Bug 857494 - No way of running cpdp against secured database
No way of running cpdp against secured database
Status: CLOSED ERRATA
Product: Subscription Asset Manager
Classification: Red Hat
Component: candlepin (Show other bugs)
1.3
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Alex Wood
Og Maciel
: Triaged
Depends On:
Blocks: sam13-tracker 850570
  Show dependency treegraph
 
Reported: 2012-09-14 11:32 EDT by Lukas Zapletal
Modified: 2013-10-01 06:49 EDT (History)
7 users (show)

See Also:
Fixed In Version: candlepin-0.7.13-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-01 06:49:31 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lukas Zapletal 2012-09-14 11:32:32 EDT
Hi, I am hardering Katello installation and it seems there is no way of providing cpdb tool a database password.

Blocker for: https://bugzilla.redhat.com/show_bug.cgi?id=850570

Thanks for implementing this!
Comment 2 Lukas Zapletal 2012-09-14 11:39:26 EDT
Additionally, if pgsql server requests password, the utility locks up.
Comment 3 Alex Wood 2012-09-17 15:54:06 EDT
commit d23ca160170d31e6d43dac80b0f2dd8d2caa0521
Author: Alex Wood <awood@redhat.com>
Date:   Mon Sep 17 13:10:03 2012 -0400

    857494: Allow cpdb to accept a password from the command line.

Available in Candlepin 0.7.9+
Comment 6 Miroslav Suchý 2012-10-09 11:18:23 EDT
It fails when run as:
/usr/share/candlepin/cpdb --create -u 'candlepin' -d 'candlepin' -p 'candlepin' >> /var/log/katello/katello-configure/cpdb.log 2>&1

With:
########## ERROR ############
Error running command: liquibase --driver=org.postgresql.Driver --classpath=/usr/share/java/postgresql-jdbc.jar:/var/lib/tomcat6/webapps/candlepin/WEB-INF/classes/ --changeLogFile=db/changelog/changelog-create.xml --url=jdbc:postgresql:candlepin --username=candlepin migrate
Status code: 65280
Command output: Liquibase Update Failed: The server requested password-based authentication, but no password was provided.
SEVERE 10/9/12 11:12 AM:liquibase: The server requested password-based authentication, but no password was provided.
liquibase.exception.DatabaseException: org.postgresql.util.PSQLException: The server requested password-based authentication, but no password was provided.
        at liquibase.integration.commandline.CommandLineUtils.createDatabaseObject(Unknown Source)
        at liquibase.integration.commandline.Main.doMigration(Unknown Source)
        at liquibase.integration.commandline.Main.main(Unknown Source)
Caused by: org.postgresql.util.PSQLException: The server requested password-based authentication, but no password was provided.
        at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:337)
        at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:108)
        at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:66)
        at org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:125)
        at org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:30)
        at org.postgresql.jdbc3g.AbstractJdbc3gConnection.<init>(AbstractJdbc3gConnection.java:22)
        at org.postgresql.jdbc4.AbstractJdbc4Connection.<init>(AbstractJdbc4Connection.java:31)
        at org.postgresql.jdbc4.Jdbc4Connection.<init>(Jdbc4Connection.java:24)
        at org.postgresql.Driver.makeConnection(Driver.java:393)
        at org.postgresql.Driver.connect(Driver.java:267)
        ... 3 more


For more information, use the --logLevel flag)
Creating candlepin database
Loading candlepin schema
Traceback (most recent call last):
  File "/usr/share/candlepin/cpdb", line 131, in <module>
    dbsetup.create()
  File "/usr/share/candlepin/cpdb", line 63, in create
    self._run_liquibase("db/changelog/changelog-create.xml")
  File "/usr/share/candlepin/cpdb", line 93, in _run_liquibase
    self.username,
  File "/usr/share/candlepin/cpdb", line 32, in run_command
    error_out(command, status, output)
  File "/usr/share/candlepin/cpdb", line 40, in error_out
    raise Exception("Error running command")
Exception: Error running command

Note that pg_hba.conf is:
local katelloschema katellouser md5
host  katelloschema katellouser 127.0.0.1/8 md5
host  katelloschema katellouser ::1/128 md5

local candlepin candlepin md5
host  candlepin candlepin 127.0.0.1/8 md5
host  candlepin candlepin ::1/128 md5

local foreman foreman md5
host  foreman foreman 127.0.0.1/8 md5
host  foreman foreman ::1/128 md5

local spaceschema postgres  ident

local   all         all                               md5
host    all         all         127.0.0.1/32          md5
host    all         all         ::1/128               md5
Comment 7 Miroslav Suchý 2012-10-09 11:31:34 EDT
small typo in pg_hba.conf
s/local spaceschema postgres  ident/local all postgres  ident/
but everything else is corect
Comment 8 Alex Wood 2012-10-09 16:42:04 EDT
commit 52bf32ba59f454a9bb857d2b2b717560fce16100
Author: Alex Wood <awood@redhat.com>
Date:   Tue Oct 9 14:52:19 2012 -0400

    857494: Add DB password to liquibase command.

Available in Candlepin 0.7.12+
Comment 9 Miroslav Suchý 2012-10-10 10:37:54 EDT
Yes, this fixed this issue. Thanks.
Comment 10 Bryan Kearney 2013-06-07 14:19:33 EDT
Moving all POST bugs to ON_QA since we have delivered a puddle with the bugs.
Comment 11 Tazim Kolhar 2013-08-13 04:40:17 EDT
VERIFIED :
# rpm -qa | grep katello
katello-selinux-1.4.4-2.el6sat.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-certs-tools-1.4.2-2.el6sat.noarch
katello-cli-common-1.4.3-5.el6sat.noarch
katello-cli-1.4.3-5.el6sat.noarch
katello-common-1.4.3-6.el6sam_splice.noarch
katello-configure-1.4.4-2.el6sat.noarch
katello-glue-elasticsearch-1.4.3-6.el6sam_splice.noarch
katello-headpin-all-1.4.3-6.el6sam_splice.noarch
katello-glue-candlepin-1.4.3-6.el6sam_splice.noarch
signo-katello-0.0.10-2.el6sat.noarch
katello-headpin-1.4.3-6.el6sam_splice.noarch




The SAM installer works fine :
# yum install -y katello-headpin-all
# katello-configure --deployment=sam --user-pass=****


The reset-db works as :

# katello-configure --deployment=sam --user-pass=**** --reset-data=YES --reset-cache=YES
Starting Katello configuration
The top-level log file is [/var/log/katello/katello-configure-20130813-030758/main.log]
Katello configuration: |=======================================================|

Verifying that candlepin database has a password set

With a valid password :
# psql -d candlepin -U candlepin
Password for user candlepin: 
psql (8.4.11)
Type "help" for help.

candlepin=> 

Authentication failure after providing wrong password
# psql -d candlepin -U candlepin
Password for user candlepin: 
psql: FATAL:  password authentication failed for user "candlepin"
Comment 14 errata-xmlrpc 2013-10-01 06:49:31 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1390.html

Note You need to log in before you can comment on or make changes to this bug.