Description of problem: Openshift overwrites PostgreSql configuration file when an application restart is performed (with rhc for example or when pushing changes). Implementing SSL communications to database requires adding 'ssl = on' in postgresql.conf. The restart overwrites the existing configuration file (as confirmed by someone on IRC). Version-Release number of selected component (if applicable): Unknown How reproducible: Steps to Reproduce: 1. Create an application with a PostgreSql database. 2. Modify postgresql.conf. 3. Restart the application. Actual results: Overwriting of postgresql.conf. Expected results: No overwritting of postgresql.conf Additional info: A question has been opened on Stackoverflow: http://stackoverflow.com/questions/24869485/openshift-overwrites-postgresql-conf-during-restart
We'll need to add a new env var for turning ssl on.
Will add logic such that if OPENSHIFT_POSTGRESQL_SSL_ENABLED is set to "true" (case insensitive), "ssl = on" will be added to the config whenever it is generated. Note that postgres still requires significant other configuration to enable ssl (generation and placement of certs), which I am not addressing with this fix: http://www.postgresql.org/docs/8.4/static/ssl-tcp.html
https://github.com/openshift/origin-server/pull/5635
Checked on devenv_4996, the Postgresql can not be restarted after setting the OPENSHIFT_POSTGRESQL_SSL_ENABLED variable, please refer to the following results: 1. Create an app with postgresql rhc app create cphp php-5.4 postgresql-9 --no-git 2. Set the OPENSHIFT_POSTGRESQL_SSL_ENABLED variable rhc env-set OPENSHIFT_POSTGRESQL_SSL_ENABLED="true" -a cphp OR rhc env-set OPENSHIFT_POSTGRESQL_SSL_ENABLED=true -a cphp 3. Try to restart Postgresql rhc cartridge restart postgresql -a cphp Results: Using postgresql-9.2 (PostgreSQL 9.2) for 'postgresql' Restarting postgresql-9.2 ... Failed to execute: 'control restart' for /var/lib/openshift/53cf5ddc4d319b165900000a/postgresql FYI, please also refer to the logs at attachment.
Created attachment 920080 [details] development logs
This is expected per comment 2. Additional configuration is required to enable ssl. I will see if a more useful error can be logged when the configuration is not present.
After further reflection, without going down a path of generating useful messages for every possible misconfiguration, I don't think there's something smart we can do here. I debated dumping the log file to the console, but again, that's not something we do for any other cartridge that fails to start, so I'm hesistant to do it here. So I'm marking this back to ON_QA, with emphasis on the fact that configuring SSL on postgres requires more than just setting this env var, there are manual steps required to define appropriate certs, this fix is only intended to ensure that the SSL configuration can be properly enabled in the conf file by the user and is not lost on restart. It assumes the user has done the other necessary steps, described here: http://www.postgresql.org/docs/8.4/static/ssl-tcp.html
checked on devenv_5008, according to comment 7, after adding server.key and server.crt under ~/postgresql/data, the app can be restarted, so mark it as VERIFIED.
Regarding the overwriting of postgresql.conf, can i ask if there is or will be a way to change Locale and Formatting variables in postgres.conf? specifically i need to change the default values for datestyle, lc_messages, lc_monetary, lc_numeric, lc_time.
If you open a new bug we can look into making those values also configurable via environment value so that the regenerated conf file will contain your desired value. (as was done with the ssl configuration value). Will that work for you?