I need to run the neo4j database in Amazon ECS with initially loaded data and so I extend the docker image, download data and import them using
neo4j-admin import tool and then run the original entrypoint. Problem is that setting of
NEO4J_AUTH does not work and the neo4j user retains the initial password (neo4j) and so I cannot query the database from outside.
The Dockerfile looks like this:
FROM neo4j ENV NEO4J_AUTH=neo4j/graphPass ENV JAVA_OPTS='-server -Xms2g -Xmx2g' RUN curl -sL https://deb.nodesource.com/setup_13.x | bash - RUN curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list RUN apt -y update && \ apt -y upgrade && \ apt-get install -y nodejs yarn tar WORKDIR /code COPY ./ /code RUN chown -R neo4j:neo4j /code RUN yarn install RUN ./node_modules/.bin/webpack --config ./webpack.config.js
And the container is run with this bash script:
#!/bin/bash node ./dist/init-data.js /sbin/tini -gs -- /docker-entrypoint.sh neo4j
(The node script downloads the data and executes
neo4j-admin import). But the password remains default despite setting of the
NEO4J_AUTH env var. My usage of the Dockerfile probably broke it but I don't know how to do it right. (I also cannot change the password by adding
cypher-shell -u neo4j -p neo4j "CALL dbms.security.changePassword('graphPass');" to the script because the neo4j engine isn't started yet.)
Take a look at https://github.com/neo4j/docker-neo4j/blob/master/docker-image-src/3.5/docker-entrypoint.sh#L367-L39... to understand how
NEO4J_AUTH is handled in the original docker-entrypoint script.
Basically it uses