Spaces:
Running
Running
Commit Β·
b4e6556
1
Parent(s): a733d8f
Fix: always set Neo4j password on boot + cypher-shell fallback in seeder
Browse files- docker/entrypoint.sh +7 -9
- docker/seed_on_startup.sh +19 -0
docker/entrypoint.sh
CHANGED
|
@@ -13,15 +13,13 @@ mkdir -p /data/neo4j/data/databases /data/neo4j/data/dbms
|
|
| 13 |
# ββ First-boot: set initial password ββββββββββββββββββββββββββββββββββββββββββ
|
| 14 |
NEO4J_PASS="${NEO4J_PASSWORD:-clinicalmatch2024}"
|
| 15 |
|
| 16 |
-
|
| 17 |
-
|
| 18 |
-
|
| 19 |
-
|
| 20 |
-
|
| 21 |
-
|
| 22 |
-
|
| 23 |
-
log "Password initialisation done."
|
| 24 |
-
fi
|
| 25 |
|
| 26 |
# ββ Nginx tmp dirs βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
| 27 |
mkdir -p /tmp/nginx-cache /tmp/nginx-body
|
|
|
|
| 13 |
# ββ First-boot: set initial password ββββββββββββββββββββββββββββββββββββββββββ
|
| 14 |
NEO4J_PASS="${NEO4J_PASSWORD:-clinicalmatch2024}"
|
| 15 |
|
| 16 |
+
# Always attempt set-initial-password β safe to run every boot:
|
| 17 |
+
# - Before first Neo4j start: sets the password correctly
|
| 18 |
+
# - After first start: command fails (db already has auth), || true absorbs the error
|
| 19 |
+
log "Setting Neo4j initial password (safe to re-run)..."
|
| 20 |
+
NEO4J_CONF=/opt/neo4j/conf \
|
| 21 |
+
neo4j-admin dbms set-initial-password "$NEO4J_PASS" 2>&1 || \
|
| 22 |
+
log "set-initial-password: already initialized, skipping."
|
|
|
|
|
|
|
| 23 |
|
| 24 |
# ββ Nginx tmp dirs βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
| 25 |
mkdir -p /tmp/nginx-cache /tmp/nginx-body
|
docker/seed_on_startup.sh
CHANGED
|
@@ -36,9 +36,28 @@ wait_for_http() {
|
|
| 36 |
log "$label ready after $((i*2))s"
|
| 37 |
}
|
| 38 |
|
|
|
|
|
|
|
| 39 |
log "Waiting for Neo4j bolt on $NEO4J_BOLT..."
|
| 40 |
wait_for_tcp 127.0.0.1 7687 "Neo4j bolt" 180
|
| 41 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42 |
log "Waiting for FastAPI backend..."
|
| 43 |
wait_for_http "$BACKEND/health" "FastAPI /health" 120
|
| 44 |
|
|
|
|
| 36 |
log "$label ready after $((i*2))s"
|
| 37 |
}
|
| 38 |
|
| 39 |
+
NEO4J_PASS="${NEO4J_PASSWORD:-clinicalmatch2024}"
|
| 40 |
+
|
| 41 |
log "Waiting for Neo4j bolt on $NEO4J_BOLT..."
|
| 42 |
wait_for_tcp 127.0.0.1 7687 "Neo4j bolt" 180
|
| 43 |
|
| 44 |
+
# Extra settle time β bolt port opens before auth subsystem is fully ready
|
| 45 |
+
sleep 10
|
| 46 |
+
|
| 47 |
+
# Ensure the password is set correctly via cypher-shell.
|
| 48 |
+
# Case 1: DB is brand new β default creds are neo4j/neo4j, change them.
|
| 49 |
+
# Case 2: Password already set to $NEO4J_PASS β first attempt fails, second succeeds (noop).
|
| 50 |
+
log "Ensuring Neo4j password is set to target value..."
|
| 51 |
+
if cypher-shell -u neo4j -p "$NEO4J_PASS" "RETURN 1 AS ok;" > /dev/null 2>&1; then
|
| 52 |
+
log "Neo4j auth OK β password already matches target."
|
| 53 |
+
else
|
| 54 |
+
log "Attempting password change from default (neo4j β target)..."
|
| 55 |
+
cypher-shell -u neo4j -p neo4j \
|
| 56 |
+
"ALTER CURRENT USER SET PASSWORD FROM 'neo4j' TO '$NEO4J_PASS';" 2>&1 \
|
| 57 |
+
&& log "Password changed successfully." \
|
| 58 |
+
|| log "WARNING: password change failed β may already be set or auth is locked. Continuing."
|
| 59 |
+
fi
|
| 60 |
+
|
| 61 |
log "Waiting for FastAPI backend..."
|
| 62 |
wait_for_http "$BACKEND/health" "FastAPI /health" 120
|
| 63 |
|