Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bundled postgresql does not survive chart upgrade #36

Closed
wastrachan opened this issue Feb 13, 2021 · 3 comments
Closed

Bundled postgresql does not survive chart upgrade #36

wastrachan opened this issue Feb 13, 2021 · 3 comments

Comments

@wastrachan
Copy link
Contributor

After a chart upgrade, the netbox pod crash-loops with the following output:

django.db.utils.OperationalError: FATAL:  password authentication failed for user "netbox"

It appears that the default database credentials generated with the bundled chart do not persist upgrade. This can be reproduced by added a noop annotation (or modifying the config map) and running helm upgrade
@wastrachan wastrachan reopened this Feb 13, 2021
@bootc
Copy link
Member

bootc commented Feb 14, 2021

Hmm, yes, good catch. Do you have any thoughts about how to avoid this problem? I mean, aside from strongly recommending that an external PostgreSQL instance should be used, I guess...

@wastrachan
Copy link
Contributor Author

I suspect the culprit is https://github.com/bootc/netbox-chart/blob/master/templates/configmap.yaml#L27.

postgresql-password seems like it is randomly generated when bundled chart is rendered (https://github.com/bitnami/charts/blob/master/bitnami/postgresql/templates/_helpers.tpl#L59), but it is likely only evaluated when the database is initialized on first run. It's ultimately fed in as POSTGRESQL_PASSWORD (https://github.com/bitnami/bitnami-docker-postgresql#setting-the-root-password-on-first-run), which "when running the image for the first time will set the password", according to the maintainer.

Given this, the best (read: simplest) course of action (aside from using an external instance, of course), is probably just to set postgresqlPassword for the user by default, to prevent the password from auto-generating every time Helm renders the postgres chart. Obviously users should override this password if they're going to use the bundled postgres chart for anything but development purposes.

postgresql:
  ## Deploy PostgreSQL using bundled chart
  # To use an external database, set this to false and configure the settings
  # under externalDatabase
  enabled: true

  postgresqlUsername: netbox
  postgresqlPassword: netbox
  postgresqlDatabase: netbox

bootc added a commit that referenced this issue Feb 14, 2021
@bootc
Make it clear the PostgreSQL password should be supplied
b851d9f 
If the PostgreSQL password is not explicitly supplied during chart
installation or upgrades, a random password is generated and used when
initialising the database. On future upgrades a new password is
generated in the PostgreSQL Secret resource but the database password is
not changed, so the two go out of sync. This leads to NetBox and its
rqworker failing to start.

Closes #36
@bootc
Copy link
Member

bootc commented Feb 14, 2021

I think the best approach is to make it clear in the README that the password must be supplied if you're using the bundled PostgreSQL: b851d9f

Are you happy that that covers this problem off?

@bootc bootc closed this as completed in bd1684a Feb 15, 2021
@miriamstreit miriamstreit mentioned this issue Nov 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bootc @wastrachan