-
Bug
-
Resolution: Done
-
Blocker
-
quay-v3.5.3
-
False
-
False
-
Undefined
-
-
0
Description:
This is an issue found when use Crunchy Postgresql 13 with sslmode=verify-ca to deploy Quay, now when Customers want to use Crunchy Postgresql 13 as Quay database, they need to upload sslcert,sslkey,rootcert, but Quay 3.5.3 doesn't support.
Quay 3.5.3:
oc get pod quayv353mysql-quay-config-editor-7789bb946c-66pmh -o json | jq '.spec.containers[0].image' "registry.redhat.io/quay/quay-rhel8@sha256:6bc0876415eee1daa28f04a325c3d31441b52b5b4b1a2c0aff2025627e34a551" oc get pod quay-operator.v3.5.3-6fb97d65b-k968b -o json | jq '.spec.containers[0].image' "registry.redhat.io/quay/quay-operator-rhel8@sha256:11a121eaa03a9a8c7a01c128e8fe91d684d5ec8ce6a0b14da1db9fc934e320a0"
How to deploy Crunchy Postgresql 13:
https://access.crunchydata.com/downloads/rpm-centos/postgresql13/
How to connect to Crunchy Postgresql 13 with sslmode=verify-ca:
##clientcert=verify-ca [root@ip-10-0-1-103 data]# cat /var/lib/pgsql/13/data/pg_hba.conf | grep -i verify hostssl all all 0.0.0.0/0 scram-sha-256 clientcert=verify-ca [root@ip-10-0-1-103 data]# psql -h quayldap352.qe.devcluster.openshift.com -p 5432 "dbname=postgres user=postgres sslrootcert=./root.crt sslcert=./server.crt sslmode=verify-ca" psql: error: certificate present, but not private key file "/root/.postgresql/postgresql.key" [root@ip-10-0-1-103 data]# psql -h quayldap352.qe.devcluster.openshift.com -p 5432 "dbname=postgres user=postgres sslrootcert=./root.crt sslcert=./server.crt sslkey=./server.key sslmode=verify-ca" Password for user postgres: psql (13.3) SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off) Type "help" for help postgres=#
- is cloned by
-
PROJQUAY-2239 VERIFY: Quay doesn't support Crunchy Postgresql 13 with sslmode=verify-ca
- Closed
- is related to
-
PROJQUAY-2239 VERIFY: Quay doesn't support Crunchy Postgresql 13 with sslmode=verify-ca
- Closed
- relates to
-
PROJQUAY-2239 VERIFY: Quay doesn't support Crunchy Postgresql 13 with sslmode=verify-ca
- Closed