Project

General

Profile

Actions

Bug #10484

closed

Use the same initial database password everywhere to avoid breaking database connection before rudder-init

Added by Nicolas CHARLES over 7 years ago. Updated over 7 years ago.

Status:
Released
Priority:
N/A
Category:
Packaging
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
First impressions of Rudder
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

During install of Rudder 4.1, I had an issue with ldap (see #10482 for instance)
It caused rudder-upgrade to fail

INFO: Checking if rudder-web.properties database access credentials are all right... LDAP OK,  SQL Credentials updated
INFO: Checking if inventory-web.properties database access credentials are all right... LDAP OK,  SQL skipped
INFO: Checking PostgreSQL service status... OK
INFO: Checking LDAP service status............ FAILED
LDAP service verification failed after 10 tries.

ERROR: The migration has failed in some steps. Check previous error messages.
Please restart the failed service(s), and start the migration script again.
(on a single Rudder server, try service rudder restart)
Once it is working, run:
# /opt/rudder/bin/rudder-upgrade

running again rudder-upgrade failed, because it changed the SQL credential in /opt/rudder/etc/rudder-web.properties with invalid default credential
So script use this password to try to connect again to Postgres and fails

INFO: Checking if rudder-web.properties database access credentials are all right... LDAP OK,  SQL OK
INFO: Checking if inventory-web.properties database access credentials are all right... LDAP OK,  SQL skipped
INFO: Alternative source path added: /var/rudder/configuration-repository/ncf
INFO: A Technique library reload is needed and has been scheduled.
INFO: Checking PostgreSQL service status............ FAILED
PostgreSQL service verification failed after 10 tries.

Agent is not running, as rudder-init cannot be run yet because of the error to correct

Root cause is default password for postgresql is Normation, but distributed /opt/rudder/etc/rudder-password.conf contains rudder as a password
We need to change the default password in this file to match the real config, and make sure system would recover

Actions #1

Updated by Nicolas CHARLES over 7 years ago

  • Status changed from New to In progress
Actions #2

Updated by Nicolas CHARLES over 7 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/1311
Actions #3

Updated by Nicolas CHARLES over 7 years ago

  • Status changed from Pending technical review to Pending release
Actions #4

Updated by Alexis Mousset over 7 years ago

  • Subject changed from At rudder install, if any step fails during script rudder-upgrade, then system is in a non-easily recoverable mode to Use the same initial database password everywhere to avoid breaking the system just after installation
  • Priority set to 0
Actions #5

Updated by Alexis Mousset over 7 years ago

  • Subject changed from Use the same initial database password everywhere to avoid breaking the system just after installation to Use the same initial database password everywhere to avoid breaking database connection before rudder-init
Actions #6

Updated by Benoît PECCATTE over 7 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.1.0 which was released today.

Actions

Also available in: Atom PDF