Bug 863402 - Candlepin assume that root can connect to PG without password
Candlepin assume that root can connect to PG without password
Status: CLOSED DUPLICATE of bug 850570
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Subscription Management (Show other bugs)
6.0.1
Unspecified Unspecified
high Severity unspecified (vote)
: Unspecified
: --
Assigned To: candlepin-bugs
Katello QA List
:
Depends On:
Blocks: 771481 850569
  Show dependency treegraph
 
Reported: 2012-10-05 07:34 EDT by Miroslav Suchý
Modified: 2014-08-13 16:47 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-10-08 04:11:04 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Miroslav Suchý 2012-10-05 07:34:28 EDT
Description of problem:
During work on 
https://bugzilla.redhat.com/show_bug.cgi?id=850569

I find that if you tighten security and you flip trust to ident in pg_hba.conf, candlepin fail with:

Creating candlepin database

########## ERROR ############
Error running command: createdb -U candlepin candlepin
Status code: 256
Command output: createdb: could not connect to database postgres: FATAL:  Peer authentication failed for user "candlepin"
Traceback (most recent call last):
  File "/usr/share/candlepin/cpdb", line 126, in <module>
    dbsetup.create()
  File "/usr/share/candlepin/cpdb", line 58, in create
    error_out(command, status, output)
  File "/usr/share/candlepin/cpdb", line 40, in error_out
    raise Exception("Error running command")
Exception: Error running command

Version-Release number of selected component (if applicable):
candlepin-0.7.8.2-1.fc16.noarch
Comment 1 Miroslav Suchý 2012-10-05 07:43:34 EDT
For testing purposses you may test it with pg_hba.conf set to:

local katelloschema katellouser md5
host  katelloschema katellouser 127.0.0.1/8 md5
host  katelloschema katellouser ::1/128 md5

local candlepin postgres md5
host  candlepin postgres 127.0.0.1/8 md5
host  candlepin postgres ::1/128 md5

local foreman foreman md5
host  foreman foreman 127.0.0.1/8 md5
host  foreman foreman ::1/128 md5

# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD

local   all       all                               ident
host    all       all         127.0.0.1/32          ident
host    all       all         ::1/128               ident
Comment 3 Miroslav Suchý 2012-10-05 07:57:52 EDT
And if you run cpdb as as postgres user, you will get:

[root@nec-em11 ~]# su - postgres -c '/usr/share/candlepin/cpdb --create -u postgres -d candlepin'
Creating candlepin database
Loading candlepin schema

########## ERROR ############
Error running command: liquibase --driver=org.postgresql.Driver --classpath=/usr/share/java/postgresql-jdbc.jar:/var/lib/tomcat6/webapps/candlepin/WEB-INF/classes/ --changeLogFile=db/changelog/changelog-create.xml --url=jdbc:postgresql:candlepin --username=postgres migrate
Status code: 65280
Command output: Liquibase Update Failed: FATAL: Ident authentication failed for user "postgres"
SEVERE 10/5/12 7:41 AM:liquibase: FATAL: Ident authentication failed for user "postgres"
liquibase.exception.DatabaseException: org.postgresql.util.PSQLException: FATAL: Ident authentication failed for user "postgres"


So you basicaly either do not specify username at all or use both username *and* password.
Comment 4 Lukas Zapletal 2012-10-08 03:58:37 EDT
Please see:

https://bugzilla.redhat.com/show_bug.cgi?id=850002
https://bugzilla.redhat.com/show_bug.cgi?id=850570

I am already working on it.
Comment 5 Lukas Zapletal 2012-10-08 04:11:04 EDT

*** This bug has been marked as a duplicate of bug 850570 ***
Comment 6 Mike McCune 2013-08-16 14:24:07 EDT
getting rid of 6.0.0 version since that doesn't exist
Comment 7 Michael Stahnke 2014-08-13 16:47:09 EDT
I can't see bug 850570 so, closing this one without resolution and having the other one be the tracker kind of stinks.  Could we either make the duplicate bug public or add resolutions in here?

Note You need to log in before you can comment on or make changes to this bug.