Bug 857494

Summary: No way of running cpdp against secured database
Product: [Retired] Subscription Asset Manager Reporter: Lukas Zapletal <lzap>
Component: candlepinAssignee: Alex Wood <awood>
Status: CLOSED ERRATA QA Contact: Og Maciel <omaciel>
Severity: high Docs Contact:
Priority: high    
Version: 1.3CC: awood, bkearney, inecas, msuchy, omaciel, sthirugn, tkolhar
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: candlepin-0.7.13-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-10-01 10:49:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 833466, 850570    

Description Lukas Zapletal 2012-09-14 15:32:32 UTC 
Hi, I am hardering Katello installation and it seems there is no way of providing cpdb tool a database password.

Blocker for: https://bugzilla.redhat.com/show_bug.cgi?id=850570

Thanks for implementing this!
Comment 2 Lukas Zapletal 2012-09-14 15:39:26 UTC 
Additionally, if pgsql server requests password, the utility locks up.
Comment 3 Alex Wood 2012-09-17 19:54:06 UTC 
commit d23ca160170d31e6d43dac80b0f2dd8d2caa0521
Author: Alex Wood <awood>
Date:   Mon Sep 17 13:10:03 2012 -0400

    857494: Allow cpdb to accept a password from the command line.

Available in Candlepin 0.7.9+
Comment 6 Miroslav Suchý 2012-10-09 15:18:23 UTC 
It fails when run as:
/usr/share/candlepin/cpdb --create -u 'candlepin' -d 'candlepin' -p 'candlepin' >> /var/log/katello/katello-configure/cpdb.log 2>&1

With:
########## ERROR ############
Error running command: liquibase --driver=org.postgresql.Driver --classpath=/usr/share/java/postgresql-jdbc.jar:/var/lib/tomcat6/webapps/candlepin/WEB-INF/classes/ --changeLogFile=db/changelog/changelog-create.xml --url=jdbc:postgresql:candlepin --username=candlepin migrate
Status code: 65280
Command output: Liquibase Update Failed: The server requested password-based authentication, but no password was provided.
SEVERE 10/9/12 11:12 AM:liquibase: The server requested password-based authentication, but no password was provided.
liquibase.exception.DatabaseException: org.postgresql.util.PSQLException: The server requested password-based authentication, but no password was provided.
        at liquibase.integration.commandline.CommandLineUtils.createDatabaseObject(Unknown Source)
        at liquibase.integration.commandline.Main.doMigration(Unknown Source)
        at liquibase.integration.commandline.Main.main(Unknown Source)
Caused by: org.postgresql.util.PSQLException: The server requested password-based authentication, but no password was provided.
        at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:337)
        at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:108)
        at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:66)
        at org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:125)
        at org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:30)
        at org.postgresql.jdbc3g.AbstractJdbc3gConnection.<init>(AbstractJdbc3gConnection.java:22)
        at org.postgresql.jdbc4.AbstractJdbc4Connection.<init>(AbstractJdbc4Connection.java:31)
        at org.postgresql.jdbc4.Jdbc4Connection.<init>(Jdbc4Connection.java:24)
        at org.postgresql.Driver.makeConnection(Driver.java:393)
        at org.postgresql.Driver.connect(Driver.java:267)
        ... 3 more


For more information, use the --logLevel flag)
Creating candlepin database
Loading candlepin schema
Traceback (most recent call last):
  File "/usr/share/candlepin/cpdb", line 131, in <module>
    dbsetup.create()
  File "/usr/share/candlepin/cpdb", line 63, in create
    self._run_liquibase("db/changelog/changelog-create.xml")
  File "/usr/share/candlepin/cpdb", line 93, in _run_liquibase
    self.username,
  File "/usr/share/candlepin/cpdb", line 32, in run_command
    error_out(command, status, output)
  File "/usr/share/candlepin/cpdb", line 40, in error_out
    raise Exception("Error running command")
Exception: Error running command

Note that pg_hba.conf is:
local katelloschema katellouser md5
host  katelloschema katellouser 127.0.0.1/8 md5
host  katelloschema katellouser ::1/128 md5

local candlepin candlepin md5
host  candlepin candlepin 127.0.0.1/8 md5
host  candlepin candlepin ::1/128 md5

local foreman foreman md5
host  foreman foreman 127.0.0.1/8 md5
host  foreman foreman ::1/128 md5

local spaceschema postgres  ident

local   all         all                               md5
host    all         all         127.0.0.1/32          md5
host    all         all         ::1/128               md5
Comment 7 Miroslav Suchý 2012-10-09 15:31:34 UTC 
small typo in pg_hba.conf
s/local spaceschema postgres  ident/local all postgres  ident/
but everything else is corect
Comment 8 Alex Wood 2012-10-09 20:42:04 UTC 
commit 52bf32ba59f454a9bb857d2b2b717560fce16100
Author: Alex Wood <awood>
Date:   Tue Oct 9 14:52:19 2012 -0400

    857494: Add DB password to liquibase command.

Available in Candlepin 0.7.12+
Comment 9 Miroslav Suchý 2012-10-10 14:37:54 UTC 
Yes, this fixed this issue. Thanks.
Comment 10 Bryan Kearney 2013-06-07 18:19:33 UTC 
Moving all POST bugs to ON_QA since we have delivered a puddle with the bugs.
Comment 11 Tazim Kolhar 2013-08-13 08:40:17 UTC 
VERIFIED :
# rpm -qa | grep katello
katello-selinux-1.4.4-2.el6sat.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-certs-tools-1.4.2-2.el6sat.noarch
katello-cli-common-1.4.3-5.el6sat.noarch
katello-cli-1.4.3-5.el6sat.noarch
katello-common-1.4.3-6.el6sam_splice.noarch
katello-configure-1.4.4-2.el6sat.noarch
katello-glue-elasticsearch-1.4.3-6.el6sam_splice.noarch
katello-headpin-all-1.4.3-6.el6sam_splice.noarch
katello-glue-candlepin-1.4.3-6.el6sam_splice.noarch
signo-katello-0.0.10-2.el6sat.noarch
katello-headpin-1.4.3-6.el6sam_splice.noarch




The SAM installer works fine :
# yum install -y katello-headpin-all
# katello-configure --deployment=sam --user-pass=****


The reset-db works as :

# katello-configure --deployment=sam --user-pass=**** --reset-data=YES --reset-cache=YES
Starting Katello configuration
The top-level log file is [/var/log/katello/katello-configure-20130813-030758/main.log]
Katello configuration: |=======================================================|

Verifying that candlepin database has a password set

With a valid password :
# psql -d candlepin -U candlepin
Password for user candlepin: 
psql (8.4.11)
Type "help" for help.

candlepin=> 

Authentication failure after providing wrong password
# psql -d candlepin -U candlepin
Password for user candlepin: 
psql: FATAL:  password authentication failed for user "candlepin"
Comment 14 errata-xmlrpc 2013-10-01 10:49:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1390.html