Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-1516

Quay postgresql database password was changed after trigger reconfigure quay

XMLWordPrintable

    • False
    • False
    • Undefined

      Description:

      This is issue found when use Quay config editor to enable build, configure Github trigger, Gitlab trigger, Bitbucket trigger, after input valid configurations, validation passed, trigger reconfigure quay, the results is quay-app pod, quay-config-editor pod, quay-postresql-database pod are redeployed, and new quay database password was generated, which cause quay was failed to start, and with config editor, the validation was failed.

      Error message in Quay POD:

      Database               | Could not connect to database. Error: FATAL #28P01 password authentication failed for user "quayregistry-quay-database"

      Pls investigate why in this situation quay configure editor trigger to redeploy quay database, and cause quay was broken.

      QE get W/A on this issue, that's get the new database password from the new generated quay postgresql config secret, and use config editor to update and delete current quay-app POD in ERROR status, then new quay-app POD come into ready status, and validation with config editor was passed.

      See the following output, in QE's env totally 3 quay-postgresql config secret are generated.

      lizhang@lzha-mac quay3.4 % oc get pod
NAME                                               READY   STATUS        RESTARTS   AGE
quay-operator.v3.4.0-6766cc49d9-5fvh2              1/1     Running       0          3h17m
quayregistry-clair-app-7878fb65f9-gd4rj            1/1     Running       0          3h1m
quayregistry-clair-app-8665cc87f4-b82dn            0/1     Running       0          6s
quayregistry-clair-postgres-86cbb66fd4-lc798       1/1     Running       1          3h8m
quayregistry-quay-app-7659b6c85f-ccpl4             1/1     Running       2          3h1m
quayregistry-quay-app-965ff6765-sp7x9              0/1     Running       0          7s
quayregistry-quay-config-editor-5bb849c7bf-bfdxf   1/1     Terminating   0          3h1m
quayregistry-quay-config-editor-64bcddcb9c-6twpj   1/1     Running       0          7s
quayregistry-quay-database-c6d6c48cb-w97rd         1/1     Terminating   0          3h1m
quayregistry-quay-mirror-6686d5bd44-q7566          1/1     Terminating   0          3h1m
quayregistry-quay-postgres-init-2tr4k              0/1     Completed     0          3h8m
quayregistry-quay-postgres-init-5z5hg              1/1     Running       0          6s
quayregistry-quay-postgres-init-jzwv5              0/1     Completed     0          3h1m
quayregistry-quay-redis-6d64f8778-f4h6b            1/1     Running       0          3h8m

lizhang@lzha-mac quay3.4 % oc get secret | grep quayregistry-postgres
quayregistry-postgres-bootstrap-bff8cm6b7k               Opaque                                1      9h
quayregistry-postgres-config-secret-ftkmk4cc8g           Opaque                                4      9h
quayregistry-postgres-config-secret-gfkc52dcg2           Opaque                                4      9h
quayregistry-postgres-config-secret-t4mdmk8g94           Opaque                                4      6h18m

oc get secret quayregistry-postgres-config-secret-t4mdmk8g94 -o json | jq '.data'                   
{
  "database-name": "cXVheXJlZ2lzdHJ5LXF1YXktZGF0YWJhc2U=",
  "database-password": "T3ltanFTSFRLQm8zVzBDMG12WG9kQnBZSU1Vc05EWjg=",
  "database-root-password": "NkFndS1PaUZSd1VPMm5hb05xSW9yZlU5VUxlZjB4anM=",
  "database-username": "cXVheXJlZ2lzdHJ5LXF1YXktZGF0YWJhc2U="
}

oc get secret quayregistry-postgres-config-secret-gfkc52dcg2 -o json | jq '.data'
{
  "database-name": "cXVheXJlZ2lzdHJ5LXF1YXktZGF0YWJhc2U=",
  "database-password": "dDIwaUJGMkhVMVgzNXVRRG9RWEcwZVlXamxBbFQ5Mzc=",
  "database-root-password": "WGkwN2dzVDFqR1JoNGwzUWwzR2tkeWhvOVZKR3RsOVY=",
  "database-username": "cXVheXJlZ2lzdHJ5LXF1YXktZGF0YWJhc2U="
}

       

      Index Image:

      v4.6: registry-proxy.engineering.redhat.com/rh-osbs/iib:42025

      Quay Image:

      oc get pod quayregistry-quay-app-7659b6c85f-ccpl4 -o json | jq '.spec.containers[0].image'
"registry.redhat.io/quay/quay-rhel8@sha256:5ec1c488609362f2ab4dae54b48f87dbc2d378e9525fa852cb69a3a0c545a285"    

      Steps:

      1. Deploy Quay 3.4 with V3.4 TNG Operator on AWS using AWS S3 object Storage
      2. Open quay config editor
      3. Enable build, configure github, gitlab, Bitbucket trigger with valid configuration
      4. Click validation and get passed
      5. Click Reconfigure Quay to trigger redeployment
      6. Check Quay new POD status
      7. Login Quay config editor with new random password

      Expected Results:

      Only Quay app POD and quay config editor POD were redeployed successfully.

      Actual Results:

      Quay app POD, quay config editor POD and quay database POD are redeployed, and the password of Quay postgresql database was changed.

      In Step6 quay app POD was failed to start with error message "*Could not connect to database. Error: FATAL #28P01 password authentication failed for user "quayregistry-quay-database".  In Step7 after login quay configure editor, validation was failed with the same error message.

       

              rhn-coreos-amerdler Alec Merdler (Inactive)
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: