Postgres authentication error when using different combination of passwords for artifactory HA

[daniyalj]

Platform

OpenShift

Version

Artifactory HA 6.9.0

Problem

Whenever I am setting a different postgres password other than "artifactory/password" I am getting an authentication error. I have tried many different combinations of password for postgres and none get set in db.properties file.

Error I am getting:

org.postgresql.util.PSQLException: FATAL: password authentication failed for user "artifactory"
--
  | at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:443)
  | at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:217)
  | at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:52)
  | at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:216)
  | at org.postgresql.Driver.makeConnection(Driver.java:404)
  | at org.postgresql.Driver.connect(Driver.java:272)

When I set the postgres password as username "artifactory" and password as "password" all works well.

I want to be able to set a unique password for postgres and not have such an insecure password.

[daniyalj]

The DB_PASSWORD env var is also getting completely ignored. If I take a look at the db.properties file in /opt/jfrog/artifactory/etc/ the postgres username and password are set as artifactory and password no matter what I set as DB_USERNAME and DB_PASSWORD

[eldada]

@daniyalj - can you make sure you run a clean setup without leftover old storage?
Can you provide steps to reproduce?

[daniyalj]

Create postgres database with the following params:

NAME=postgresql
NAMESPACE=postgres
SERVICE_ACCOUNT=artifactory-pgsql
POSTGRESQL_PVC_NAME=postgresql
POSTGRESQL_PVC_SIZE=1Gi
POSTGRESQL_SECRET_NAME=postgresql-credentials
POSTGRESQL_DATABASE=artifactory
INIT_CONTAINER_IMAGE=busybox
POSTGRESQL_USERNAME=dXNlcm5hbWUxMjMK
POSTGRESQL_PASSWORD=cGFzc3dvcmQxMjMK

Note: The username and password above are base64 encoded (username123 and password123)

Deploy artifactory HA 2 nodes with the following configuration:

NAME=artifactory 
NAMESPACE=postgres 
SERVICE_ACCOUNT=artifactory 
LICENSES_SECRET_NAME=artifactory-licenses 
MASTER_KEY_SECRET_NAME=artifactory-master-key 
BINARYSTORE_CONFIG_MAP_NAME=artifactory-binarystore 
DATABASE_CONFIG_MAP_NAME=artifactory-db 
DATABASE_CREDENTIALS_SECRET_NAME=postgresql-credentials 
DATABASE_TYPE=postgresql 
DATABASE_HOST=172.30.180.104 
DATABASE_PORT=5432 
ARTIFACTORY_IMAGE_STREAM_NAME=artifactory 
ARTIFACTORY_IMAGE_REPOSITORY=jfrog-docker-reg2.bintray.io/jfrog/artifactory-pro 
ARTIFACTORY_VERSION=6.9.0 
INIT_CONTAINER_IMAGE=alpine:3.6 
ARTIFACTORY_PVC_SIZE=5Gi 
ARTIFACTORY_DATA_PVC_SIZE=5Gi 
ARTIFACTORY_BACKUP_PVC_SIZE=5Gi 
CPU_REQUEST=500m 
CPU_LIMIT=1 
MEMORY_REQUEST=2Gi 
MEMORY_LIMIT=3Gi 
ARTIFACTORY_EXTRA_JAVA_OPTIONS=-Xms1g -Xmx2g 
HA_DATA_DIR=/var/opt/jfrog/artifactory/data 
HA_BACKUP_DIR=/var/opt/jfrog/artifactory/backup 
POSTGRESQL_SECRET_NAME=postgresql-credentials 
POSTGRESQL_USERNAME=dXNlcm5hbWUxMjMK 
POSTGRESQL_PASSWORD=cGFzc3dvcmQxMjMK 

Check the logs on the artifactory pod:

2019-04-22 15:53:49,240 [localhost-startStop-1] [JFrog-Access] [INFO ] (o.j.a.AccessApplication:597) - The following profiles are active: production,grpc
--
  | 2019-04-22 15:53:55,840 [localhost-startStop-1] [JFrog-Access] [ERROR] (o.a.t.j.p.ConnectionPool:487) - Unable to create initial connections of pool.
  | org.postgresql.util.PSQLException: FATAL: password authentication failed for user "artifactory"
  | at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:443)
  | at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:217)
  | at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:52)
  | at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:216)
  | at org.postgresql.Driver.makeConnection(Driver.java:404)
  | at org.postgresql.Driver.connect(Driver.java:272)

If you navigate to the artifactory pod and look at the db.properties the values of the db username and password do not change:

artifactory@artifactory-primary-1-phhcz:/$ cat /opt/jfrog/artifactory/etc/db.properties
...
type=postgresql
driver=org.postgresql.Driver
url=jdbc:postgresql://172.30.180.104:5432/artifactory
username=artifactory
password=password

Repeat the above with "artifactory" and "password" as the vars and the deployment will come up fine @eldada hope this helps

[cytim]

@daniyalj I had the exact same problem and found a workaround.

Assume I mounted my local directory /my/local/path/to/artifactory to the container /var/opt/jfrog/artifactory.

1. Remove the container docker rm -f artifactory.
2. Edit /my/local/path/to/artifactory/etc/db.properties directly to setup the correct password.
3. Run the image again.

[daniyalj]

@cytim Yeah that might be a little tricky to do in a k8s environment. I ended up using the helm chart for artifactory on OpenShift and it is much much more stable. Im not even sure why this repo exists.