artifactory-docker-examples icon indicating copy to clipboard operation
artifactory-docker-examples copied to clipboard

Published 20 hours ago verified publisher icon jfrog

Postgres authentication error when using different combination of passwords for artifactory HA

Open daniyalj opened this issue 5 years ago • 5 comments

Platform

OpenShift

Version

Artifactory HA 6.9.0

Problem

Whenever I am setting a different postgres password other than "artifactory/password" I am getting an authentication error. I have tried many different combinations of password for postgres and none get set in db.properties file.

Error I am getting:


org.postgresql.util.PSQLException: FATAL: password authentication failed for user "artifactory"
--
  | at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:443)
  | at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:217)
  | at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:52)
  | at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:216)
  | at org.postgresql.Driver.makeConnection(Driver.java:404)
  | at org.postgresql.Driver.connect(Driver.java:272)

When I set the postgres password as username "artifactory" and password as "password" all works well.

I want to be able to set a unique password for postgres and not have such an insecure password.

daniyalj avatar Apr 15 '19 21:04 daniyalj

The DB_PASSWORD env var is also getting completely ignored. If I take a look at the db.properties file in /opt/jfrog/artifactory/etc/ the postgres username and password are set as artifactory and password no matter what I set as DB_USERNAME and DB_PASSWORD

daniyalj avatar Apr 15 '19 21:04 daniyalj

@daniyalj - can you make sure you run a clean setup without leftover old storage? Can you provide steps to reproduce?

eldada avatar Apr 18 '19 12:04 eldada

Create postgres database with the following params:

NAME=postgresql
NAMESPACE=postgres
SERVICE_ACCOUNT=artifactory-pgsql
POSTGRESQL_PVC_NAME=postgresql
POSTGRESQL_PVC_SIZE=1Gi
POSTGRESQL_SECRET_NAME=postgresql-credentials
POSTGRESQL_DATABASE=artifactory
INIT_CONTAINER_IMAGE=busybox
POSTGRESQL_USERNAME=dXNlcm5hbWUxMjMK
POSTGRESQL_PASSWORD=cGFzc3dvcmQxMjMK

Note: The username and password above are base64 encoded (username123 and password123)

Deploy artifactory HA 2 nodes with the following configuration:

NAME=artifactory 
NAMESPACE=postgres 
SERVICE_ACCOUNT=artifactory 
LICENSES_SECRET_NAME=artifactory-licenses 
MASTER_KEY_SECRET_NAME=artifactory-master-key 
BINARYSTORE_CONFIG_MAP_NAME=artifactory-binarystore 
DATABASE_CONFIG_MAP_NAME=artifactory-db 
DATABASE_CREDENTIALS_SECRET_NAME=postgresql-credentials 
DATABASE_TYPE=postgresql 
DATABASE_HOST=172.30.180.104 
DATABASE_PORT=5432 
ARTIFACTORY_IMAGE_STREAM_NAME=artifactory 
ARTIFACTORY_IMAGE_REPOSITORY=jfrog-docker-reg2.bintray.io/jfrog/artifactory-pro 
ARTIFACTORY_VERSION=6.9.0 
INIT_CONTAINER_IMAGE=alpine:3.6 
ARTIFACTORY_PVC_SIZE=5Gi 
ARTIFACTORY_DATA_PVC_SIZE=5Gi 
ARTIFACTORY_BACKUP_PVC_SIZE=5Gi 
CPU_REQUEST=500m 
CPU_LIMIT=1 
MEMORY_REQUEST=2Gi 
MEMORY_LIMIT=3Gi 
ARTIFACTORY_EXTRA_JAVA_OPTIONS=-Xms1g -Xmx2g 
HA_DATA_DIR=/var/opt/jfrog/artifactory/data 
HA_BACKUP_DIR=/var/opt/jfrog/artifactory/backup 
POSTGRESQL_SECRET_NAME=postgresql-credentials 
POSTGRESQL_USERNAME=dXNlcm5hbWUxMjMK 
POSTGRESQL_PASSWORD=cGFzc3dvcmQxMjMK

Check the logs on the artifactory pod:

2019-04-22 15:53:49,240 [localhost-startStop-1] [JFrog-Access] [INFO ] (o.j.a.AccessApplication:597) - The following profiles are active: production,grpc
--
  | 2019-04-22 15:53:55,840 [localhost-startStop-1] [JFrog-Access] [ERROR] (o.a.t.j.p.ConnectionPool:487) - Unable to create initial connections of pool.
  | org.postgresql.util.PSQLException: FATAL: password authentication failed for user "artifactory"
  | at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:443)
  | at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:217)
  | at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:52)
  | at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:216)
  | at org.postgresql.Driver.makeConnection(Driver.java:404)
  | at org.postgresql.Driver.connect(Driver.java:272)

If you navigate to the artifactory pod and look at the db.properties the values of the db username and password do not change:

artifactory@artifactory-primary-1-phhcz:/$ cat /opt/jfrog/artifactory/etc/db.properties
...
type=postgresql
driver=org.postgresql.Driver
url=jdbc:postgresql://172.30.180.104:5432/artifactory
username=artifactory
password=password

Repeat the above with "artifactory" and "password" as the vars and the deployment will come up fine @eldada hope this helps

daniyalj avatar Apr 22 '19 15:04 daniyalj

@daniyalj I had the exact same problem and found a workaround.

Assume I mounted my local directory /my/local/path/to/artifactory to the container /var/opt/jfrog/artifactory.

  1. Remove the container docker rm -f artifactory.
  2. Edit /my/local/path/to/artifactory/etc/db.properties directly to setup the correct password.
  3. Run the image again.

cytim avatar Aug 06 '19 10:08 cytim

@cytim Yeah that might be a little tricky to do in a k8s environment. I ended up using the helm chart for artifactory on OpenShift and it is much much more stable. Im not even sure why this repo exists.

daniyalj avatar Aug 08 '19 16:08 daniyalj