Обсуждение: Unable configure pgadmin on Google Cloud Run with SSL certs
Hi,
drwxr-xr-x 1 root root 4096 Apr 20 21:33 .
drwxr-xr-x 1 root root 4096 Apr 20 21:34 ..
-rw-rw-r-- 1 root root 65149 Mar 23 13:53 DEPENDENCIES
-rw-rw-r-- 1 root root 1026 Mar 23 13:53 LICENSE
-rw-r--r-- 1 root root 1261 Apr 20 05:59 client-cert.pem
-rw------- 1 root root 1679 Apr 20 06:00 client-key.pem
-rw-rw-r-- 1 root root 25393 Mar 23 13:53 config.py
-rw-r--r-- 1 pgadmin pgadmin 158 Apr 20 21:34 config_distro.py
drwxr-xr-x 4 root root 12288 Mar 23 14:05 docs
-rw-rw-r-- 1 root root 52 Mar 23 13:53 gunicorn_config.py
drwxrwxr-x 3 root root 4096 Mar 23 13:53 migrations
-rw-rw-r-- 1 root root 8596 Mar 23 13:53 pgAdmin4.py
-rw-rw-r-- 1 root root 949 Mar 23 13:53 pgAdmin4.wsgi
drwxrwxr-x 19 root root 4096 Mar 23 13:53 pgadmin
-rw-rw-r-- 1 root root 142 Mar 23 13:53 pgadmin.themes.json
-rw-rw-r-- 1 root root 70 Mar 23 13:53 run_pgadmin.py
-rw-r--r-- 1 root root 1273 Apr 20 06:00 server-ca.pem
-rw-rw-r-- 1 root root 16479 Mar 23 13:53 setup.py
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for pgadmin:
I would like to know how I can use pgadmin with a database that requires SSL Certificates
The Problem
- I am deploying pgadmin onto Google Cloud Run which does not allow mapped drives when starting the container
- I have tried uploading the certificates via the pgadmin UI, however the key file has the wrong permissions and I am unable to change them
- Error message says key file requires 0600 permissions
- I have tried adding the certificates with a small modified Dockerfile, however the files end up in /pgadmin which I can not access from the UI
FROM dpage/pgadmin4
COPY client-cert.pem client-key.pem server-ca.pem ./
The files have been added to the container - but I can not access them from teh UI
$ docker exec -it b5ad237a7eee2873190087c0c132a21007b80c856d3aabf77119ae498683d892 ls -al
total 192drwxr-xr-x 1 root root 4096 Apr 20 21:33 .
drwxr-xr-x 1 root root 4096 Apr 20 21:34 ..
-rw-rw-r-- 1 root root 65149 Mar 23 13:53 DEPENDENCIES
-rw-rw-r-- 1 root root 1026 Mar 23 13:53 LICENSE
-rw-r--r-- 1 root root 1261 Apr 20 05:59 client-cert.pem
-rw------- 1 root root 1679 Apr 20 06:00 client-key.pem
-rw-rw-r-- 1 root root 25393 Mar 23 13:53 config.py
-rw-r--r-- 1 pgadmin pgadmin 158 Apr 20 21:34 config_distro.py
drwxr-xr-x 4 root root 12288 Mar 23 14:05 docs
-rw-rw-r-- 1 root root 52 Mar 23 13:53 gunicorn_config.py
drwxrwxr-x 3 root root 4096 Mar 23 13:53 migrations
-rw-rw-r-- 1 root root 8596 Mar 23 13:53 pgAdmin4.py
-rw-rw-r-- 1 root root 949 Mar 23 13:53 pgAdmin4.wsgi
drwxrwxr-x 19 root root 4096 Mar 23 13:53 pgadmin
-rw-rw-r-- 1 root root 142 Mar 23 13:53 pgadmin.themes.json
-rw-rw-r-- 1 root root 70 Mar 23 13:53 run_pgadmin.py
-rw-r--r-- 1 root root 1273 Apr 20 06:00 server-ca.pem
-rw-rw-r-- 1 root root 16479 Mar 23 13:53 setup.py
I can't look around the file system as I don't know the sudo password
$ docker exec -it b5ad237a7eee2873190087c0c132a21007b80c856d3aabf77119ae498683d892 sudo ls /
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for pgadmin:
Can you please suggest a way I can pre-load certificates before deploying the container, or provide any examples of someone else using Google Cloud Run with CloudSQL & certificates?
Thanks,
Hi
On Tue, Apr 20, 2021 at 10:42 PM rossco <rosscoe.pico@gmail.com> wrote:
Hi,I would like to know how I can use pgadmin with a database that requires SSL CertificatesThe Problem
- I am deploying pgadmin onto Google Cloud Run which does not allow mapped drives when starting the container
Urgh. That would make running PostgreSQL very painful!
Simple Dockerfile to try and pre-load the certs
- I have tried uploading the certificates via the pgadmin UI, however the key file has the wrong permissions and I am unable to change them
- Error message says key file requires 0600 permissions
- I have tried adding the certificates with a small modified Dockerfile, however the files end up in /pgadmin which I can not access from the UI
FROM dpage/pgadmin4COPY client-cert.pem client-key.pem server-ca.pem ./
The storage root in the container is under /var/lib/pgadmin/storage/<username>, however the username has @ replaced with _, so on a simple deploy here with a username of user@domain.com, the path is:
/var/lib/pgadmin/storage/user_domain.com
Any files you place in there will be visible to the user@domain.com user account in the file dialog (including when selecting a certificate). You may need to add something like:
RUN chown pgadmin:pgadmin /var/lib/pgadmin/storage/user_domain.com/* && chmod 600 /var/lib/pgadmin/storage/user_domain.com/client-key.pem
to your wrapper dockerfile.
I can't look around the file system as I don't know the sudo password$ docker exec -it b5ad237a7eee2873190087c0c132a21007b80c856d3aabf77119ae498683d892 sudo ls /
There isn't a sudo password - you shouldn't need to use sudo at all, e.g
$ docker exec -it naughty_ride /bin/sh
/pgadmin4 $ ls -al /var/lib/pgadmin/storage
total 12
drwxr-xr-x 3 pgadmin pgadmin 4096 Apr 21 08:22 .
drwx------ 4 pgadmin pgadmin 4096 Apr 21 08:24 ..
drwx------ 2 pgadmin pgadmin 4096 Apr 21 08:24 user_domain.com
/pgadmin4 $ whoami
pgadmin
/pgadmin4 $ ls -al /etc | head -5
total 232
drwxr-xr-x 1 root root 4096 Apr 21 08:17 .
drwxr-xr-x 1 root root 4096 Apr 21 08:17 ..
-rw-r--r-- 1 root root 7 Apr 14 10:25 alpine-release
drwxr-xr-x 1 root root 4096 Apr 19 12:01 apk