[英]Where is the pgpass file in pgadmin4 docker container when this file is mounted as a volume
I'm using the following image https://hub.docker.com/r/dpage/pgadmin4/ to set up pgAdmin4 on Ubuntu 18-04.我正在使用以下图像https://hub.docker.com/r/dpage/pgadmin4/在 Z3D945423F8E9496C429A5D8C65B460F4 上设置 pgAdmin4。
I have mounted a volume containing a pgpass
file (which was also chmod
for the pgadmin
user inside the container) as you can see in my Compose file:正如您在我的 Compose 文件中看到的那样,我已经安装了一个包含
pgpass
文件的卷(这也是容器内pgadmin
用户的chmod
):
version: '3.8'
services:
pgadmin4:
image: dpage/pgadmin4
container_name: pgadmin4
environment:
- PGADMIN_DEFAULT_EMAIL=me@localhost
- PGADMIN_DEFAULT_PASSWORD=******************
- PGADMIN_LISTEN_PORT=5050
- PGADMIN_SERVER_JSON_FILE=servers.json
volumes:
- ./config/servers.json:/pgadmin4/servers.json # <-- this file is well taken into account
- ./config/pgpass:/pgpass # <- there is no way to find this one on the other hand
ports:
- "5000:5000"
restart: unless-stopped
network_mode: host
But the it seems it's not recognized from the pgadmin webpage when I right click on a server and check its Advanced properties:但是当我右键单击服务器并检查其高级属性时,似乎无法从 pgadmin 网页中识别它:
And if I manually specify /pgpass
in the top greenish box where there's only a slash in the image, it says:如果我在图像中只有斜线的顶部绿色框中手动指定
/pgpass
,它会显示:
But if I log into the container, I can actually list that file:但是如果我登录到容器中,我实际上可以列出该文件:
/ $ ls -larth /pgpass
-rw------- 1 pgadmin pgadmin 574 Mar 10 22:37 /pgpass
What did I do wrong?我做错了什么?
How can I get the pgpass
file to be recognized by the application?如何让应用程序识别
pgpass
文件?
I got it working with the following insight.我得到了以下见解。
In servers.json when you specify:在 servers.json 中指定时:
"PassFile": "/pgpass"
It means that /
in the path begins in the user's storage dir, ie表示路径中的
/
从用户的存储目录开始,即
pattern:
/var/lib/pgadmin/storage/<USERNAME>_<DOMAIN>/
example:
/var/lib/pgadmin/storage/postgres_acme.com/
Here's a working example that copies everything into the right spot and sets the perms correctly.这是一个工作示例,它将所有内容复制到正确的位置并正确设置烫发。
pgadmin:
image: dpage/pgadmin4
restart: unless-stopped
environment:
PGADMIN_DEFAULT_EMAIL: postgres@acme.com
PGADMIN_DEFAULT_PASSWORD: postgres
PGADMIN_LISTEN_ADDRESS: '0.0.0.0'
PGADMIN_LISTEN_PORT: 5050
tty: true
ports:
- 5050:5050
volumes:
- ~/data/pgadmin_data:/var/lib/pgadmin
- ./local-cloud/servers.json:/pgadmin4/servers.json # preconfigured servers/connections
- ./local-cloud/pgpass:/pgadmin4/pgpass # passwords for the connections in this file
entrypoint: >
/bin/sh -c "
mkdir -m 700 /var/lib/pgadmin/storage/postgres_acme.com;
chown -R pgadmin:pgadmin /var/lib/pgadmin/storage/postgres_acme.com;
cp -prv /pgadmin4/pgpass /var/lib/pgadmin/storage/postgres_acme.com/;
chmod 600 /var/lib/pgadmin/storage/postgres_acme.com/pgpass;
/entrypoint.sh
"
The following config worked for me:以下配置对我有用:
pgpass pgpass
docker_postgres_db:5432:postgres:postgres:postgres
servers.json服务器.json
{
"Servers": {
"1": {
"Name": "docker_postgres",
"Group": "docker_postgres_group",
"Host": "docker_postgres_db",
"Port": 5432,
"MaintenanceDB": "postgres",
"Username": "postgres",
"PassFile": "/pgpass",
"SSLMode": "prefer"
}
}
}
docker-compose.yaml docker-compose.yaml
version: "3.9"
services:
docker_postgres_db:
image: postgres
volumes:
- ./postgres_db_data:/var/lib/postgresql/data # mkdir postgres_db_data before docker compose up
environment:
- POSTGRES_DB=postgres
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
ports:
- "15432:5432"
pgadmin:
build:
context: .
dockerfile: ./dockerfile_for_pgadmin
environment:
PGADMIN_DEFAULT_EMAIL: pgadmin@pgadmin.com
PGADMIN_DEFAULT_PASSWORD: pgadmin
ports:
- "5050:80"
volumes:
- ./servers.json:/pgadmin4/servers.json # preconfigured servers/connections
dockerfile+for_pgadmin dockerfile+for_pgadmin
FROM dpage/pgadmin4
USER pgadmin
RUN mkdir -p /var/lib/pgadmin/storage/pgadmin_pgadmin.com
COPY ./pgpass /var/lib/pgadmin/storage/pgadmin_pgadmin.com/
USER root
RUN chown pgadmin:pgadmin /var/lib/pgadmin/storage/pgadmin_pgadmin.com/pgpass
RUN chmod 0600 /var/lib/pgadmin/storage/pgadmin_pgadmin.com/pgpass
USER pgadmin
ENTRYPOINT ["/entrypoint.sh"]
On pgAdmin 6.2 , PassFile
points to the absolute path inside container, instead of a path under STORAGE_DIR
( /var/lib/pgadmin ).在pgAdmin 6.2上,
PassFile
指向容器内的绝对路径,而不是STORAGE_DIR
( /var/lib/pgadmin ) 下的路径。
Before the entrypoint phase, just need to set owner and permissions for the pgpass file.在入口点阶段之前,只需要设置 pgpass 文件的所有者和权限。
docker-compose.yml docker-compose.yml
pgadmin:
image: dpage/pgadmin4:6.2
entrypoint: >
/bin/sh -c "
cp -f /pgadmin4/pgpass /var/lib/pgadmin/;
chmod 600 /var/lib/pgadmin/pgpass;
chown pgadmin:pgadmin /var/lib/pgadmin/pgpass;
/entrypoint.sh
"
environment:
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL:-pgadmin4@pgadmin.org}
PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD:-admin}
PGADMIN_CONFIG_SERVER_MODE: "False"
PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: "False"
volumes:
- ./config/servers.json:/pgadmin4/servers.json
- ./config/pgpass:/pgadmin4/pgpass
ports:
- "${PGADMIN_PORT:-5050}:80"
servers.json服务器.json
{
"Servers": {
"1": {
"Name": "pgadmin4@pgadmin.org",
"Group": "Servers",
"Host": "postgres",
"Port": 5432,
"MaintenanceDB": "postgres",
"Username": "postgres",
"SSLMode": "prefer",
"PassFile": "/var/lib/pgadmin/pgpass"
}
}
}
pgpass pgpass
postgres:5432:postgres:postgres:Welcome01
Update:更新:
Updated entrypoint on docker-compose.yml and PassFile on servers.json for a cross platform working solution.更新了docker-compose.yml上的入口点和servers.json上的 PassFile 的跨平台工作解决方案。
Update 2:更新 2:
I created a container image ( dcagatay/pwless-pgadmin4 ) for passwordless pgadmin4.我为无密码的 pgadmin4 创建了一个容器映像 ( dcagatay/pwless-pgadmin4 )。
The problem here seems to be that '/'
in the servers.json
file does not mean '/'
in the filesystem, but something relative to the STORAGE_DIR
set in the config.这里的问题似乎是
servers.json
文件中的'/'
'/'
,而是与配置中设置的STORAGE_DIR
相关的东西。 In fact, a separate storage directory for each user is created, so with your user me@localhost
you will have to mount ./config/pgpass
to /var/lib/pgadmin4/storage/me_localhost/pgpass
, but still refer to it as /pgpass
in your servers.json
.实际上,为每个用户创建了一个单独的存储目录,因此对于您的用户
me@localhost
,您必须将./config/pgpass
挂载到/var/lib/pgadmin4/storage/me_localhost/pgpass
,但仍将其称为/pgpass
在您的servers.json
中。json 。
I'm running the latest version of pgadmin4 as of this post (6.11).从这篇文章(6.11)开始,我正在运行最新版本的 pgadmin4。 It took me forever to find the answer as to how to set a pgpass file location without storing it in the user's uploads dir (insecure IMO).
我花了很长时间才找到关于如何设置 pgpass 文件位置而不将其存储在用户的上传目录中的答案(不安全的 IMO)。
Unfortunately it does not seem to work using an absolute path eg /var/lib/pgadmin/pgpass
.不幸的是,它似乎不适用于使用绝对路径,例如
/var/lib/pgadmin/pgpass
。
However, what did work was this workaround I found here: https://github.com/rowanruseler/helm-charts/issues/72#issuecomment-1002300143但是,起作用的是我在这里找到的解决方法: https://github.com/rowanruseler/helm-charts/issues/72#issuecomment-1002300143
Basically if you use ../../pgpass
, you can traverse the filesystem instead of the default behaviour of looking inside the user's uploads folder.基本上,如果您使用
../../pgpass
,您可以遍历文件系统,而不是查看用户上传文件夹的默认行为。
Example servers.json :示例服务器。json :
{
"Servers": {
"1": {
"Name": "my-postgres-instance",
"Group": "Servers",
"Host": "postgres",
"Port": 5432,
"MaintenanceDB": "postgres",
"Username": "postgres",
"SSLMode": "prefer",
"PassFile": "../../pgpass"
}
}
}
Also, setting the file permission as 0600 is a critical step - the file can not be world-readable, see stackoverflow.com/a/28152568/15198761 for more info.此外,将文件权限设置为 0600 是一个关键步骤 - 该文件不能是世界可读的,有关更多信息,请参阅 stackoverflow.com/a/28152568/15198761。
In a K8s environment, using the offical pgadmin image I use a configmap for the servers.json
along with the following command :在 K8s 环境中,使用官方 pgadmin 映像,我使用服务器的配置映射
servers.json
以及以下命令:
command:
- sh
- -c
- |
set -e
cp -f /pgadmin4/pgpass /var/lib/pgadmin/
chown 5050:5050 /var/lib/pgadmin/pgpass
chmod 0600 /var/lib/pgadmin/pgpass
/entrypoint.sh
Using a combination of the above, I was finally able to connect to my postgres instance without needing to put in a password or keeping the pgpass file in the user's uploads dir.结合使用上述方法,我终于能够连接到我的 postgres 实例,而无需输入密码或将 pgpass 文件保存在用户的上传目录中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.