Project

General

Profile

Bug #10484

Use the same initial database password everywhere to avoid breaking database connection before rudder-init

Added by Nicolas CHARLES 6 months ago. Updated 6 months ago.

Status:
Released
Priority:
N/A
Category:
Packaging
Target version:
Target version (plugin):
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
User visibility:
First impressions of Rudder
Effort required:
Priority:
0

Description

During install of Rudder 4.1, I had an issue with ldap (see #10482 for instance)
It caused rudder-upgrade to fail

INFO: Checking if rudder-web.properties database access credentials are all right... LDAP OK,  SQL Credentials updated
INFO: Checking if inventory-web.properties database access credentials are all right... LDAP OK,  SQL skipped
INFO: Checking PostgreSQL service status... OK
INFO: Checking LDAP service status............ FAILED
LDAP service verification failed after 10 tries.

ERROR: The migration has failed in some steps. Check previous error messages.
Please restart the failed service(s), and start the migration script again.
(on a single Rudder server, try service rudder restart)
Once it is working, run:
# /opt/rudder/bin/rudder-upgrade

running again rudder-upgrade failed, because it changed the SQL credential in /opt/rudder/etc/rudder-web.properties with invalid default credential
So script use this password to try to connect again to Postgres and fails

INFO: Checking if rudder-web.properties database access credentials are all right... LDAP OK,  SQL OK
INFO: Checking if inventory-web.properties database access credentials are all right... LDAP OK,  SQL skipped
INFO: Alternative source path added: /var/rudder/configuration-repository/ncf
INFO: A Technique library reload is needed and has been scheduled.
INFO: Checking PostgreSQL service status............ FAILED
PostgreSQL service verification failed after 10 tries.

Agent is not running, as rudder-init cannot be run yet because of the error to correct

Root cause is default password for postgresql is Normation, but distributed /opt/rudder/etc/rudder-password.conf contains rudder as a password
We need to change the default password in this file to match the real config, and make sure system would recover

Associated revisions

Revision 6b815930
Added by Nicolas CHARLES 6 months ago

Fixes #10484: At rudder install, if any step fails during script rudder-upgrade, then system is in a non-easily recoverable mode

History

#1 Updated by Nicolas CHARLES 6 months ago

  • Status changed from New to In progress

#2 Updated by Nicolas CHARLES 6 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis MOUSSET
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/1311

#3 Updated by Nicolas CHARLES 6 months ago

  • Status changed from Pending technical review to Pending release

#4 Updated by Alexis MOUSSET 6 months ago

  • Subject changed from At rudder install, if any step fails during script rudder-upgrade, then system is in a non-easily recoverable mode to Use the same initial database password everywhere to avoid breaking the system just after installation
  • Priority set to 0

#5 Updated by Alexis MOUSSET 6 months ago

  • Subject changed from Use the same initial database password everywhere to avoid breaking the system just after installation to Use the same initial database password everywhere to avoid breaking database connection before rudder-init

#6 Updated by BenoƮt PECCATTE 6 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.1.0 which was released today.

Also available in: Atom PDF