Project

General

Profile

Actions

Bug #16450

closed

Webapp can't connect to postgres before first agent run

Added by François ARMAND about 5 years ago. Updated almost 5 years ago.

Status:
Released
Priority:
N/A
Category:
System integration
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
First impressions of Rudder
Effort required:
Priority:
80
Name check:
Reviewed
Fix check:
Checked
Regression:

Description

Password are not correct. A rudder agent run -u correct it, but the user experience is abysmal.

Actions #2

Updated by Nicolas CHARLES almost 5 years ago

Does not happen on Centos8

Actions #3

Updated by Nicolas CHARLES almost 5 years ago

interestingly, it worked, and then stopped working as something changed it

relevant agent logs are

rudder     info: Object '/opt/rudder/etc/relayd' had permission 0755, changed it to 0750
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@/opt/rudder/etc/relayd@@2019-12-23 13:50:22+00:00##root@#Ensure permissions mode 640, owner root and group rudder on /opt/rudder/etc/relayd on type all with inf recursion level was repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@/opt/rudder/etc/relayd@@2019-12-23 13:50:22+00:00##root@#Ensure permissions mode 640, owner root and group rudder on /opt/rudder/etc/relayd with ${recursion} recursion level was repaired
rudder     info: Moved '/opt/rudder/etc/relayd/main.conf_1577109021_Mon_Dec_23_13_50_24_2019.cf-before-edit' to repository location '/var/rudder/modified-files/_opt_rudder_etc_relayd_main_conf_1577109021_Mon_Dec_23_13_50_24_2019_cf_before_edit'
rudder     info: Updated rendering of '/opt/rudder/etc/relayd/main.conf' from mustache template '/var/rudder/cfengine-community/inputs/server-roles/1.0/relayd.conf.tpl'
rudder     info: Edit file '/opt/rudder/etc/relayd/main.conf'
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@/opt/rudder/etc/relayd/main.conf@@2019-12-23 13:50:22+00:00##root@#Build file /opt/rudder/etc/relayd/main.conf from mustache type template /var/rudder/cfengine-community/inputs/server-roles/1.0/relayd.conf.tpl was repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@/opt/rudder/etc/relayd/main.conf@@2019-12-23 13:50:22+00:00##root@#Build file /opt/rudder/etc/relayd/main.conf from mustache template /var/rudder/cfengine-community/inputs/server-roles/1.0/relayd.conf.tpl was repaired
rudder     info: Executing 'no timeout' ... '/bin/systemctl --no-ask-password restart rudder-relayd.service'
rudder     info: Completed execution of '/bin/systemctl --no-ask-password restart rudder-relayd.service'
R: [INFO] Executing restart on rudder-relayd using the systemctl method
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@rudder-relayd@@2019-12-23 13:50:22+00:00##root@#Run action restart on service rudder-relayd was repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@rudder-relayd@@2019-12-23 13:50:22+00:00##root@#Restart service rudder_relayd if 'any' condition defined was repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@rudder-relayd@@2019-12-23 13:50:22+00:00##root@#Restart service rudder-relayd was repaired
R: @@server-roles@@result_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@None@@2019-12-23 13:50:22+00:00##root@#rudder-relayd configration was repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@None@@2019-12-23 13:50:22+00:00##root@#rudder-relayd service has been restarted
R: [INFO] Executing is-active on postgresql using the systemctl method
R: @@server-roles@@log_info@@server-roles@@server-roles-directive@@0@@Check postgresql process@@postgresql@@2019-12-23 13:50:22+00:00##root@#Check if the service postgresql is started was correct
R: @@server-roles@@log_info@@server-roles@@server-roles-directive@@0@@Check postgresql process@@postgresql@@2019-12-23 13:50:22+00:00##root@#Ensure that service postgresql is running was correct
R: [INFO] Executing is-enabled on postgresql using the systemctl method
R: @@server-roles@@log_info@@server-roles@@server-roles-directive@@0@@Check postgresql process@@postgresql@@2019-12-23 13:50:22+00:00##root@#Check if service postgresql is started at boot was correct
R: @@server-roles@@log_info@@server-roles@@server-roles-directive@@0@@Check postgresql process@@postgresql@@2019-12-23 13:50:22+00:00##root@#Ensure service postgresql is started at boot was correct
R: @@server-roles@@result_success@@server-roles@@server-roles-directive@@0@@Check postgresql process@@None@@2019-12-23 13:50:22+00:00##root@#postgresql service running was correct
R: @@server-roles@@result_success@@server-roles@@server-roles-directive@@0@@Check postgresql boot script@@None@@2019-12-23 13:50:22+00:00##root@#postgresql service enabled was correct
rudder     info: Moved '/opt/rudder/etc/openldap/slapd.conf.cf-before-edit' to repository location '/var/rudder/modified-files/_opt_rudder_etc_openldap_slapd_conf_cf_before_edit'
rudder     info: Edit file '/opt/rudder/etc/openldap/slapd.conf'
rudder     info: Executing 'no timeout' ... '/bin/systemctl --no-ask-password reset-failed rudder-slapd.service'
rudder     info: Completed execution of '/bin/systemctl --no-ask-password reset-failed rudder-slapd.service'
rudder     info: Executing 'no timeout' ... '/bin/systemctl --no-ask-password restart rudder-slapd.service'
rudder     info: Completed execution of '/bin/systemctl --no-ask-password restart rudder-slapd.service'
R: [INFO] Executing restart on rudder-slapd using the systemctl method
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Check LDAP in rudder-webapp.properties@@rudder-slapd@@2019-12-23 13:50:22+00:00##root@#Run action restart on service rudder-slapd was repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Check LDAP in rudder-webapp.properties@@rudder-slapd@@2019-12-23 13:50:22+00:00##root@#Restart service rudder_slapd if 'any' condition defined was repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Check LDAP in rudder-webapp.properties@@rudder-slapd@@2019-12-23 13:50:22+00:00##root@#Restart service rudder-slapd was repaired
R: @@server-roles@@result_success@@server-roles@@server-roles-directive@@0@@Check LDAP in rudder-webapp.properties@@None@@2019-12-23 13:50:22+00:00##root@#Web interface configuration files (checked LDAP password) was correct
R: @@server-roles@@result_repaired@@server-roles@@server-roles-directive@@0@@Check LDAP credentials@@None@@2019-12-23 13:50:22+00:00##root@#OpenLDAP configuration file (rootdn password) was repaired
R: @@server-roles@@log_info@@server-roles@@server-roles-directive@@0@@Check LDAP credentials@@None@@2019-12-23 13:50:22+00:00##root@#rudder-slapd has been restarted
rudder     info: Setting field sub-value 'de69d5cb6e5463e21035' in '//root/.pgpass'
rudder     info: Edited field inside file object //root/.pgpass
rudder     info: Moved '//root/.pgpass.cf-before-edit' to repository location '/var/rudder/modified-files/__root__pgpass_cf_before_edit'
rudder     info: Edit file '//root/.pgpass'
R: @@server-roles@@result_success@@server-roles@@server-roles-directive@@0@@Check rudder-passwords.conf@@None@@2019-12-23 13:50:22+00:00##root@#Presence and permissions of Rudder password file was correct
R: @@server-roles@@result_repaired@@server-roles@@server-roles-directive@@0@@Check pgpass file@@None@@2019-12-23 13:50:22+00:00##root@#Presence and permissions of pgsql password file was repaired
R: @@server-roles@@result_success@@server-roles@@server-roles-directive@@0@@Check SQL in rudder-webapp.properties@@None@@2019-12-23 13:50:22+00:00##root@#Web interface configuration files (SQL password) was correct
R: @@server-roles@@result_success@@server-roles@@server-roles-directive@@0@@Check SQL credentials@@None@@2019-12-23 13:50:22+00:00##root@#PostgreSQL user account's already correct.
rudder     info: Object '/opt/rudder/etc/rudder-web.properties' had permission 0644, changed it to 0600
rudder     info: Object '/opt/rudder/etc/rudder-users.xml' had permission 0644, changed it to 0600
rudder     info: Executing 'no timeout' ... '/bin/systemctl --no-ask-password reset-failed rudder-jetty.service'
rudder     info: Completed execution of '/bin/systemctl --no-ask-password reset-failed rudder-jetty.service'
rudder     info: Executing 'no timeout' ... '/bin/systemctl --no-ask-password restart rudder-jetty.service'
   error: Finished command related to promiser '/bin/systemctl --no-ask-password restart rudder-jetty.service' -- an error occurred, returned 1
rudder     info: Completed execution of '/bin/systemctl --no-ask-password restart rudder-jetty.service'
R: [INFO] Executing restart on rudder-jetty using the systemctl method
   error: Method 'ncf_services' failed in some repairs
R: @@server-roles@@log_warn@@server-roles@@server-roles-directive@@0@@Check rudder-webapp.properties@@rudder-jetty@@2019-12-23 13:50:22+00:00##root@#Run action restart on service rudder-jetty could not be repaired
   error: Method 'service_action' failed in some repairs
R: @@server-roles@@log_warn@@server-roles@@server-roles-directive@@0@@Check rudder-webapp.properties@@rudder-jetty@@2019-12-23 13:50:22+00:00##root@#Restart service rudder_jetty if 'any' condition defined could not be repaired
   error: Method 'service_restart_if' failed in some repairs
R: @@server-roles@@log_warn@@server-roles@@server-roles-directive@@0@@Check rudder-webapp.properties@@rudder-jetty@@2019-12-23 13:50:22+00:00##root@#Restart service rudder-jetty could not be repaired
   error: Method 'service_restart' failed in some repairs
   error: Method 'root_password_restart_jetty' failed in some repairs
rudder     info: Object '/opt/rudder/etc/rudder-networks-policy-server-24.conf' had permission 0644, changed it to 0600
rudder     info: Moved '/opt/rudder/etc/rudder-networks-policy-server-24.conf_1577109021_Mon_Dec_23_13_51_27_2019.cf-before-edit' to repository location '/var/rudder/modified-files/_opt_rudder_etc_rudder_networks_policy_server_24_conf_1577109021_Mon_Dec_23_13_51_27_2019_cf_before_edit'
rudder     info: Edit file '/opt/rudder/etc/rudder-networks-policy-server-24.conf'
rudder     info: Object '/opt/rudder/etc/rudder-networks-24.conf' had permission 0644, changed it to 0600
rudder     info: Moved '/opt/rudder/etc/rudder-networks-24.conf_1577109021_Mon_Dec_23_13_51_27_2019.cf-before-edit' to repository location '/var/rudder/modified-files/_opt_rudder_etc_rudder_networks_24_conf_1577109021_Mon_Dec_23_13_51_27_2019_cf_before_edit'
rudder     info: Edit file '/opt/rudder/etc/rudder-networks-24.conf'
R: @@server-roles@@result_repaired@@server-roles@@server-roles-directive@@0@@Check allowed networks configuration@@None@@2019-12-23 13:50:22+00:00##root@#Allowed networks configuration has been repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Check allowed networks configuration@@None@@2019-12-23 13:50:22+00:00##root@#Apache has been reloaded successfully
rudder     info: Group of '/opt/rudder/etc/htpasswd-webdav' was 0, setting to 48
rudder     info: Object '/opt/rudder/etc/htpasswd-webdav' had permission 0644, changed it to 0640
rudder     info: Setting field sub-value '3072817ea8d67191b62b' in '/opt/rudder/etc/rudder-web.properties'
rudder     info: Edited field inside file object /opt/rudder/etc/rudder-web.properties
rudder     info: Moved '/opt/rudder/etc/rudder-web.properties.cf-before-edit' to repository location '/var/rudder/modified-files/_opt_rudder_etc_rudder_web_properties_cf_before_edit'
rudder     info: Edit file '/opt/rudder/etc/rudder-web.properties'
rudder     info: Executing 'no timeout' ... '/usr/bin/htpasswd -b /opt/rudder/etc/htpasswd-webdav rudder 3072817ea8d67191b62b'

Actions #4

Updated by Nicolas CHARLES almost 5 years ago

There is something really odd: rudder-init update passwords in rudder-passwords.conf, and restart rudder-jetty. But is doesn't ensure passwords are propagated correctly

Actions #5

Updated by Nicolas CHARLES almost 5 years ago

rudder-init used to

# Run all server-specific bundles (except propagatePromises, because they're aren't any yet)
"${CF_AGENT}" -b propagatePromises,install_rsyslogd,root_component_check >> "$TMP_LOG" 2>&1

Actions #6

Updated by Nicolas CHARLES almost 5 years ago

  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES
Actions #7

Updated by Nicolas CHARLES almost 5 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/2171
Actions #8

Updated by Nicolas CHARLES almost 5 years ago

  • Status changed from Pending technical review to Pending release
Actions #9

Updated by François ARMAND almost 5 years ago

  • Fix check changed from To do to Checked
Actions #10

Updated by Alexis Mousset almost 5 years ago

  • Subject changed from Rudder can't connect to postgres after installation to Webapp can't connect to postgres before first agent run
  • Name check changed from To do to Reviewed
Actions #11

Updated by Vincent MEMBRÉ almost 5 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 6.0.2 which was released today.

Actions

Also available in: Atom PDF