Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-2415

Quay config editor generate wrong config bundle secret after config Azure Postgresql database

XMLWordPrintable

      Description:

      This is an issue found when configure Quay to use unmanaged Azure Postgresql Database with config editor, now after deployed quay with operator, with using all managed components except monitoring(set monitor component to unmanaged), open quay config editor, configure to use Azure Postgresql database, input correct hostname, dbname, username/password, upload the CA Cert of Azure database, validate the configurations and click reconfigure quay, the results is new Qua APP POD are failed to start, checked new Quay APP POD logs ,get error message "Could not connect to database. Error: failed to connect to `host=quay36-quay-database user=quay36-quay-database database=quay36-quay-database`: tls error (server refused TLS connection)", checked the new config bundle secret, found it still use the managed postgersql database, and set to use sslmode and sslrootcert, see the new config bundle secret below.

      Note: Quay image is quay-operator-bundle-container-v3.6.0-18

      oc get pod
NAME                                         READY   STATUS             RESTARTS   AGE
quay-operator.v3.6.0-784898d9f8-s57wc        1/1     Running            0          5h22m
quay36-clair-app-79b7d8667c-4bgb8            1/1     Running            3          5m35s
quay36-clair-app-79b7d8667c-5j4fg            1/1     Running            4          5m37s
quay36-clair-postgres-7ccc757458-l9qkz       1/1     Running            0          4m59s
quay36-quay-app-556956757c-2r672             0/1     CrashLoopBackOff   5          5m38s
quay36-quay-app-556956757c-qv2nw             0/1     CrashLoopBackOff   5          5m36s
quay36-quay-app-8687dc9bd4-mz7xg             1/1     Running            4          10m
quay36-quay-app-upgrade-mtvs8                0/1     Completed          0          5m43s
quay36-quay-config-editor-85867bb888-bzn2v   1/1     Running            0          5m37s
quay36-quay-database-74699f6975-q57mb        1/1     Running            1          10m
quay36-quay-mirror-7ddb96ff5-8hg8b           0/1     CrashLoopBackOff   5          4m56s
quay36-quay-mirror-7ddb96ff5-q9wql           0/1     CrashLoopBackOff   5          4m56s
quay36-quay-postgres-init-mkhqh              0/1     Completed          0          10m
quay36-quay-redis-799bdf98b5-9zv2m           1/1     Running            0          5m38s

oc get pod quay36-quay-config-editor-85867bb888-bzn2v -o json | jq '.spec.containers[0].image'
"registry.redhat.io/quay/quay-rhel8@sha256:a4cad2c70cd340029d00f468fc08cab887365d17fe22bbf31beeec36aebeb9e7"

oc get pod quay-operator.v3.6.0-784898d9f8-s57wc -o json | jq '.spec.containers[0].image'
"registry.redhat.io/quay/quay-operator-rhel8@sha256:a36dfd94f41997aec2d2436f2d4a6aaca7615b52cc291592aff6f34a623370d6"

      | Database               | Could not connect to database. Error: failed to connect to `host=quay36-quay-database user=quay36-quay-database database=quay36-quay-database`: tls error (server refused TLS connection

      Quay config editor:

      My title

      Quay new config bundle Secret after configured unmanaged Azure Postgresql Database:

      ALLOW_PULLS_WITHOUT_STRICT_LOGGING: false
AUTHENTICATION_TYPE: Database
AVATAR_KIND: local
BUILDLOGS_REDIS:
  host: quay36-quay-redis
  port: 6379
DATABASE_SECRET_KEY: XsUubMR30mvVWwO12MYoRf7mIkOK0aTIgIGwokaIL788l31IEsSXHqYViAm3MIrh0zDbBtQxDUVDwh2C
DB_CONNECTION_ARGS:
  autorollback: true
  sslmode: verify-full
  sslrootcert: conf/stack/database.pem
  threadlocals: true
DB_URI: postgresql://quay36-quay-database:PBneEz8TdEGi3dGFag2YvfOQxrE2TCyQpYv92VfNy8w6VrGSs3o74WIJBdabJHAPWYm0jcEoYfU1ftWd@quay36-quay-database:5432/quay36-quay-database
DEFAULT_TAG_EXPIRATION: 2w
DISTRIBUTED_STORAGE_CONFIG:
  local_us:
  - RHOCSStorage
  - access_key: Jnt0pLxtEdrAURvBT0f4
    bucket_name: quay-datastore-23d1dc11-f44b-4a18-9c48-5b5ed3926407
    hostname: s3.openshift-storage.svc.cluster.local
    is_secure: true
    port: 443
    secret_key: wRbXlCx8ORVfdvuX2KYw5oUC+P2yGp5JZfOigGsd
    storage_path: /datastorage/registry
DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS:
- local_us
DISTRIBUTED_STORAGE_PREFERENCE:
- local_us
ENTERPRISE_LOGO_URL: /static/img/quay-horizontal-color.svg
EXTERNAL_TLS_TERMINATION: true
FEATURE_ACTION_LOG_ROTATION: false
FEATURE_ANONYMOUS_ACCESS: true
FEATURE_APP_SPECIFIC_TOKENS: true
FEATURE_BITBUCKET_BUILD: false
FEATURE_BLACKLISTED_EMAILS: false
FEATURE_BUILD_SUPPORT: false
FEATURE_CHANGE_TAG_EXPIRATION: true
FEATURE_DIRECT_LOGIN: true
FEATURE_FIPS: false
FEATURE_GITHUB_BUILD: false
FEATURE_GITHUB_LOGIN: false
FEATURE_GITLAB_BUILD: false
FEATURE_GOOGLE_LOGIN: false
FEATURE_INVITE_ONLY_USER_CREATION: false
FEATURE_MAILING: false
FEATURE_NONSUPERUSER_TEAM_SYNCING_SETUP: false
FEATURE_PARTIAL_USER_AUTOCOMPLETE: true
FEATURE_PROXY_STORAGE: true
FEATURE_REPO_MIRROR: true
FEATURE_SECURITY_NOTIFICATIONS: true
FEATURE_SECURITY_SCANNER: true
FEATURE_SIGNING: false
FEATURE_STORAGE_REPLICATION: false
FEATURE_TEAM_SYNCING: false
FEATURE_USER_CREATION: true
FEATURE_USER_LAST_ACCESSED: true
FEATURE_USER_LOG_ACCESS: false
FEATURE_USER_METADATA: false
FEATURE_USER_RENAME: false
FEATURE_USERNAME_CONFIRMATION: true
FRESH_LOGIN_TIMEOUT: 10m
GITHUB_LOGIN_CONFIG: {}
GITHUB_TRIGGER_CONFIG: {}
GITLAB_TRIGGER_KIND: {}
GPG2_PRIVATE_KEY_FILENAME: signing-private.gpg
GPG2_PUBLIC_KEY_FILENAME: signing-public.gpg
LDAP_ALLOW_INSECURE_FALLBACK: false
LDAP_EMAIL_ATTR: mail
LDAP_UID_ATTR: uid
LDAP_URI: ldap://localhost
LOGS_MODEL: database
LOGS_MODEL_CONFIG: {}
MAIL_DEFAULT_SENDER: support@quay.io
MAIL_PORT: 587
MAIL_USE_AUTH: false
MAIL_USE_TLS: false
PREFERRED_URL_SCHEME: https
REGISTRY_TITLE: Quay
REGISTRY_TITLE_SHORT: Quay
REPO_MIRROR_INTERVAL: 30
REPO_MIRROR_TLS_VERIFY: true
SEARCH_MAX_RESULT_PAGE_COUNT: 10
SEARCH_RESULTS_PER_PAGE: 10
SECRET_KEY: pi9ui-byRrJePwBz1-DSpYjSKsy1-8qQicSjbSmULBOy00-1vo9yJm3KIw1f3FzDklI32dx4qdLhZxFe
SECURITY_SCANNER_INDEXING_INTERVAL: 30
SECURITY_SCANNER_V4_ENDPOINT: http://quay36-clair-app:80
SECURITY_SCANNER_V4_NAMESPACE_WHITELIST:
- admin
SECURITY_SCANNER_V4_PSK: bC1ucDVQUHd2NDRMZHFLMDgxdWl0RE1ZblpUZFc4RFU=
SERVER_HOSTNAME: quay36-quay-quay360818.router-default.apps.quay-perf-738.perfscale.devcluster.openshift.com
SETUP_COMPLETE: true
TAG_EXPIRATION_OPTIONS:
- 2w
TEAM_RESYNC_STALE_TIME: 60m
TESTING: false
USER_EVENTS_REDIS:
  host: quay36-quay-redis
  port: 6379
USER_RECOVERY_TOKEN_LIFETIME: 30m

      Steps:

      1. Deploy quay with quay Operator, choose using all managed components except monitoring
      2. Open Quay config editor
      3. Configure to use Azure Postgersql Database, input valid database Server, db name, username/password,  upload correct TLS Root Cert of Azure Postgresql database
      4. Click Validate Configurations
      5. Click Reconfigure Quay
      6. Check the status of new Quay App POD
      7. Check the new config bundle secret mounted in new Quay App POD

      Expected Results:

      New config bundle secret mounted in new Quay App POD should use correct Azure Postgresql database configurations and new Quay App POD is in ready status.

      Actual Results:

      New config bundle secret mounted in new Quay App POD still use previous managed postgresql database configurations , and new Quay App POD was crashed.

       

        1. image-2021-08-18-14-55-09-360.png
          image-2021-08-18-14-55-09-360.png
          303 kB
        2. image-2021-08-20-09-46-02-568.png
          image-2021-08-20-09-46-02-568.png
          318 kB
        3. image-2021-09-01-15-06-11-874.png
          image-2021-09-01-15-06-11-874.png
          317 kB
        4. image-2021-09-01-15-07-42-168.png
          image-2021-09-01-15-07-42-168.png
          349 kB

              hgovinda Harish Govindarajulu
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: