kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(install): reset postgres volume on reconfigure to avoid auth failures
Aegis CI / lint-and-test (push) Has been cancelled
Details

Browse Source 
When the wizard reconfigures and generates a new DB_PASSWORD, the existing
Postgres volume retains the old password (Docker only initializes credentials
on a fresh empty volume). The backend then fails to connect because .env
has the new password but Postgres still uses the old one.

Fix: run 'docker compose down -v' before 'up --build' whenever the wizard
reconfigures (SKIP_CONFIG=false), so Postgres always initializes with the
current .env credentials. Also add a pre-confirmation warning when existing
volumes are detected.
This commit is contained in:
kitos
2026-06-11 12:03:33 +02:00
parent 22293804ab
commit cea518b33c
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/install.sh
+16
View File
@@ -270,6 +270,14 @@ if [ "$SKIP_CONFIG" = false ]; then
echo -e " │ MITRE sync: ${CYAN}$([ "$RUN_MITRE_SYNC" = true ] && echo "yes" || echo "no")${NC}"
echo -e "${BOLD} └──────────────────────────────────────────────────────┘${NC}"
echo ""
# Warn about data loss if containers/volumes already exist
if $COMPOSE_CMD -f docker-compose.prod.yml ps -q 2>/dev/null | grep -q . || \
docker volume ls --format '{{.Name}}' 2>/dev/null | grep -qi 'postgres'; then
echo ""
print_warn "Existing database volumes detected."
print_warn "Proceeding will RESET the database — all existing data will be lost."
fi
print_prompt "Proceed with these settings? (Y/n): "
read -r CONFIRM
if [[ $CONFIRM =~ ^[Nn]$ ]]; then
@@ -325,6 +333,14 @@ print_header "Step 3/5 - Building and starting containers"
print_info "This may take several minutes on first run..."
# When reconfiguring, remove old volumes so Postgres re-initializes with the new password.
# Without this, Postgres ignores the new DB_PASSWORD because it only sets credentials
# on first initialization (empty volume) — leaving the backend unable to authenticate.
if [ "$SKIP_CONFIG" = false ]; then
print_info "Removing existing volumes to apply new credentials..."
$COMPOSE_CMD -f docker-compose.prod.yml down -v > /dev/null 2>&1 || true
fi
if ! $COMPOSE_CMD -f docker-compose.prod.yml up -d --build 2>&1; then
print_error "Failed to build/start containers. Check the output above."
exit 1