Docker container with neo4j and password set

Question

I am trying to create a docker image which runs the Neo4j server and does not require the user to manually set the password on the initial access.

I have this as a Dockerfile

FROM neo4j:3.2
ADD setPassword.sh .
RUN ./setPassword.sh

which runs this script

#!/bin/sh

set -e

# Start server
./bin/neo4j start

# Wait for it to start
while [ -z "$(grep 'Remote interface available' /var/lib/neo4j/logs/neo4j.log)" ]
do
    echo Waiting for neo4j to start
    sleep 1
done

# Set the password via REST
wget --header="Content-Type: application/json" \
     --post-data='{"password": "newPassword"}'    \
     http://neo4j:neo4j@localhost:7474/user/neo4j/password

# Shut down the server
./bin/neo4j stop

tail -f /var/lib/neo4j/logs/neo4j.log &
sleep 10
# EOF

The script starts the Neo4j server, waits for it to start and then uses the REST API to set the password. After that, it shuts down the server and waits a bit to make sure that it is shut down so that anything in memory is flushed to disk.

The script appears to run without errors and I am able to create a new image. However, when I run the image and connect with a browser, the password is still neo4j.

Looking at the output of wget with no arguments:

BusyBox v1.26.2 (2017-06-11 06:38:32 GMT) multi-call binary.

Usage: wget [-c|--continue] [--spider] [-q|--quiet] [-O|--output-document FILE]
  [--header 'header: value'] [-Y|--proxy on/off] [-P DIR]
  [-U|--user-agent AGENT] [-T SEC] URL...

Retrieve files via HTTP or FTP

  --spider  Spider mode - only check file existence  
  -c        Continue retrieval of aborted transfer
  -q        Quiet
  -P DIR        Save to DIR (default .)
  -T SEC        Network read timeout is SEC seconds
  -O FILE       Save to FILE ('-' for stdout)
  -U STR        Use STR for User-Agent header
  -Y on/off Use proxy

it looks like the wget in the base image does not support most standard wget options, including making a post request.

I also failed to figure out how to install the standard curl in the image:

bash-4.3# apk add curl
WARNING: Ignoring APKINDEX.84815163.tar.gz: No such file or directory
WARNING: Ignoring APKINDEX.24d64ab1.tar.gz: No such filapk e or directory
ERROR: unsatisfiable constraints:
  curl (missing):
    required by: world[curl]

apk fetch and ask search give similar errors about missing tar.gz files.

I do not have any attachment to using the REST api: I want something that I can build automatically and not have to reset the password when my program accesses the database.

I did have a problem in the past where changes made in the Dockerfile where lost because the base image did a VOLUME command on the directory that holds that changes, but it looks like only /data is exported and it does not appear to hold any authorization information.

Answer 1

You can override the login-password in the docker file:

FROM neo4j:3.2
ENV NEO4J_AUTH=neo4j/newPassword