Bug #21219: relayd can't connect to postgresql on Ubuntu 22.04 server - Rudder - Issue Tracker

Bug #21219

Updated by Alexis Mousset almost 2 years ago

---- 

 *%{color:green}NOTE: A workaround is available in https://issues.rudder.io/issues/21219#note-17%* https://issues.rudder.io/issues/21219#note-18%* 

 ---- 

 Server installs correctly, but relayd refuses to connect: 

 <pre> 
 rudder-relayd[15117]: ERROR r2d2: connection to server at "localhost" (127.0.0.1), port 5432 failed: SSL error: i2d ecpkparameters failure 
 rudder-relayd[15117]: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL:    password authentication failed for user "rudder" 
 </pre> 

 and on the postgresql side: 

 <pre> 
 rudder@rudder DETAIL:    Connection matched pg_hba.conf line 95: "host      all               rudder            127.0.0.1/32              md5" 
 rudder@rudder FATAL:    password authentication failed for user "rudder" 
 </pre> 

 which looks like a standard "wrong password" case (and the matched acl is the right one). 

 When adding an @sslmode=disable@ the SSL error disappears, but the connection still fails. 

 <pre> 
 ERROR r2d2: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL:    password authentication failed for user "rudder" 
 </pre> 

 The connection details look correct: 

 <pre> 
 # grep -A3 output.database /opt/rudder/etc/relayd/main.conf  
 [output.database] 
 url = "postgresql://rudder@localhost:5432/rudder" 
 password = "7cb3e8fad6afd0a07efa" 
 </pre> 

 <pre> 
 # grep PSQL /opt/rudder/etc/rudder-passwords.conf  
 RUDDER_PSQL_PASSWORD:7cb3e8fad6afd0a07efa 
 </pre> 

 And connection works with this password: 

 <pre> 
 $ psql postgresql://rudder@localhost:5432/rudder?password=7cb3e8fad6afd0a07efa 
 psql (14.3 (Ubuntu 14.3-0ubuntu0.22.04.1)) 
 SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off) 
 Type "help" for help. 
 rudder=> 
 </pre> 

 This has only been seen on Ubuntu 22.04 for now (with Rudder 7.1.1). This is notably our most recent supported OS (with openssl 3.0 and postgresql 14). 

 relayd uses the system libpq: 

 <pre> 
 # ldd /opt/rudder/bin/rudder-relayd | grep pq 
	 libpq.so.5 => /lib/x86_64-linux-gnu/libpq.so.5 (0x00007fd4513e1000) 
 </pre> 

 <pre> 
 # dpkg -l    | grep postg 
 ii    postgresql                        14+238                                    all            object-relational SQL database (supported version) 
 ii    postgresql-14                     14.3-0ubuntu0.22.04.1                     amd64          The World's Most Advanced Open Source Relational Database 
 ii    postgresql-client                 14+238                                    all            front-end programs for PostgreSQL (supported version) 
 ii    postgresql-client-14              14.3-0ubuntu0.22.04.1                     amd64          front-end programs for PostgreSQL 14 
 ii    postgresql-client-common          238                                       all            manager for multiple PostgreSQL client versions 
 ii    postgresql-common                 238                                       all            PostgreSQL database-cluster manager 
 </pre>

Back

Project

General

Profile

Rudder

Bug #21219