB_PASS: /run/secrets/db_password
MB_DB_HOST: postgres-secrets
networks:
- metanet1-secrets
depends_on:
- postgres-secrets
secrets:
- db_password
- db_user
postgres-secrets:
image: postgres:latest
container_name: postgres-secrets
hostname: postgres-secrets
environment:
POSTGRES_USER: /run/secrets/db_user
POSTGRES_DB: metabase
POSTGRES_PASSWORD: /run/secrets/db_password
networks:
- metanet1-secrets
secrets:
- db_password
- db_user
networks:
metanet1-secrets:
driver: bridge
secrets:
db_password:
file: db_password.txt
db_user:
file: db_user.txt为了备份目的,我无法连接到postgres实例以获得数据库转储。每次我使用root或postgres用户运行psql时,都会得到相同的错误“角色不存在”。
这些是正在运行的进程:
$ docker-compose top
metabase-secrets
UID PID PPID C STIME TTY TIME CMD
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2000 256298 256273 10 09:11 ? 00:01:15 java -XX:+IgnoreUnrecognizedVMOptions -Dfile.encoding=UTF-8 -Dlogfile.path=target/log -XX:+CrashOnOutOfMemoryError -server -jar /app/metabase.jar
postgres-secrets
UID PID PPID C STIME TTY TIME CMD
------------------------------------------------------------------------------------------------------------------------
gkrellmd 256139 256114 0 09:11 ? 00:00:00 postgres
gkrellmd 256258 256139 0 09:11 ? 00:00:00 postgres: checkpointer
gkrellmd 256259 256139 0 09:11 ? 00:00:00 postgres: background writer
gkrellmd 256260 256139 0 09:11 ? 00:00:00 postgres: walwriter
gkrellmd 256261 256139 0 09:11 ? 00:00:00 postgres: autovacuum launcher
gkrellmd 256262 256139 0 09:11 ? 00:00:00 postgres: stats collector
gkrellmd 256263 256139 0 09:11 ? 00:00:00 postgres: logical replication launcher
gkrellmd 256429 256139 0 09:12 ? 00:00:00 postgres: /run/secrets/db_user metabase 172.18.0.3(60194) idle
gkrellmd 256430 256139 0 09:12 ? 00:00:00 postgres: /run/secrets/db_user metabase 172.18.0.3(60196) idle
gkrellmd 256431 256139 0 09:12 ? 00:00:00 postgres: /run/secrets/db_user metabase 172.18.0.3(60198) idle
gkrellmd 256432 256139 0 09:12 ? 00:00:00 postgres: /run/secrets/db_user metabase 172.18.0.3(60200) idle请忽略上面的"gkrellmd“。它是码头主机上用户id "999“的用户名。
我在容器中启动了shell并试图连接到数据库:
在这里,我从容器中尝试:
$ docker-compose exec postgres-secrets bash
root@postgres-secrets:/# psql
psql: error: FATAL: role "root" does not exist
root@postgres-secrets:/# cat /etc/passwd | grep postgres
postgres:x:999:999::/var/lib/postgresql:/bin/bash
root@postgres-secrets:/# su postgres
postgres@postgres-secrets:/$ psql
psql: error: FATAL: role "postgres" does not exist这些包含秘密的文件就在预期的地方:
postgres@postgres-secrets:/$ ls /var/run/secrets/ -la
total 20
drwxr-xr-x 2 root root 4096 Sep 16 13:08 .
drwxr-xr-x 1 root root 4096 Sep 16 13:08 ..
-rw-rw-r-- 1 1000 1000 13 Sep 16 12:51 db_password
-rw-rw-r-- 1 1000 1000 13 Sep 16 12:51 db_user这些是容器启动期间的postgres-机密日志:
$ cat pg_logs.txt
Attaching to postgres-secrets
postgres-secrets | The files belonging to this database system will be owned by user "postgres".
postgres-secrets | This user must also own the server process.
postgres-secrets |
postgres-secrets | The database cluster will be initialized with locale "en_US.utf8".
postgres-secrets | The default database encoding has accordingly been set to "UTF8".
postgres-secrets | The default text search configuration will be set to "english".
postgres-secrets |
postgres-secrets | Data page checksums are disabled.
postgres-secrets |
postgres-secrets | fixing permissions on existing directory /var/lib/postgresql/data ... ok
postgres-secrets | creating subdirectories ... ok
postgres-secrets | selecting dynamic shared memory implementation ... posix
postgres-secrets | selecting default max_connections ... 100
postgres-secrets | selecting default shared_buffers ... 128MB
postgres-secrets | selecting default time zone ... Etc/UTC
postgres-secrets | creating configuration files ... ok
postgres-secrets | running bootstrap script ... ok
postgres-secrets | performing post-bootstrap initialization ... ok
postgres-secrets | syncing data to disk ... ok
postgres-secrets |
postgres-secrets | initdb: warning: enabling "trust" authentication for local connections
postgres-secrets | You can change this by editing pg_hba.conf or using the option -A, or
postgres-secrets | --auth-local and --auth-host, the next time you run initdb.
postgres-secrets |
postgres-secrets | Success. You can now start the database server using:
postgres-secrets |
postgres-secrets | pg_ctl -D /var/lib/postgresql/data -l logfile start
postgres-secrets |
postgres-secrets | waiting for server to start....2021-09-16 13:08:35.427 UTC [48] LOG: starting PostgreSQL 13.4 (Debian 13.4-1.pgdg100+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit
postgres-secrets | 2021-09-16 13:08:35.437 UTC [48] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgres-secrets | 2021-09-16 13:08:35.481 UTC [49] LOG: database system was shut down at 2021-09-16 13:08:34 UTC
postgres-secrets | 2021-09-16 13:08:35.491 UTC [48] LOG: database system is ready to accept connections
postgres-secrets | done
postgres-secrets | server started
postgres-secrets | CREATE DATABASE
postgres-secrets |
postgres-secrets |
postgres-secrets | /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
postgres-secrets |
postgres-secrets | 2021-09-16 13:08:36.280 UTC [48] LOG: received fast shutdown request
postgres-secrets | waiting for server to shut down....2021-09-16 13:08:36.285 UTC [48] LOG: aborting any active transactions
postgres-secrets | 2021-09-16 13:08:36.287 UTC [48] LOG: background worker "logical replication launcher" (PID 55) exited with exit code 1
postgres-secrets | 2021-09-16 13:08:36.289 UTC [50] LOG: shutting down
postgres-secrets | 2021-09-16 13:08:36.320 UTC [48] LOG: database system is shut down
postgres-secrets | done
postgres-secrets | server stopped这是最后一个:
postgres-secrets | PostgreSQL Database directory appears to contain a database; Skipping initialization
postgres-secrets |
postgres-secrets | 2021-09-28 12:11:54.810 UTC [1] LOG: starting PostgreSQL 13.4 (Debian 13.4-1.pgdg100+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit
postgres-secrets | 2021-09-28 12:11:54.811 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
postgres-secrets | 2021-09-28 12:11:54.811 UTC [1] LOG: listening on IPv6 address "::", port 5432
postgres-secrets | 2021-09-28 12:11:54.821 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgres-secrets | 2021-09-28 12:11:54.842 UTC [26] LOG: database system was shut down at 2021-09-28 12:11:37 UTC
postgres-secrets | 2021-09-28 12:11:54.872 UTC [1] LOG: database system is ready to accept connections
postgres-secrets | 2021-09-28 12:25:01.343 UTC [82] FATAL: role "root" does not exist
postgres-secrets | 2021-09-28 12:25:30.002 UTC [96] FATAL: role "postgres" does not exist我的目的是获得一个数据库转储,以便在postgres的另一个实例中恢复它。
我把所有的书都烧掉了。-(欢迎任何建议!
回答 1
Stack Overflow用户
发布于 2022-04-07 23:10:59
你可以试试这样的东西:
docker exec -t postgres-secrets pg_dumpall -c -U /run/secrets/db_user > dumpall.sql页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/69362049
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号