Goddamn it. Solved except: Postgres FATAL role root does not exist

[bor8]

I destroyed my Postgres database because I did not define an HTTP connect proxy for the database. The update script from Postgres 10 to 12 uses apt. But apt needs my proxy to get out. After docker-compose down and up -d, GitLab booted up, but all users and repos were gone!

The recovery steps were approximate:

# Shut down and delete four containers and the network:
docker-compose down
mkdir ./kaputt-2020-05-30/
mv ./volume_gitlab/data/ ./kaputt-2020-05-30/
mv ./volume_postgresql/ ./kaputt-2020-05-30/
mv ./volume_redis/ ./kaputt-2020-05-30/
# Change the docker-compose.yml file to the versions of the last backup: sameersbn/postgresl:10-2 and sameersbn/gitlab:12.9.5 !
docker-compose up -d
# Put the last backup as the only backup:
cp ./kaputt-2020-05-30/data/backups/1590793353_2020_05_29_12.9.5_gitlab_backup.tar ./volume_gitlab/data/backups/
docker-compose exec gitlab bash
su - git
export PGUSER=gitlab
export PGPASSWORD=***
cd gitlab
# Restore the backup:
bundle exec rake gitlab:backup:restore RAILS_ENV=production

!!! Define your HTTP connect proxy in /etc/apt/apt.conf and mount it in docker-compose.yml file under volumes !!!

version: '3.7'

services:
    redis:
        command:
            - --loglevel warning
        image: sameersbn/redis:4.0.9-3
        networks:
            blubb:
        restart: always
        volumes:
            - ./volume_redis:/var/lib/redis:Z

    postgresql:
        environment:
            - DB_USER=gitlab
            - DB_PASS=***
            - DB_NAME=gitlabhq_production
            - DB_EXTENSION=pg_trgm
        # image: sameersbn/postgresql:10-2
        image: sameersbn/postgresql:12-20200524
        restart: always
        volumes:
            - /etc/apt/apt.conf:/etc/apt/apt.conf
            - ./volume_postgresql:/var/lib/postgresql:Z
        networks:
            blubb:

    gitlab:
        depends_on:
            - redis
            - postgresql
        environment:
            # - http_proxy=
            # - https_proxy=
            - http_proxy=http://corporate-proxy:8080
            - https_proxy=http://corporate-proxy:8080
            - no_proxy=127.0.0.1,localhost,redis,postgresql,gitlab,registry
            - DEBUG=false

            - DB_ADAPTER=postgresql
            - DB_HOST=postgresql
            - DB_PORT=5432
            - DB_USER=gitlab
            - DB_PASS=***
            - DB_NAME=gitlabhq_production

            - REDIS_HOST=redis
            - REDIS_PORT=6379

            - TZ=Europe/Berlin
            - GITLAB_TIMEZONE=Berlin

            - GITLAB_HTTPS=true
            - SSL_SELF_SIGNED=false

            - GITLAB_HOST=****
            - GITLAB_SSH_HOST=****
            - GITLAB_PORT=443
            - GITLAB_SSH_PORT=10122
            - GITLAB_RELATIVE_URL_ROOT=
            - GITLAB_SECRETS_DB_KEY_BASE=**********
            - GITLAB_SECRETS_SECRET_KEY_BASE=**********
            - GITLAB_SECRETS_OTP_KEY_BASE=**********

            - GITLAB_ROOT_PASSWORD=*********
            - GITLAB_ROOT_EMAIL=********@*******

            - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
            - GITLAB_NOTIFY_PUSHER=false

            - GITLAB_EMAIL=********@*******
            - GITLAB_EMAIL_REPLY_TO=********@*******
            - GITLAB_INCOMING_EMAIL_ADDRESS=********@*******

            - GITLAB_BACKUP_SCHEDULE=daily
            - GITLAB_BACKUP_TIME=01:00

            - SMTP_ENABLED=true
            - SMTP_DOMAIN=*******
            - SMTP_HOST=**
            - SMTP_PORT=25
            - SMTP_USER=
            - SMTP_PASS=
            - SMTP_STARTTLS=false
            - SMTP_AUTHENTICATION=false

            - IMAP_ENABLED=false
            - IMAP_HOST=imap.gmail.com
            - IMAP_PORT=993
            - [email protected]
            - IMAP_PASS=password
            - IMAP_SSL=true
            - IMAP_STARTTLS=false

            - OAUTH_ENABLED=false
            - OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
            - OAUTH_ALLOW_SSO=
            - OAUTH_BLOCK_AUTO_CREATED_USERS=true
            - OAUTH_AUTO_LINK_LDAP_USER=false
            - OAUTH_AUTO_LINK_SAML_USER=false
            - OAUTH_EXTERNAL_PROVIDERS=

            - OAUTH_CAS3_LABEL=cas3
            - OAUTH_CAS3_SERVER=
            - OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
            - OAUTH_CAS3_LOGIN_URL=/cas/login
            - OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
            - OAUTH_CAS3_LOGOUT_URL=/cas/logout

            - OAUTH_GOOGLE_API_KEY=
            - OAUTH_GOOGLE_APP_SECRET=
            - OAUTH_GOOGLE_RESTRICT_DOMAIN=

            - OAUTH_FACEBOOK_API_KEY=
            - OAUTH_FACEBOOK_APP_SECRET=

            - OAUTH_TWITTER_API_KEY=
            - OAUTH_TWITTER_APP_SECRET=

            - OAUTH_GITHUB_API_KEY=
            - OAUTH_GITHUB_APP_SECRET=
            - OAUTH_GITHUB_URL=
            - OAUTH_GITHUB_VERIFY_SSL=

            - OAUTH_GITLAB_API_KEY=
            - OAUTH_GITLAB_APP_SECRET=

            - OAUTH_BITBUCKET_API_KEY=
            - OAUTH_BITBUCKET_APP_SECRET=

            - OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
            - OAUTH_SAML_IDP_CERT_FINGERPRINT=
            - OAUTH_SAML_IDP_SSO_TARGET_URL=
            - OAUTH_SAML_ISSUER=
            - OAUTH_SAML_LABEL="Our SAML Provider"
            - OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
            - OAUTH_SAML_GROUPS_ATTRIBUTE=
            - OAUTH_SAML_EXTERNAL_GROUPS=
            - OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
            - OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
            - OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=
            - OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
            - OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=

            - OAUTH_CROWD_SERVER_URL=
            - OAUTH_CROWD_APP_NAME=
            - OAUTH_CROWD_APP_PASSWORD=

            - OAUTH_AUTH0_CLIENT_ID=
            - OAUTH_AUTH0_CLIENT_SECRET=
            - OAUTH_AUTH0_DOMAIN=

            - OAUTH_AZURE_API_KEY=
            - OAUTH_AZURE_API_SECRET=
            - OAUTH_AZURE_TENANT_ID=

            # Registry
            - GITLAB_REGISTRY_ENABLED=true
            - GITLAB_REGISTRY_HOST=******
            - GITLAB_REGISTRY_PORT=443
            - GITLAB_REGISTRY_API_URL=https://******/
            - GITLAB_REGISTRY_KEY_PATH=/certs/registry.key
        extra_hosts:
            - "******:<REVERSE_PROXY_IP>"
        # image: sameersbn/gitlab:12.9.5
        image: sameersbn/gitlab:13.0.3
        networks:
            blubb:
        ports:
            - "10099:80"
            - "10122:22"
        restart: always
        volumes:
            - ./certs:/certs
            # - ./volume_gitlab/config/gitlab.yml:/home/git/gitlab/config/gitlab.yml:Z
            - ./volume_gitlab/data/:/home/git/data/:Z

    registry:
        environment:
            - REGISTRY_LOG_LEVEL=info
            - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
            - REGISTRY_AUTH_TOKEN_REALM=https://****/jwt/auth
            - REGISTRY_AUTH_TOKEN_SERVICE=container_registry
            - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
            - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry.crt
            - REGISTRY_STORAGE_DELETE_ENABLED=true
        extra_hosts:
            - "****:<REVERSE_PROXY_IP>"
        image: registry:2.7.1
        networks:
            blubb:
        ports:
            - "5099:5000"
        restart: always
        volumes:
            - ./volume_gitlab/shared/registry:/registry
            - ./certs:/certs
networks:
    blubb:

Now you can change versions in Postgres image and GitLab image - one after the other. Works.

docker-compose logs -f

postgresql_1  | 2020-05-30 19:37:55.269 UTC [300] FATAL:  role "root" does not exist

Please help for the last step.