Bug #21219
closedrelayd can't connect to postgresql on Ubuntu 22.04 server
Description
NOTE: A workaround is available
Attached binaries are builds of relayd (from the given tags) that can be used as workaround.
sha256sums:
7.1.1 ae4a5625e28867ff70a08541a3af3d34151d9f367a813c1d1b930ca07ec4962e 7.1.2 5eeadf7c02b39ea3e75c46ae083cb6b09dd48b903bb94338c119ac0f4026a32c
To fix the problem, on your Rudder root server:
systemctl stop rudder-relayd
cp rudder-relayd /opt/rudder/bin/rudder-relayd
systemctl start rudder-relayd
You relayd service should now run correctly
Server installs correctly, but relayd refuses to connect:
rudder-relayd[15117]: ERROR r2d2: connection to server at "localhost" (127.0.0.1), port 5432 failed: SSL error: i2d ecpkparameters failure rudder-relayd[15117]: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL: password authentication failed for user "rudder"
and on the postgresql side:
rudder@rudder DETAIL: Connection matched pg_hba.conf line 95: "host all rudder 127.0.0.1/32 md5" rudder@rudder FATAL: password authentication failed for user "rudder"
which looks like a standard "wrong password" case (and the matched acl is the right one).
When adding an sslmode=disable
the SSL error disappears, but the connection still fails.
ERROR r2d2: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL: password authentication failed for user "rudder"
The connection details look correct:
# grep -A3 output.database /opt/rudder/etc/relayd/main.conf [output.database] url = "postgresql://rudder@localhost:5432/rudder" password = "7cb3e8fad6afd0a07efa"
# grep PSQL /opt/rudder/etc/rudder-passwords.conf RUDDER_PSQL_PASSWORD:7cb3e8fad6afd0a07efa
And connection works with this password:
$ psql postgresql://rudder@localhost:5432/rudder?password=7cb3e8fad6afd0a07efa psql (14.3 (Ubuntu 14.3-0ubuntu0.22.04.1)) SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off) Type "help" for help. rudder=>
This has only been seen on Ubuntu 22.04 for now (with Rudder 7.1.1). This is notably our most recent supported OS (with openssl 3.0 and postgresql 14).
relayd uses the system libpq:
# ldd /opt/rudder/bin/rudder-relayd | grep pq libpq.so.5 => /lib/x86_64-linux-gnu/libpq.so.5 (0x00007fd4513e1000)
# dpkg -l | grep postg ii postgresql 14+238 all object-relational SQL database (supported version) ii postgresql-14 14.3-0ubuntu0.22.04.1 amd64 The World's Most Advanced Open Source Relational Database ii postgresql-client 14+238 all front-end programs for PostgreSQL (supported version) ii postgresql-client-14 14.3-0ubuntu0.22.04.1 amd64 front-end programs for PostgreSQL 14 ii postgresql-client-common 238 all manager for multiple PostgreSQL client versions ii postgresql-common 238 all PostgreSQL database-cluster manager
Files