Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Database authentication fails with Docker

See original GitHub issue

What happened?

Postgres authentication fails after initial setup for a Cookiecutter project using Docker.

  • encountered locally & in production on Digital Ocean droplets (multiple)
  • In current cookiecutter release and older versions over the last few weeks

The error:

postgres_1      | 	Connection matched pg_hba.conf line 95: "host all all all md5"
postgres_1      | 2018-06-03 16:19:08.175 UTC [39] FATAL:  password authentication failed for user "xxx"
postgres_1      | 2018-06-03 16:19:08.175 UTC [39] DETAIL:  Password does not match for user "xxx".

I had this first happen in production, and I thought it was something I had done. I tried to resolve it in multiple ways in prod from setting up new droplets, updating different packages, trying many different solutions but without any success.

To debug it further this morning, I set up a fresh cookiecutter project, and decided to deploy that to Digital Ocean. I did not change anything other than the ALLOWED_HOSTS and DJANGO_SENTRY_DSN settings.

When trying to build and up locally, this error popped up for the first time on my local machine.

For context, this error was mentioned in one stackoverflow post a few months ago. The answer from @webyneter works locally, however in production, it seems like a bad idea to kill the data volume that you want to persist.

What should’ve happened instead?

There shouldn’t be authentication errors to your database when the values are stored in the .env files for either local or production development.

Steps to reproduce

  • Set up a project with docker
  • build and up
  • Try making a change, and then build and up (Make sure you are not in -d detached mode as the error will not appear
  • Result should be hundreds of lines of:
django_1        | Waiting for PostgreSQL to become available...
django_1        | Waiting for PostgreSQL to become available...
django_1        | Waiting for PostgreSQL to become available...
django_1        | Waiting for PostgreSQL to become available...
celeryworker_1  | Waiting for PostgreSQL to become available...
postgres_1      | 2018-06-03 16:19:02.895 UTC [28] FATAL:  password authentication failed for user "xxxxx"
postgres_1      | 2018-06-03 16:19:02.895 UTC [28] DETAIL:  Password does not match for user "xxxxx".
postgres_1      | 	Connection matched pg_hba.conf line 95: "host all all all md5"
celerybeat_1    | Waiting for PostgreSQL to become available...
postgres_1      | 2018-06-03 16:19:04.200 UTC [29] FATAL:  password authentication failed for user "xxxxx"
postgres_1      | 2018-06-03 16:19:04.200 UTC [29] DETAIL:  Password does not match for user "xxxxx".
postgres_1      | 	Connection matched pg_hba.conf line 95: "host all all all md5"
django_1        | Waiting for PostgreSQL to become available...
postgres_1      | 2018-06-03 16:19:04.207 UTC [30] FATAL:  password authentication failed for user "xxxxx"
postgres_1      | 2018-06-03 16:19:04.207 UTC [30] DETAIL:  Password does not match for user "xxxxx".
postgres_1      | 	Connection matched pg_hba.conf line 95: "host all all all md5"
postgres_1      | 2018-06-03 16:19:04.217 UTC [31] FATAL:  password authentication failed for user "xxxxx"
postgres_1      | 2018-06-03 16:19:04.217 UTC [31] DETAIL:  Password does not match for user "xxxxx".
postgres_1      | 	Connection matched pg_hba.conf line 95: "host all all all md5"
celeryworker_1  | Waiting for PostgreSQL to become available...
django_1        | Waiting for PostgreSQL to become available...
celerybeat_1    | Waiting for PostgreSQL to become available...

I’ve now encountered this on older cookiecutter versions and the current version as well.

Docker version: Version 18.03.1-ce-mac65 (24312)
FROM python:3.6-alpine

docker: Y celery: Y sentry: Y

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:20 (9 by maintainers)

github_iconTop GitHub Comments

2reactions
emilepetronecommented, Jun 7, 2018

Ok I’ve nailed it down.

When I first create a droplet, I run eval $(docker-machine env <name>) and set the docker-machine. On future deploys, I would open new terminal windows (maybe a day or days later). I thought the eval would be set across terminal sessions, but I was wrong.

  • If I open a new terminal and up without setting eval $(docker-machine env <name>), then up goes to somewhere unknown. Does anyone understand this?
  • If I run eval and then up, it deploys properly to the production machine / Digital Ocean droplet

How I can see this:

  • If I do not run eval and enter the Postgres CLI, I can see objects that are not accessible via my web admin.
  • The command: docker-compose -f production.yml exec postgres psql -d <db_name> -U <db_user>

Questions:

  • If you run up without setting the docker-machine environment, where is it deploying to?
  • Does this make sense?

Thank you again to everyone for your help. This took much longer than expected but at least I’ve nailed it down.

1reaction
webynetercommented, Jun 3, 2018

@emilepetrone thank you for reporting. To clarify, every time you re-generate the project with Cookiecutter Django POSTGRES_USER and POSTGRES_PASSWORD are set to randomly-generated values (see our hooks/post_gen_project.py for implementation details) unless debug option is y since in that case those envs will always be debug:debug across setups. With that in mind, my hypothesis would be that you production setup’s postgres instance user:password are still the ones you had upon first-time project creation effectively persisted within the database’s volumes.

Read more comments on GitHub >

github_iconTop Results From Across the Web

mongo db docker image authentication failed - Stack Overflow
After some time, I figured out. On the same folder, create docker-compose.yml and init-mongo.js. docker-compose.yml
Read more >
Docker compose authentication doesn't register - MongoDB
I tried opening the container with auth but it failed mesrably.it works without auth… coupld someone point out where did I go wrong...
Read more >
Cannot authenticate docker postgres database #8927 - GitHub
Error : P1000 Authentication failed against database server at localhost , the provided database credentials for username` are not valid.
Read more >
password authentication failed for user root postgres docker
Newbie needs help understanding Docker Postgres django.db.utils.OperationalError: FATAL: password authentication failed for user "postgres".
Read more >
Password authentication failed after Restoring database?
Hello I am trying to migrate my db from one server to another but I am facing authentication error Steps to reproduce error:...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Postgres not recognizing the user

Next page

Celery throwing ImproperlyConfigured error when adding new app