helm icon indicating copy to clipboard operation
helm copied to clipboard
verified publisher icon nextcloud

failed: could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied

Open lknite opened this issue 9 months ago • 0 comments

Describe your Issue

Deployed nextcloud with an external postgres database.

Everything comes up ok, but unable to get past the initial screen asking me to create an admin use account.

Is there a helm chart option I need to enable tls db access?

If I disable 'tls' on my database then I get past the admin screen but it still says that I chose SQLite database along with this error:

Error while trying to initialise the database: An exception occurred while executing a query: SQLSTATE[42501]: Insufficient privilege: 7 ERROR: permission denied for table oc_migrations

Create an admin account

Logs and Errors

Previous: PDOException: SQLSTATE[08006] [7] connection to server at "yb-tserver-service" (10.103.147.103), port 5433 failed: could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied
connection to server at "yb-tserver-service" (10.103.147.103), port 5433 failed: FATAL:  no pg_hba.conf entry for host "172.16.182.189", user "yugabyte", database "yugabyte", SSL off

Describe your Environment

  • Kubernetes distribution: kubeadm

  • Helm Version (or App that manages helm): ArgoCD v2.14.2+ad27246

  • Helm Chart Version: 6.6.5

  • Chart.yaml:

dependencies:
- name: yugabyte
  version: 2024.2.1
  repository: https://charts.yugabyte.com
- name: nextcloud
  version: 6.6.5
  repository: https://nextcloud.github.io/helm
  • values.yaml:
nextcloud:

  ingress:
    enabled: true
    className: nginx
    annotations:
      cert-manager.io/cluster-issuer: vault-issuer
    # ingress configuration redacted, the ingress is working file

  internalDatabase:
    enabled: false

  externalDatabase:
    enabled: true

    ## Supported database engines: mysql or postgresql
    type: postgresql

    ## Database host. You can optionally include a colon delimited port like "myhost:1234"
    #host: "yb-tserver-service:6379"
    host: "yb-tserver-service:5433"
    #host: "yb-tserver-service.nextcloud.svc:6379"
    #host: "yb-tserver-service.nextcloud.svc:5433"

    ## Database user
    user: yugabyte

    ## Database password
    password: yugabyte

    ## Database name
    database: yugabyte

    ## Use a existing secret
    existingSecret:
      enabled: false
      # secretName: nameofsecret
      usernameKey: db-username
      passwordKey: db-password
      # hostKey: db-hostname-or-ip
      # databaseKey: db-name

  redis:
    enabled: false

yugabyte:

  tls:
    enabled: true

  preflight:
    skipUlimit: true

  replicas:
    master: 3
    tserver: 3

  resource:
    master:
      requests:
        cpu: "1"
        memory: 2Gi
      limits:
        cpu: "2"
        ## Ensure the 'memory' value is strictly in 'Gi' or 'G' format. Deviating from these formats
        ## may result in setting an incorrect value for the 'memory_limit_hard_bytes' flag.
        ## Avoid using floating numbers for the numeric part of 'memory'. Doing so may lead to
        ## the 'memory_limit_hard_bytes' being set to 0, as the function expects integer values.
        memory: 2Gi
    tserver:
      requests:
        cpu: "1"
        memory: 4Gi
      limits:
        cpu: "2"

Screenshot Image

# \dt
             List of relations
 Schema |      Name      | Type  |  Owner   
--------+----------------+-------+----------
 public | oc_appconfig   | table | oc_admin
 public | oc_filecache   | table | oc_admin
 public | oc_group_admin | table | oc_admin
 public | oc_group_user  | table | oc_admin
 public | oc_groups      | table | oc_admin
 public | oc_jobs        | table | oc_admin
 public | oc_migrations  | table | oc_admin
 public | oc_mimetypes   | table | oc_admin
 public | oc_mounts      | table | oc_admin
 public | oc_preferences | table | oc_admin
 public | oc_properties  | table | oc_admin
 public | oc_share       | table | oc_admin
 public | oc_storages    | table | oc_admin

If I use the latest version of yugabyte, postgres 15 compatible it gets a little further:

# \dt
                 List of relations
 Schema |          Name          | Type  |  Owner   
--------+------------------------+-------+----------
 public | oc_appconfig           | table | oc_admin
 public | oc_authtoken           | table | oc_admin
 public | oc_bruteforce_attempts | table | oc_admin
 public | oc_filecache           | table | oc_admin
 public | oc_group_admin         | table | oc_admin
 public | oc_group_user          | table | oc_admin
 public | oc_groups              | table | oc_admin
 public | oc_jobs                | table | oc_admin
 public | oc_migrations          | table | oc_admin
 public | oc_mimetypes           | table | oc_admin
 public | oc_mounts              | table | oc_admin
 public | oc_preferences         | table | oc_admin
 public | oc_properties          | table | oc_admin
 public | oc_share               | table | oc_admin
 public | oc_storages            | table | oc_admin
 public | oc_users               | table | oc_admin
 public | oc_vcategory           | table | oc_admin
(17 rows)

lknite avatar Mar 06 '25 00:03 lknite