Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: quay-v3.4.6
Affects Version/s: None
Component/s: quay
Labels:
- quay
- triaged
- validator

Blocked:
False
Ready:
False
Product:
Quay Enterprise
Release Note Text:
Undefined
Git Pull Request:
https://github.com/quay/config-tool/pull/105
Market:

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

# docker logs -f quay-db-ssl
   __   __
  /  \ /  \     ______   _    _     __   __   __
 / /\ / /\ \   /  __  \ | |  | |   /  \  \ \ / /
/ /  / /  \ \  | |  | | | |  | |  / /\ \  \   /
\ \  \ \  / /  | |__| | | |__| | / ____ \  | |
 \ \/ \ \/ /   \_  ___/  \____/ /_/    \_\ |_|
  \__/ \__/      \ \__
                  \___\ by Red Hat
 Build, Store, and Distribute your Containers
Running all default registry services
Running init script '/quay-registry/conf/init/certs_create.sh'
Generating a RSA private key
......................................................................................++++
................................++++
writing new private key to 'mitm-key.pem'
-----
Running init script '/quay-registry/conf/init/certs_install.sh'
Installing extra certificates found in /quay-registry/conf/stack/extra_ca_certs directory
Running init script '/quay-registry/conf/init/copy_config_files.sh'
Running init script '/quay-registry/conf/init/d_validate_config_bundle.sh'
Validating Configuration
...
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------+--------+
| Database               | Could not connect to database. Error: FATAL #28000 no pg_hba.conf entry for host "172.17.0.2", user "testuser", database "quay", SSL off |   |
+------------------------+-------------------------------------------------------------------------
...

Output of pg_hba.conf:

hostssl replication     all             127.0.0.1/32            md5
hostssl replication     all             ::1/128                 md5
hostssl all             all             172.17.0.0/16           md5
hostssl all             all             172.24.0.0/16           md5

The IP address of the container should be covered with the CIDR in question. I've also ran a simple Centos container to see if the issue is really in the IP address as the validator tool is telling me but I can in fact log on via psql in the container:

[root@a25d1ebde7ce /]# psql "user=testuser dbname=quay host=172.24.10.50"
Password:
psql (10.15, server 11.12 (Debian 11.12-0+deb10u1))
WARNING: psql major version 10, server major version 11.
         Some psql features might not work.
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.

quay=# \q
[root@a25d1ebde7ce /]# hostname -i
172.17.0.2
[root@a25d1ebde7ce /]#

Note that the container has the same IP address as Quay container does. I've used the following DB settings in my config.yaml file:

DB_CONNECTION_ARGS: 
    autorollback: true
    threadlocals: true
    ca: 
      ssl: /conf/stack/extra_ca_certs/database.pem
DB_URI: postgresql://testuser:test123@172.24.10.50/quay

Since this issue hits many of our customers currently, I'm marking this issue as a blocker.

clones

PROJQUAY-2119 Quay config validation fails on PostgreSQL 11 backed by SSL

Closed

Assignee:: Jonathan King

Reporter:: Ivan Bazulic

QA Contact:: luffy zhang

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2021/06/15 3:34 PM

Updated:: 2022/03/15 7:13 PM

Resolved:: 2021/06/24 2:06 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates