Project

General

Profile

Actions
Copy link

Bug #23025

closed

foreman-installer fails when ssl-verify is set to false for candlepin db

Added by Ales Dujicek over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Installer
Target version:
Katello 3.7.0
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/puppet-candlepin/pull/101, https://github.com/Katello/katello-installer/pull/607
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

foreman-installer fails when --katello-candlepin-db-ssl true and --katello-candlepin-db-ssl-verify false are set

/var/log/foreman-installer/katello.log
[DEBUG 2018-03-27T02:13:49 main] Exec[cpdb](provider=posix): Executing 'cpdb --create --schema-only --dbhost=dbhost.redhat.com --dbport=5432 --database=candlepin5db?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory --user=candlepin5 --password=candlepin5pw >> /var/log/candlepin/cpdb.log 2>&1 && touch /var/lib/candlepin/cpdb_done'
[DEBUG 2018-03-27T02:13:49 main] Executing: 'cpdb --create --schema-only --dbhost=dbhost.redhat.com --dbport=5432 --database=candlepin5db?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory --user=candlepin5 --password=candlepin5pw >> /var/log/candlepin/cpdb.log 2>&1 && touch /var/lib/candlepin/cpdb_done'
[ERROR 2018-03-27T02:13:49 main]
[ERROR 2018-03-27T02:13:49 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/exec.rb:68:in `block in run'
[ERROR 2018-03-27T02:13:49 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/exec.rb:30:in `chdir'
[ERROR 2018-03-27T02:13:49 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/exec.rb:30:in `run'
[ERROR 2018-03-27T02:13:49 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/exec/posix.rb:45:in `run'
[ERROR 2018-03-27T02:13:49 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/exec.rb:130:in `block in sync'
[ERROR 2018-03-27T02:13:49 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/exec.rb:127:in `times'
...
[ERROR 2018-03-27T02:13:49 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:72:in `execute'
[ERROR 2018-03-27T02:13:49 main] /opt/puppetlabs/puppet/bin/puppet:5:in `<main>'
[ERROR 2018-03-27T02:13:49 main] /Stage[main]/Candlepin::Database::Postgresql/Exec[cpdb]/returns: change from notrun to 0 failed:

/var/log/candlepin/cpdb.log:
sh: --user=candlepin5: command not found

It seems that we need to escape the ampersand in cpdb's --database parameter

Patch for puppet-candlepin

diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp
index dc100ca..db18906 100644
--- a/manifests/database/postgresql.pp
+++ b/manifests/database/postgresql.pp
@@ -41,7 +41,7 @@ class candlepin::database::postgresql(

   if $init_db {
     $ssl_verify_options = $db_ssl_verify ? {
-      false => '&sslfactory=org.postgresql.ssl.NonValidatingFactory',
+      false => '\\&sslfactory=org.postgresql.ssl.NonValidatingFactory',
       default => ''
     }

@@ -56,7 +56,7 @@ class candlepin::database::postgresql(
                        --schema-only \
                        --dbhost=${db_host} \
                        --dbport=${db_port} \
-                       --database=${db_name}${ssl_options} \
+                       --database='${db_name}${ssl_options}' \
                        --user=${db_user}  \
                        --password=${db_password} \
                        >> ${log_dir}/cpdb.log \

Similar code is in katello-installer

diff --git a/hooks/pre/30-upgrade.rb b/hooks/pre/30-upgrade.rb
index 78a1e94..3b64fc9 100644
--- a/hooks/pre/30-upgrade.rb
+++ b/hooks/pre/30-upgrade.rb
@@ -28,7 +28,7 @@ def migrate_candlepin
   db_uri = "//#{db_host}" + (db_port.nil? ? '' : ":#{db_port}") + "/#{db_name}" 
   if db_ssl
     db_uri += "?ssl=true" 
-    db_uri += "&sslfactory=org.postgresql.ssl.NonValidatingFactory" unless db_ssl_verify
+    db_uri += "\\&sslfactory=org.postgresql.ssl.NonValidatingFactory" unless db_ssl_verify
   end
   Kafo::Helpers.execute("/usr/share/candlepin/cpdb --update --database '#{db_uri}' --user #{db_user} --password #{db_password}")
 end

Steps to reproduce:
1. create postgres users and databases on remote host for candlepin and foreman
2. # foreman-installer --scenario katello --foreman-db-manage false --foreman-db-host dbhost.redhat.com --foreman-db-database foreman5db --foreman-db-username foreman5 --foreman-db-password foreman5pw --foreman-db-port 5432 --katello-candlepin-manage-db false --katello-candlepin-db-host dbhost.redhat.com --katello-candlepin-db-name candlepin5db --katello-candlepin-db-user candlepin5 --katello-candlepin-db-password candlepin5pw --katello-candlepin-db-port 5432 --foreman-db-sslmode allow --katello-candlepin-db-ssl true --katello-candlepin-db-ssl-verify false

Related issues 1 (0 open1 closed)

Related to Katello - Feature #19667: Need additional supported database deployment options for Katello installation: such as External PostgresClosedMartin Bacovsky05/25/2017Actions
Actions
Copy link

Also available in: Atom PDF