Skip to content

installer: reuse preserved .env/admin secret on reinstall and guard Postgres volume state#86

Open
ehsanking wants to merge 4 commits intomainfrom
ehsan/fix-installer-reinstall-mode-for-postgresql-roles-94iddw
Open

installer: reuse preserved .env/admin secret on reinstall and guard Postgres volume state#86
ehsanking wants to merge 4 commits intomainfrom
ehsan/fix-installer-reinstall-mode-for-postgresql-roles-94iddw

Conversation

@ehsanking
Copy link
Copy Markdown
Owner

@ehsanking ehsanking commented Mar 30, 2026

Motivation

  • Improve reinstall workflow so preserved database credentials and admin bootstrap secret from installer backups are reused when available to avoid breaking existing DB state.
  • Prevent accidental reinstall that would leave a persistent PostgreSQL volume with incompatible credentials and cause runtime failures.
  • Make admin bootstrap behavior explicit for reinstall vs fresh installs so operator intent is clear and secure defaults are enforced.

Description

  • Added helpers to compute the compose project name and PostgreSQL named volume (compose_project_name, postgres_named_volume, postgres_volume_exists).
  • Added logic to capture environment variables from a live DB container (capture_reinstall_live_db_env) and to seed .env values from either live container env or the installer backup .env (seed_reinstall_env_from_backup).
  • Restore the runtime admin bootstrap secret from the installer backup when present (restore_reinstall_admin_secret) and include the admin secret file in upgrade/reinstall backups.
  • Added a guard that aborts reinstall when a persistent Postgres volume exists but compatible DB credentials were not restored (guard_reinstall_db_state).
  • Adjusted configure_runtime_env to drive admin prompting/bootstrapping based on mode and presence of the DB volume, require ADMIN_USERNAME for fresh/reinstall, enforce restored admin password file when reusing runtime state, and set appropriate ADMIN_BOOTSTRAP_* flags for reinstall vs fresh scenarios.
  • Wire capture_reinstall_live_db_env into main and report whether .env/admin secret were reused in the final summary.

Testing

  • Ran bash -n install.sh to validate shell syntax and it completed successfully.
  • Ran shellcheck install.sh static analysis and addressed reported issues (no blocking findings remained).

Codex Task

@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector bot commented Mar 30, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ehsanking