Bug 1954590

Summary:	The koji-hub can't connect to an ssl secured pgsql server.
Product:	[Fedora] Fedora EPEL	Reporter:	Frank Büttner <bugzilla>
Component:	koji	Assignee:	Mike McLean <mikem>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	epel8	CC:	dennis, jkeating, kevin, mikem, puiterwijk
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	koji-1.26.0-1.fc34 koji-1.26.0-1.fc33 koji-1.26.0-1.fc35	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2021-08-30 20:41:44 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Frank Büttner 2021-04-28 12:35:24 UTC

Description of problem:
When an external pgsql server is used, the connection to the database fails with:


Version-Release number of selected component (if applicable):
koji-hub-1.24.0-1.el8.noarch

How reproducible:
On every access of an client.

Steps to Reproduce:
1. Let an client connect to the hub

Actual results:
The hub can't connect to the database:
Log:
2021-04-28 14:02:33,840 [ERROR] m=None u=None p=53674 r=X.X.X.X:35074 koji.db: Traceback (most recent call last):
[Wed Apr 28 14:02:33.840463 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074]   File "/usr/lib/python3.6/site-packages/koji/db.py", line 191, in connect
[Wed Apr 28 14:02:33.840468 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074]     conn = psycopg2.connect(**opts)
[Wed Apr 28 14:02:33.840472 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074]   File "/usr/lib64/python3.6/site-packages/psycopg2/__init__.py", line 130, in connect
[Wed Apr 28 14:02:33.840475 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074]     conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
[Wed Apr 28 14:02:33.840478 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074] psycopg2.OperationalError: FATAL:  password authentication failed for user "koji"
[Wed Apr 28 14:02:33.840488 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074] FATAL:  no pg_hba.conf entry for host "Z.Z.Z.Z", user "koji", database "koji", SSL off
[Wed Apr 28 14:02:33.840491 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074] 
[Wed Apr 28 14:02:33.840497 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074] 



Expected results:
An working connection to the database.

Additional info:
For security reasons, the connection to an external database must be encrypted.

Workaround:
/usr/lib/python3.6/site-packages/koji/db.py:
change:
opts = _DBopts
to:
opts = _DBopts
opts['sslmode'] = 'require'

Comment 1 Kevin Fenzi 2021-04-28 20:06:41 UTC

As far as I can see koji just doesn't support this yet. ;( 

Would you be willing to file a upstream ticket?

https://pagure.io/koji/issues/

Comment 2 Frank Büttner 2021-04-29 04:57:47 UTC

Ah there is bug tracker. I have search for it, but I have not found it.

Comment 3 Fedora Update System 2021-08-25 19:28:29 UTC

FEDORA-2021-4d40916a30 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-4d40916a30

Comment 4 Fedora Update System 2021-08-25 19:28:31 UTC

FEDORA-2021-5ed8b031b1 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-5ed8b031b1

Comment 5 Fedora Update System 2021-08-25 19:28:33 UTC

FEDORA-2021-2b837ca8aa has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-2b837ca8aa

Comment 6 Fedora Update System 2021-08-26 19:49:34 UTC

FEDORA-2021-5ed8b031b1 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-5ed8b031b1`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-5ed8b031b1

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 7 Fedora Update System 2021-08-26 21:07:39 UTC

FEDORA-2021-2b837ca8aa has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-2b837ca8aa`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2b837ca8aa

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2021-08-26 21:51:26 UTC

FEDORA-2021-4d40916a30 has been pushed to the Fedora 33 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-4d40916a30`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-4d40916a30

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Fedora Update System 2021-08-30 20:41:44 UTC

FEDORA-2021-2b837ca8aa has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 10 Fedora Update System 2021-09-10 16:35:53 UTC

FEDORA-2021-4d40916a30 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 11 Fedora Update System 2021-09-24 20:08:28 UTC

FEDORA-2021-5ed8b031b1 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.