[deploy] Fixed password authentication failure #562

Srinath0916 · Srinath0916 · commit 031434271e43 · 2026-03-21T01:58:27.000+05:30
Prevents credential mismatch when reinstalling without clearing volumes. The script now detects existing postgres_data volumes and aborts with a clear warning instead of silently generating new credentials that break database connectivity. Fixes #562
diff --git a/deploy/auto-install.sh b/deploy/auto-install.sh
@@ -103,6 +103,44 @@ setup_docker_openwisp() {
 	echo -ne ${GRN}"Do you have .env file? Enter filepath (leave blank for ad-hoc configuration): "${NON}
 	read env_path
 	if [[ ! -f "$env_path" ]]; then
+		# Validate backup has required credentials
+		backup_has_credentials=false
+		if [[ -f "$ENV_BACKUP" ]]; then
+			backup_has_credentials=true
+			for config in DB_USER DB_PASS DJANGO_SECRET_KEY; do
+				if [[ -z "$(get_env "$config" "$ENV_BACKUP")" ]]; then
+					backup_has_credentials=false
+					break
+				fi
+			done
+		fi
+		
+		if [[ ! -f "$INSTALL_PATH/.env" ]] && [[ "$backup_has_credentials" != true ]] && docker volume inspect "docker-openwisp_postgres_data" &>/dev/null; then
+			{
+				echo -e "${RED}CRITICAL: Existing database volume detected!${NON}"
+				echo ""
+				echo "The Docker volume \"docker-openwisp_postgres_data\" already exists on this system."
+				echo "This likely means there is database data from a previous OpenWISP installation."
+				echo ""
+				echo "The auto-install script generates new database credentials during fresh installations."
+				echo "If it proceeds while this volume exists, the newly generated credentials will not"
+				echo "match the credentials stored in the existing database, making the database"
+				echo "inaccessible to OpenWISP."
+				echo ""
+				echo -e "${RED}⚠️  WARNING: The commands below will permanently delete the database volume and all"
+				echo -e "stored data. Run them only if you intentionally want to wipe the previous installation"
+				echo -e "or have a verified backup. Proceed at your own discretion.${NON}"
+				echo ""
+				echo "Cleanup commands:"
+				echo -e "  ${YLW}cd /opt/openwisp/docker-openwisp && docker compose down --volumes${NON}"
+				echo "or"
+				echo -e "  ${YLW}docker volume rm docker-openwisp_postgres_data${NON}"
+				echo ""
+				echo "Aborting installation to prevent credential mismatch."
+				echo -e "${RED}Check logs at $LOG_FILE${NON}"
+			} | tee -a "$LOG_FILE"
+			exit 1
+		fi
 		# Dashboard Domain
 		echo -ne ${GRN}"(1/5) Enter dashboard domain: "${NON}
 		read dashboard_domain
@@ -157,9 +195,27 @@ setup_docker_openwisp() {
 		fi
 		# Site manager email
 		set_env "EMAIL_DJANGO_DEFAULT" "$django_default_email"
-		# Set random secret values
-		python3 $INSTALL_PATH/build.py change-secret-key >/dev/null
-		python3 $INSTALL_PATH/build.py change-database-credentials >/dev/null
+		# Re-validate backup credentials after download
+		restore_from_backup=false
+		if [[ -f "$ENV_BACKUP" ]]; then
+			restore_from_backup=true
+			for config in DB_USER DB_PASS DJANGO_SECRET_KEY; do
+				if [[ -z "$(get_env "$config" "$ENV_BACKUP")" ]]; then
+					restore_from_backup=false
+					break
+				fi
+			done
+		fi
+		# Set random secret values only if no previous credentials exist
+		if [[ "$restore_from_backup" == true ]]; then
+			for config in DB_USER DB_PASS DJANGO_SECRET_KEY; do
+				value=$(get_env "$config" "$ENV_BACKUP")
+				set_env "$config" "$value"
+			done
+		else
+			python3 $INSTALL_PATH/build.py change-secret-key >/dev/null
+			python3 $INSTALL_PATH/build.py change-database-credentials >/dev/null
+		fi
 		# SSL Configuration
 		use_letsencrypt_lower=$(echo "$use_letsencrypt" | tr '[:upper:]' '[:lower:]')
 		if [[ "$use_letsencrypt_lower" == "y" || "$use_letsencrypt_lower" == "yes" ]]; then
