Project

General

Profile

Actions

Bug #21219

closed

relayd can't connect to postgresql on Ubuntu 22.04 server

Added by Alexis Mousset over 2 years ago. Updated over 2 years ago.

Status:
Released
Priority:
N/A
Category:
Relay server or API
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
First impressions of Rudder
Effort required:
Priority:
100
Name check:
To do
Fix check:
Checked
Regression:

Description


NOTE: A workaround is available

Attached binaries are builds of relayd (from the given tags) that can be used as workaround.

sha256sums:

7.1.1  ae4a5625e28867ff70a08541a3af3d34151d9f367a813c1d1b930ca07ec4962e 
7.1.2  5eeadf7c02b39ea3e75c46ae083cb6b09dd48b903bb94338c119ac0f4026a32c

To fix the problem, on your Rudder root server:

systemctl stop rudder-relayd
cp rudder-relayd /opt/rudder/bin/rudder-relayd
systemctl start rudder-relayd

You relayd service should now run correctly


Server installs correctly, but relayd refuses to connect:

rudder-relayd[15117]: ERROR r2d2: connection to server at "localhost" (127.0.0.1), port 5432 failed: SSL error: i2d ecpkparameters failure
rudder-relayd[15117]: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL:  password authentication failed for user "rudder" 

and on the postgresql side:

rudder@rudder DETAIL:  Connection matched pg_hba.conf line 95: "host    all             rudder          127.0.0.1/32            md5" 
rudder@rudder FATAL:  password authentication failed for user "rudder" 

which looks like a standard "wrong password" case (and the matched acl is the right one).

When adding an sslmode=disable the SSL error disappears, but the connection still fails.

ERROR r2d2: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL:  password authentication failed for user "rudder" 

The connection details look correct:

# grep -A3 output.database /opt/rudder/etc/relayd/main.conf 
[output.database]
url = "postgresql://rudder@localhost:5432/rudder" 
password = "7cb3e8fad6afd0a07efa" 
# grep PSQL /opt/rudder/etc/rudder-passwords.conf 
RUDDER_PSQL_PASSWORD:7cb3e8fad6afd0a07efa

And connection works with this password:

$ psql postgresql://rudder@localhost:5432/rudder?password=7cb3e8fad6afd0a07efa
psql (14.3 (Ubuntu 14.3-0ubuntu0.22.04.1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
rudder=>

This has only been seen on Ubuntu 22.04 for now (with Rudder 7.1.1). This is notably our most recent supported OS (with openssl 3.0 and postgresql 14).

relayd uses the system libpq:

# ldd /opt/rudder/bin/rudder-relayd | grep pq
    libpq.so.5 => /lib/x86_64-linux-gnu/libpq.so.5 (0x00007fd4513e1000)
# dpkg -l  | grep postg
ii  postgresql                      14+238                                  all          object-relational SQL database (supported version)
ii  postgresql-14                   14.3-0ubuntu0.22.04.1                   amd64        The World's Most Advanced Open Source Relational Database
ii  postgresql-client               14+238                                  all          front-end programs for PostgreSQL (supported version)
ii  postgresql-client-14            14.3-0ubuntu0.22.04.1                   amd64        front-end programs for PostgreSQL 14
ii  postgresql-client-common        238                                     all          manager for multiple PostgreSQL client versions
ii  postgresql-common               238                                     all          PostgreSQL database-cluster manager

Files

rudder-relayd (11.5 MB) rudder-relayd 7.1.1-1 build for Ubuntu 22.04 Alexis Mousset, 2022-06-08 12:34
rudder-relayd (11.5 MB) rudder-relayd 7.1.2 build for Ubuntu 22.04 Alexis Mousset, 2022-06-19 19:30
Actions

Also available in: Atom PDF