[bitnami/postgresql-repmgr] no user postgres

[fluca1978]

Name and Version

bitnami/postgresql-repmgr:latest

What architecture are you using?

amd64

What steps will reproduce the bug?

docker compose up -d with a configuration as follows:

services:
  pg_primary-1:
    image: 'bitnami/postgresql-repmgr:latest'
    hostname : 'pg_primary-1'
    ports    :
      - '65432:5432'
    environment :
      POSTGRESQL_USERNAME             : 'luca'
      POSTGRESQL_PASSWORD             : 'repmgr'
      POSTGRESQL_DATABASE             : 'testdb'
      POSTGRESQL_POSTGRES_PASSWORD    : 'repmgr'

      REPMGR_NODE_ID                  : '1'
      REPMGR_NODE_NAME                : 'pg_primary-1'
      REPMGR_NODE_NETWORK_NAME        : 'pg_primary-1'
      REPMGR_PARTNER_NODES            : 'pg_primary-1,pg_standby_a-2,pg_standby_b-3'
      REPMGR_PRIMARY_HOST             : 'pg_primary-1'
      REPMGR_PORT_NUMBER              : '5432'
      REPMGR_USERNAME                 : 'repmgr'
      REPMGR_PASSWORD                 : 'repmgr'

    networks:
      - cluster-network
    volumes:
      - ~/postgres-docker-vols/repmgr/pg_primary:/bitnami/postgres

What is the expected behavior?

% sudo docker exec --user postgres -it $(sudo docker ps -qf "name=repmgr-pg_primary-1") /usr/bin/bash should give me a shell with the user postgres

What do you see instead?

% sudo docker exec --user postgres  -it $(sudo docker ps -qf "name=repmgr-pg_primary-1")  /usr/bin/bash
unable to find user postgres: no matching entries in passwd file

moreover, connecting to the image:

% sudo docker exec   -it $(sudo docker ps -qf "name=repmgr-pg_primary-1")  /usr/bin/bash  
I have no name!@pg_primary-1:/$ id
uid=1001 gid=0(root) groups=0(root)
I have no name!@pg_primary-1:/$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
I have no name!@pg_primary-1:/$ 

Apparently, the system is not creating the user 1001 correctly, I suspect it has to be configured as postgres or repmgr, since the documentation states such users have administrative powers.

Additional information

No response

[fluca1978]

Seems related to #74880

[fluca1978]

For the record: using the 1001 user does not work at all.

I have no name!@pg_primary-1:/$ repmgr cluster show -f /opt/bitnami/repmgr/conf/repmgr.conf
could not get current user name: Success

One possible solution to get this working, is to connect as root and to add manually the users:

% sudo docker exec --user root  -it $(sudo docker ps -qf "name=repmgr-pg_primary-1")  /usr/bin/bash
root@pg_primary-1:/# useradd postgres
root@pg_primary-1:/# useradd repmgr
root@pg_primary-1:/# su - repmgr
$ /opt/bitnami/repmgr/bin/repmgr cluster show -f /opt/bitnami/repmgr/conf/repmgr.conf
 ID | Name           | Role    | Status    | Upstream     | Location | Priority | Timeline | Connection string                                                                         
----+----------------+---------+-----------+--------------+----------+----------+----------+--------------------------------------------------------------------------------------------
 1  | pg_primary-1   | primary | * running |              | default  | 100      | 1        | user=repmgr password=repmgr host=pg_primary-1 dbname=repmgr port=5432 connect_timeout=5  

[fluca1978]

I've also tried to nuke the local file storage and use docker compose without root privileges.

The system goes up, but again the users are created on the PostgreSQL side but not on the operating system side, so I'm unable to run repmgr:

$ psql -h localhost -U postgres -p 65432
Password for user postgres: 
psql (16.4 (Ubuntu 16.4-0ubuntu0.24.04.1))
Type "help" for help.

postgres=# \dr
invalid command \dr
Try \? for help.
postgres=# \du
                             List of roles
 Role name |                         Attributes                         
-----------+------------------------------------------------------------
 luca      | Create DB
 postgres  | Superuser, Create role, Create DB, Replication, Bypass RLS
 repmgr    | Superuser, Create DB, Replication

and on the shell

$ docker exec -it repmgr-pg_standby_b-3-1 /bin/bash
I have no name!@pg_standby_b-3:/$ which repmgr
/opt/bitnami/repmgr/bin/repmgr
I have no name!@pg_standby_b-3:/$ repmgr cluster show
could not get current user name: Success

The PGDATA is owned by user 1000, so it seems this should be postgres, and the configuration for repmgr is owned by user 1001 that presumably should be repmgr:

$ docker exec --user root -it repmgr-pg_standby_b-3-1 /bin/bash

root@pg_standby_b-3:/# repmgr
repmgr: cannot be run as root
Please log in (using, e.g., "su") as the (unprivileged) user that owns the data directory.
root@pg_standby_b-3:/# ls -ld /bitnami/postgres
drwxrwxr-x 2 1000 132 4096 Nov 14 15:03 /bitnami/postgres

oot@pg_standby_b-3:/# ls -ld /opt/bitnami/repmgr/conf/repmgr.conf
-rw-r--r-- 1 1001 root 1437 Nov 14 15:08 /opt/bitnami/repmgr/conf/repmgr.conf

[fluca1978]

Just to say that I've tried also 14-debian-12 with the very same results.
At this point, I'm not understanding which unprivileged user has to be accessed to run repmgr.

[gbsingh1993]

I have a very similar issue. I have added this comment to another issue

#70549

iv upgraded from postgresql-repmgr:16.4.0-debian-12-r24 to postgresql-repmgr:16.4.0-debian-12-r29

[fluca1978]

Just for the record, I've tried also the official docker-compose.yml example with no luck (see https://github.com/bitnami/containers/blob/main/bitnami/postgresql-repmgr/docker-compose.yml).

% sudo docker compose up -d
[+] Running 3/3
 ✔ pg-0 Pulled                                                                                          25.2s 
 ✔ pg-1 1 layers [⣿]      0B/0B      Pulled                                                             25.2s 
   ✔ 5ec8cee6b304 Pull complete                                                                         16.2s 
[+] Running 2/5
 ⠧ Network repmgr_default     Created                                                                    5.6s 
 ⠦ Volume "repmgr_pg_0_data"  Created                                                                    5.5s 
 ⠴ Volume "repmgr_pg_1_data"  Created                                                                    5.5s 
 ✔ Container repmgr-pg-0-1    Started                                                                    5.5s 
 ✔ Container repmgr-pg-1-1    Started                                                                    5.5s 

% sudo docker ps
CONTAINER ID   IMAGE                          COMMAND                  CREATED          STATUS         PORTS                                         NAMES
b792e13dbba5   bitnami/postgresql-repmgr:16   "/opt/bitnami/script…"   12 seconds ago   Up 5 seconds   0.0.0.0:32769->5432/tcp, :::32769->5432/tcp   repmgr-pg-1-1
f66f08c8ae06   bitnami/postgresql-repmgr:16   "/opt/bitnami/script…"   12 seconds ago   Up 5 seconds   0.0.0.0:32768->5432/tcp, :::32768->5432/tcp   repmgr-pg-0-1

% sudo docker exec -it repmgr-pg-1-1 /bin/bash
I have no name!@b792e13dbba5:/$ id
uid=1001 gid=0(root) groups=0(root)
I have no name!@b792e13dbba5:/$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin

[fluca1978]

@gbsingh1993 thanks, I've tried the containers that you mentioned were working fine, just as a desperate try, with no luck.
The point is: how do you execute the repmgr command? Because it could be I'm missing something here.

% sudo docker ps                              
CONTAINER ID   IMAGE                                            COMMAND                  CREATED         STATUS         PORTS                                         NAMES
0f32dfa89e2e   bitnami/postgresql-repmgr:16.4.0-debian-12-r24   "/opt/bitnami/script…"   5 minutes ago   Up 5 minutes   0.0.0.0:32771->5432/tcp, :::32771->5432/tcp   repmgr-pg-0-1
f2cf201b5b2c   bitnami/postgresql-repmgr:16.4.0-debian-12-r24   "/opt/bitnami/script…"   5 minutes ago   Up 5 minutes   0.0.0.0:32770->5432/tcp, :::32770->5432/tcp   repmgr-pg-1-1

% sudo docker exec -it repmgr-pg-1-1 /bin/bash
I have no name!@f2cf201b5b2c:/$ id
uid=1001 gid=0(root) groups=0(root)
I have no name!@f2cf201b5b2c:/$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin

I have no name!@f2cf201b5b2c:/$ ls -l /bitnami/postgresql/
total 12
drwxrwxr-x  3 root root 4096 Nov 15 08:05 conf
drwx------ 19 1001 root 4096 Nov 15 08:13 data
drwxr-xr-x  2 1001 root 4096 Nov 15 08:05 lock

[fluca1978]

I found this older issue that is reporting pretty much the same thing, still I'm not able to get the wrapper working.
#20479

I think a wrapper should be provided by default, because it seems to me this is a bug.

[TanvirMahin24]

I was able to run the CLI by using the user nobody . My docker exec command looks like this: docker exec -it --user nobody <CONTAINER_NAME> bash

[fluca1978]

I was able to run the CLI by using the user nobody . My docker exec command looks like this: docker exec -it --user nobody <CONTAINER_NAME> bash

thanks, works for me too. Is this documented somewhere I missed?

[TanvirMahin24]

cat /etc/passwd shows there is a user called nobody. I randomly tried with that user and it worked.

[fluca1978]

cat /etc/passwd shows there is a user called nobody. I randomly tried with that user and it worked.

Digging a little more, you can see the user nobody is at the max id for a single user, as well as _apt, which in fact works too:

_apt@pg_primary-1:/$ repmgr -f /opt/bitnami/repmgr/conf/repmgr.conf cluster show
 ID | Name           | Role    | Status    | Upstream     | Location | Priority | Timeline | Connection string                                                                         
----+----------------+---------+-----------+--------------+----------+----------+----------+--------------------------------------------------------------------------------------------
 1  | pg_primary-1   | primary | * running |              | default  | 100      | 1        | user=repmgr password=repmgr host=pg_primary-1 dbname=repmgr port=5432 connect_timeout=5   
 2  | pg_standby_a-2 | standby |   running | pg_primary-1 | default  | 200      | 1        | user=repmgr password=repmgr host=pg_standby_a-2 dbname=repmgr port=5432 connect_timeout=10
 3  | pg_standby_b-3 | standby |   running | pg_primary-1 | default  | 300      | 1        | user=repmgr password=repmgr host=pg_standby_b-3 dbname=repmgr port=5432 connect_timeout=10

But much more strangely, at least to me, is that any user listed in can run repmgr commands:

% docker exec  --user daemon   -it $(sudo docker ps -qf "name=repmgr-pg_primary")  /usr/bin/bash
daemon@pg_primary-1:/$ repmgr -f /opt/bitnami/repmgr/conf/repmgr.conf cluster show
 ID | Name           | Role    | Status    | Upstream     | Location | Priority | Timeline | Connection string                                                                         
----+----------------+---------+-----------+--------------+----------+----------+----------+--------------------------------------------------------------------------------------------
 1  | pg_primary-1   | primary | * running |              | default  | 100      | 1        | user=repmgr password=repmgr host=pg_primary-1 dbname=repmgr port=5432 connect_timeout=5   
 2  | pg_standby_a-2 | standby |   running | pg_primary-1 | default  | 200      | 1        | user=repmgr password=repmgr host=pg_standby_a-2 dbname=repmgr port=5432 connect_timeout=10
 3  | pg_standby_b-3 | standby |   running | pg_primary-1 | default  | 300      | 1        | user=repmgr password=repmgr host=pg_standby_b-3 dbname=repmgr port=5432 connect_timeout=10

It is not clear to me if this is what is expected or not, I guess the missing user 1001 is still an indication for a bug.