Bug 1954590 - The koji-hub can't connect to an ssl secured pgsql server.
Summary: The koji-hub can't connect to an ssl secured pgsql server.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: koji
Version: epel8
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Mike McLean
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-04-28 12:35 UTC by Frank Büttner
Modified: 2021-09-24 20:08 UTC (History)
5 users (show)

Fixed In Version: koji-1.26.0-1.fc34 koji-1.26.0-1.fc33 koji-1.26.0-1.fc35
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-08-30 20:41:44 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Fedora Pagure koji issue 2838 0 None None None 2021-04-29 04:58:46 UTC

Description Frank Büttner 2021-04-28 12:35:24 UTC 
Description of problem:
When an external pgsql server is used, the connection to the database fails with:


Version-Release number of selected component (if applicable):
koji-hub-1.24.0-1.el8.noarch

How reproducible:
On every access of an client.

Steps to Reproduce:
1. Let an client connect to the hub

Actual results:
The hub can't connect to the database:
Log:
2021-04-28 14:02:33,840 [ERROR] m=None u=None p=53674 r=X.X.X.X:35074 koji.db: Traceback (most recent call last):
[Wed Apr 28 14:02:33.840463 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074]   File "/usr/lib/python3.6/site-packages/koji/db.py", line 191, in connect
[Wed Apr 28 14:02:33.840468 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074]     conn = psycopg2.connect(**opts)
[Wed Apr 28 14:02:33.840472 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074]   File "/usr/lib64/python3.6/site-packages/psycopg2/__init__.py", line 130, in connect
[Wed Apr 28 14:02:33.840475 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074]     conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
[Wed Apr 28 14:02:33.840478 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074] psycopg2.OperationalError: FATAL:  password authentication failed for user "koji"
[Wed Apr 28 14:02:33.840488 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074] FATAL:  no pg_hba.conf entry for host "Z.Z.Z.Z", user "koji", database "koji", SSL off
[Wed Apr 28 14:02:33.840491 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074] 
[Wed Apr 28 14:02:33.840497 2021] [wsgi:error] [pid 53674:tid 140651907766016] [client X.X.X.X:35074] 



Expected results:
An working connection to the database.

Additional info:
For security reasons, the connection to an external database must be encrypted.

Workaround:
/usr/lib/python3.6/site-packages/koji/db.py:
change:
opts = _DBopts
to:
opts = _DBopts
opts['sslmode'] = 'require'
Comment 1 Kevin Fenzi 2021-04-28 20:06:41 UTC 
As far as I can see koji just doesn't support this yet. ;( 

Would you be willing to file a upstream ticket?

https://pagure.io/koji/issues/
Comment 2 Frank Büttner 2021-04-29 04:57:47 UTC 
Ah there is bug tracker. I have search for it, but I have not found it.
Comment 3 Fedora Update System 2021-08-25 19:28:29 UTC 
FEDORA-2021-4d40916a30 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-4d40916a30
Comment 4 Fedora Update System 2021-08-25 19:28:31 UTC 
FEDORA-2021-5ed8b031b1 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-5ed8b031b1
Comment 5 Fedora Update System 2021-08-25 19:28:33 UTC 
FEDORA-2021-2b837ca8aa has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-2b837ca8aa
Comment 6 Fedora Update System 2021-08-26 19:49:34 UTC 
FEDORA-2021-5ed8b031b1 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-5ed8b031b1`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-5ed8b031b1

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2021-08-26 21:07:39 UTC 
FEDORA-2021-2b837ca8aa has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-2b837ca8aa`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2b837ca8aa

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 8 Fedora Update System 2021-08-26 21:51:26 UTC 
FEDORA-2021-4d40916a30 has been pushed to the Fedora 33 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-4d40916a30`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-4d40916a30

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 9 Fedora Update System 2021-08-30 20:41:44 UTC 
FEDORA-2021-2b837ca8aa has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 10 Fedora Update System 2021-09-10 16:35:53 UTC 
FEDORA-2021-4d40916a30 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 11 Fedora Update System 2021-09-24 20:08:28 UTC 
FEDORA-2021-5ed8b031b1 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.