Unable to create PostgreSQL users
hamarituc opened this issue Β· comments
π» Brief Description
The postgresql_role
ressource isn't able to create a user object, because the authentication to the PostgreSQL service fails.
π₯ Cookbook version
11.0.1
π©βπ³ Chef-Infra Version
17.10.0
π© Platform details
Debian 11
Steps To Reproduce
- Consider the following recipe
postgresql_install 'postgresql' do
version 13
action [ :install, :init_server ]
end
postgresql_service 'postgresql' do
action [ :enable, :start ]
end
postgresql_user 'foo' do
unencrypted_password 'bar'
end
- Converge will produce the following error
Cinc Client, version 17.10.0
Patents: https://www.chef.io/patents
Infra Phase starting
Creating a new client identity for test-debian-11 using the validator key.
Resolving cookbooks for run list: ["apt::default", "test::test"]
Synchronizing cookbooks:
- apt (7.4.3)
- postgresql (11.0.1)
- test (1.0.0)
- yum (7.4.1)
Installing cookbook gem dependencies:
Compiling cookbooks...
Loading Cinc Auditor profile files:
Loading Cinc Auditor input files:
Loading Cinc Auditor waiver files:
Converging 13 resources
Recipe: apt::default
* file[/var/lib/apt/periodic/update-success-stamp] action nothing (skipped due to action :nothing)
* apt_update[periodic] action periodic
* directory[/var/lib/apt/periodic] action create (up to date)
* directory[/etc/apt/apt.conf.d] action create (up to date)
* file[/etc/apt/apt.conf.d/15update-stamp] action create_if_missing
- create new file /etc/apt/apt.conf.d/15update-stamp
- update content in file /etc/apt/apt.conf.d/15update-stamp from none to 174cdb
--- /etc/apt/apt.conf.d/15update-stamp 2022-12-14 17:06:31.005084124 +0100
+++ /etc/apt/apt.conf.d/.chef-15update-stamp20221214-1566-e8tidr 2022-12-14 17:06:31.005084124 +0100
@@ -1 +1,2 @@
+APT::Update::Post-Invoke-Success {"touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";};
* execute[apt-get -q update] action run
- execute ["apt-get", "-q", "update"]
- update new lists of packages
* execute[apt-get update] action nothing (skipped due to action :nothing)
* execute[apt-get autoremove] action nothing (skipped due to action :nothing)
* execute[apt-get autoclean] action nothing (skipped due to action :nothing)
* directory[/var/cache/local] action create
- create new directory /var/cache/local
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
* directory[/var/cache/local/preseeding] action create
- create new directory /var/cache/local/preseeding
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
* template[/etc/apt/apt.conf.d/10dpkg-options] action create
- create new file /etc/apt/apt.conf.d/10dpkg-options
- update content in file /etc/apt/apt.conf.d/10dpkg-options from none to c918ac
--- /etc/apt/apt.conf.d/10dpkg-options 2022-12-14 17:06:34.677021449 +0100
+++ /etc/apt/apt.conf.d/.chef-10dpkg-options20221214-1566-dcotpd 2022-12-14 17:06:34.677021449 +0100
@@ -1,3 +1,6 @@
+# Managed by Chef
+DPkg::Options {
+}
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
* template[/etc/apt/apt.conf.d/10recommends] action create
- create new file /etc/apt/apt.conf.d/10recommends
- update content in file /etc/apt/apt.conf.d/10recommends from none to f41e1d
--- /etc/apt/apt.conf.d/10recommends 2022-12-14 17:06:34.689021265 +0100
+++ /etc/apt/apt.conf.d/.chef-10recommends20221214-1566-nkcwq2 2022-12-14 17:06:34.689021265 +0100
@@ -1,3 +1,6 @@
+# Managed by Chef
+APT::Install-Recommends "1";
+APT::Install-Suggests "0";
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
* apt_package[apt-transport-https, gnupg, dirmngr] action install
- install version 2.2.4 of package apt-transport-https
- install version 2.2.27-2+deb11u2 of package gnupg
- install version 2.2.27-2+deb11u2 of package dirmngr
Recipe: test::test
* postgresql_install[postgresql] action install
* apt_update[] action periodic (up to date)
* apt_package[apt-transport-https] action install (up to date)
* apt_repository[postgresql_org_repository_13] action add
* execute[apt-cache gencaches] action nothing (skipped due to action :nothing)
* apt_update[postgresql_org_repository_13] action nothing (skipped due to action :nothing)
* remote_file[/tmp/kitchen/cache/https___download_postgresql_org_pub_repos_apt_ACCC4CF8_asc] action create
- create new file /tmp/kitchen/cache/https___download_postgresql_org_pub_repos_apt_ACCC4CF8_asc
- update content in file /tmp/kitchen/cache/https___download_postgresql_org_pub_repos_apt_ACCC4CF8_asc from none to 014406
--- /tmp/kitchen/cache/https___download_postgresql_org_pub_repos_apt_ACCC4CF8_asc 2022-12-14 17:06:38.716967533 +0100
+++ /tmp/kitchen/cache/.chef-https___download_postgresql_org_pub_repos_apt_ACCC4CF8_asc20221214-1566-nep5uc 2022-12-14 17:06:38.688967865 +0100
@@ -1,77 +1,154 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBE6XR8IBEACVdDKT2HEH1IyHzXkb4nIWAY7echjRxo7MTcj4vbXAyBKOfjja
+UrBEJWHN6fjKJXOYWXHLIYg0hOGeW9qcSiaa1/rYIbOzjfGfhE4x0Y+NJHS1db0V
+G6GUj3qXaeyqIJGS2z7m0Thy4Lgr/LpZlZ78Nf1fliSzBlMo1sV7PpP/7zUO+aA4
+bKa8Rio3weMXQOZgclzgeSdqtwKnyKTQdXY5MkH1QXyFIk1nTfWwyqpJjHlgtwMi
+c2cxjqG5nnV9rIYlTTjYG6RBglq0SmzF/raBnF4Lwjxq4qRqvRllBXdFu5+2pMfC
+IZ10HPRdqDCTN60DUix+BTzBUT30NzaLhZbOMT5RvQtvTVgWpeIn20i2NrPWNCUh
+hj490dKDLpK/v+A5/i8zPvN4c6MkDHi1FZfaoz3863dylUBR3Ip26oM0hHXf4/2U
+A/oA4pCl2W0hc4aNtozjKHkVjRx5Q8/hVYu+39csFWxo6YSB/KgIEw+0W8DiTII3
+RQj/OlD68ZDmGLyQPiJvaEtY9fDrcSpI0Esm0i4sjkNbuuh0Cvwwwqo5EF1zfkVj
+Tqz2REYQGMJGc5LUbIpk5sMHo1HWV038TWxlDRwtOdzw08zQA6BeWe9FOokRPeR2
+AqhyaJJwOZJodKZ76S+LDwFkTLzEKnYPCzkoRwLrEdNt1M7wQBThnC5z6wARAQAB
+tBxQb3N0Z3JlU1FMIERlYmlhbiBSZXBvc2l0b3J5iQJOBBMBCAA4AhsDBQsJCAcD
+BRUKCQgLBRYCAwEAAh4BAheAFiEEuXsK/KoaR/BE8kSgf8x9RqzMTPgFAlhtCD8A
+CgkQf8x9RqzMTPgECxAAk8uL+dwveTv6eH21tIHcltt8U3Ofajdo+D/ayO53LiYO
+xi27kdHD0zvFMUWXLGxQtWyeqqDRvDagfWglHucIcaLxoxNwL8+e+9hVFIEskQAY
+kVToBCKMXTQDLarz8/J030Pmcv3ihbwB+jhnykMuyyNmht4kq0CNgnlcMCdVz0d3
+z/09puryIHJrD+A8y3TD4RM74snQuwc9u5bsckvRtRJKbP3GX5JaFZAqUyZNRJRJ
+Tn2OQRBhCpxhlZ2afkAPFIq2aVnEt/Ie6tmeRCzsW3lOxEH2K7MQSfSu/kRz7ELf
+Cz3NJHj7rMzC+76Rhsas60t9CjmvMuGONEpctijDWONLCuch3Pdj6XpC+MVxpgBy
+2VUdkunb48YhXNW0jgFGM/BFRj+dMQOUbY8PjJjsmVV0joDruWATQG/M4C7O8iU0
+B7o6yVv4m8LDEN9CiR6r7H17m4xZseT3f+0QpMe7iQjz6XxTUFRQxXqzmNnloA1T
+7VjwPqIIzkj/u0V8nICG/ktLzp1OsCFatWXh7LbU+hwYl6gsFH/mFDqVxJ3+DKQi
+vyf1NatzEwl62foVjGUSpvh3ymtmtUQ4JUkNDsXiRBWczaiGSuzD9Qi0ONdkAX3b
+ewqmN4TfE+XIpCPxxHXwGq9Rv1IFjOdCX0iG436GHyTLC1tTUIKF5xV4Y0+cXIOI
+RgQQEQgABgUCTpdI7gAKCRDFr3dKWFELWqaPAKD1TtT5c3sZz92Fj97KYmqbNQZP
++ACfSC6+hfvlj4GxmUjp1aepoVTo3weJAhwEEAEIAAYFAk6XSQsACgkQTFprqxLS
+p64F8Q//cCcutwrH50UoRFejg0EIZav6LUKejC6kpLeubbEtuaIH3r2zMblPGc4i
++eMQKo/PqyQrceRXeNNlqO6/exHozYi2meudxa6IudhwJIOn1MQykJbNMSC2sGUp
+1W5M1N5EYgt4hy+qhlfnD66LR4G+9t5FscTJSy84SdiOuqgCOpQmPkVRm1HX5X1+
+dmnzMOCk5LHHQuiacV0qeGO7JcBCVEIDr+uhU1H2u5GPFNHm5u15n25tOxVivb94
+xg6NDjouECBH7cCVuW79YcExH/0X3/9G45rjdHlKPH1OIUJiiX47OTxdG3dAbB4Q
+fnViRJhjehFscFvYWSqXo3pgWqUsEvv9qJac2ZEMSz9x2mj0ekWxuM6/hGWxJdB+
++985rIelPmc7VRAXOjIxWknrXnPCZAMlPlDLu6+vZ5BhFX0Be3y38f7GNCxFkJzl
+hWZ4Cj3WojMj+0DaC1eKTj3rJ7OJlt9S9xnO7OOPEUTGyzgNIDAyCiu8F4huLPaT
+ape6RupxOMHZeoCVlqx3ouWctelB2oNXcxxiQ/8y+21aHfD4n/CiIFwDvIQjl7dg
+mT3u5Lr6yxuosR3QJx1P6rP5ZrDTP9khT30t+HZCbvs5Pq+v/9m6XDmi+NlU7Zuh
+Ehy97tL3uBDgoL4b/5BpFL5U9nruPlQzGq1P9jj40dxAaDAX/WKJAj0EEwEIACcC
+GwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlB5KywFCQPDFt8ACgkQf8x9RqzM
+TPhuCQ//QAjRSAOCQ02qmUAikT+mTB6baOAakkYq6uHbEO7qPZkv4E/M+HPIJ4wd
+nBNeSQjfvdNcZBA/x0hr5EMcBneKKPDj4hJ0panOIRQmNSTThQw9OU351gm3YQct
+AMPRUu1fTJAL/AuZUQf9ESmhyVtWNlH/56HBfYjE4iVeaRkkNLJyX3vkWdJSMwC/
+LO3Lw/0M3R8itDsm74F8w4xOdSQ52nSRFRh7PunFtREl+QzQ3EA/WB4AIj3VohIG
+kWDfPFCzV3cyZQiEnjAe9gG5pHsXHUWQsDFZ12t784JgkGyO5wT26pzTiuApWM3k
+/9V+o3HJSgH5hn7wuTi3TelEFwP1fNzI5iUUtZdtxbFOfWMnZAypEhaLmXNkg4zD
+kH44r0ss9fR0DAgUav1a25UnbOn4PgIEQy2fgHKHwRpCy20d6oCSlmgyWsR40EPP
+YvtGq49A2aK6ibXmdvvFT+Ts8Z+q2SkFpoYFX20mR2nsF0fbt1lfH65P64dukxeR
+GteWIeNakDD40bAAOH8+OaoTGVBJ2ACJfLVNM53PEoftavAwUYMrR910qvwYfd/4
+6rh46g1Frr9SFMKYE9uvIJIgDsQB3QBp71houU4H55M5GD8XURYs+bfiQpJG1p7e
+B8e5jZx1SagNWc4XwL2FzQ9svrkbg1Y+359buUiP7T6QXX2zY++JAj0EEwEIACcC
+GwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlEqbZUFCQg2wEEACgkQf8x9RqzM
+TPhFMQ//WxAfKMdpSIA9oIC/yPD/dJpY/+DyouOljpE6MucMy/ArBECjFTBwi/j9
+NYM4ynAk34IkhuNexc1i9/05f5RM6+riLCLgAOsADDbHD4miZzoSxiVr6GQ3YXMb
+OGld9kV9Sy6mGNjcUov7iFcf5Hy5w3AjPfKuR9zXswyfzIU1YXObiiZT38l55pp/
+BSgvGVQsvbNjsff5CbEKXS7q3xW+WzN0QWF6YsfNVhFjRGj8hKtHvwKcA02wwjLe
+LXVTm6915ZUKhZXUFc0vM4Pj4EgNswH8Ojw9AJaKWJIZmLyW+aP+wpu6YwVCicxB
+Y59CzBO2pPJDfKFQzUtrErk9irXeuCCLesDyirxJhv8o0JAvmnMAKOLhNFUrSQ2m
++3EnF7zhfz70gHW+EG8X8mL/EN3/dUM09j6TVrjtw43RLxBzwMDeariFF9yC+5bL
+tnGgxjsB9Ik6GV5v34/NEEGf1qBiAzFmDVFRZlrNDkq6gmpvGnA5hUWNr+y0i01L
+jGyaLSWHYjgw2UEQOqcUtTFK9MNzbZze4mVaHMEz9/aMfX25R6qbiNqCChveIm8m
+Yr5Ds2zdZx+G5bAKdzX7nx2IUAxFQJEE94VLSp3npAaTWv3sHr7dR8tSyUJ9poDw
+gw4W9BIcnAM7zvFYbLF5FNggg/26njHCCN70sHt8zGxKQINMc6SJAj0EEwEIACcC
+GwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlLpFRkFCQ6EJy0ACgkQf8x9RqzM
+TPjOZA//Zp0e25pcvle7cLc0YuFr9pBv2JIkLzPm83nkcwKmxaWayUIG4Sv6pH6h
+m8+S/CHQij/yFCX+o3ngMw2J9HBUvafZ4bnbI0RGJ70GsAwraQ0VlkIfg7GUw3Tz
+voGYO42rZTru9S0K/6nFP6D1HUu+U+AsJONLeb6oypQgInfXQExPZyliUnHdipei
+4WR1YFW6sjSkZT/5C3J1wkAvPl5lvOVthI9Zs6bZlJLZwusKxU0UM4Btgu1Sf3nn
+JcHmzisixwS9PMHE+AgPWIGSec/N27a0KmTTvImV6K6nEjXJey0K2+EYJuIBsYUN
+orOGBwDFIhfRk9qGlpgt0KRyguV+AP5qvgry95IrYtrOuE7307SidEbSnvO5ezNe
+mE7gT9Z1tM7IMPfmoKph4BfpNoH7aXiQh1Wo+ChdP92hZUtQrY2Nm13cmkxYjQ4Z
+gMWfYMC+DA/GooSgZM5i6hYqyyfAuUD9kwRN6BqTbuAUAp+hCWYeN4D88sLYpFh3
+paDYNKJ+Gf7Yyi6gThcV956RUFDH3ys5Dk0vDL9NiWwdebWfRFbzoRM3dyGP889a
+OyLzS3mh6nHzZrNGhW73kslSQek8tjKrB+56hXOnb4HaElTZGDvD5wmrrhN94kby
+Gtz3cydIohvNO9d90+29h0eGEDYti7j7maHkBKUAwlcPvMg5m3Y=
+=DA1T
+-----END PGP PUBLIC KEY BLOCK-----
- change mode from '' to '0644'
* execute[apt-key add /tmp/kitchen/cache/https___download_postgresql_org_pub_repos_apt_ACCC4CF8_asc] action run
- execute ["apt-key", "add", "/tmp/kitchen/cache/https___download_postgresql_org_pub_repos_apt_ACCC4CF8_asc"]
* execute[apt-cache gencaches] action run
- execute ["apt-cache", "gencaches"]
* file[/etc/apt/sources.list.d/postgresql_org_repository_13.list] action create
- create new file /etc/apt/sources.list.d/postgresql_org_repository_13.list
- update content in file /etc/apt/sources.list.d/postgresql_org_repository_13.list from none to 8709cd
--- /etc/apt/sources.list.d/postgresql_org_repository_13.list 2022-12-14 17:06:39.396959774 +0100
+++ /etc/apt/sources.list.d/.chef-postgresql_org_repository_1320221214-1566-s8efbv.list 2022-12-14 17:06:39.396959774 +0100
@@ -1 +1,2 @@
+deb https://download.postgresql.org/pub/repos/apt/ bullseye-pgdg main 13
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
* execute[apt-cache gencaches] action run
- execute ["apt-cache", "gencaches"]
* apt_update[postgresql_org_repository_13] action update
* directory[/var/lib/apt/periodic] action create (up to date)
* directory[/etc/apt/apt.conf.d] action create (up to date)
* file[/etc/apt/apt.conf.d/15update-stamp] action create_if_missing (up to date)
* execute[apt-get -q update] action run
- execute ["apt-get", "-q", "update"]
- force update new lists of packages
* apt_update[] action periodic (up to date)
* apt_package[apt-transport-https] action install (up to date)
* apt_repository[postgresql_org_repository_13] action add
* execute[apt-cache gencaches] action nothing (skipped due to action :nothing)
* apt_update[postgresql_org_repository_13] action nothing (skipped due to action :nothing)
* remote_file[/tmp/kitchen/cache/https___download_postgresql_org_pub_repos_apt_ACCC4CF8_asc] action create (up to date)
* execute[apt-key add /tmp/kitchen/cache/https___download_postgresql_org_pub_repos_apt_ACCC4CF8_asc] action run (skipped due to not_if)
* file[/etc/apt/sources.list.d/postgresql_org_repository_13.list] action create (up to date)
(up to date)
* apt_package[postgresql-client] action install
- install version 13.9-1.pgdg110+1 of package postgresql-client-13
* ohai[postgresql_client_packages] action nothing (skipped due to action :nothing)
* ohai[postgresql_client_packages] action reload/opt/cinc/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai/plugins/rpm.rb:25: warning: already initialized constant MACROS_MARKER
/opt/cinc/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai/plugins/rpm.rb:25: warning: previous definition of MACROS_MARKER was here
/opt/cinc/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai/plugins/rpm.rb:27: warning: already initialized constant DO_NOT_SPLIT
/opt/cinc/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai/plugins/rpm.rb:27: warning: previous definition of DO_NOT_SPLIT was here
- re-run ohai and merge results into node attributes
* apt_package[postgresql-server] action install
- install version 13.9-1.pgdg110+1 of package postgresql-13
- install version 246.pgdg110+1 of package postgresql-common
* ohai[postgresql_server_packages] action nothing (skipped due to action :nothing)
* ohai[postgresql_server_packages] action reload/opt/cinc/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai/plugins/rpm.rb:25: warning: already initialized constant MACROS_MARKER
/opt/cinc/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai/plugins/rpm.rb:25: warning: previous definition of MACROS_MARKER was here
/opt/cinc/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai/plugins/rpm.rb:27: warning: already initialized constant DO_NOT_SPLIT
/opt/cinc/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai/plugins/rpm.rb:27: warning: previous definition of DO_NOT_SPLIT was here
- re-run ohai and merge results into node attributes
* template[/etc/postgresql-common/createcluster.conf] action create
- update content in file /etc/postgresql-common/createcluster.conf from 44c2b8 to 8d8337
--- /etc/postgresql-common/createcluster.conf 2022-12-14 17:06:56.896842530 +0100
+++ /etc/postgresql-common/.chef-createcluster20221214-1566-hip1hw.conf 2022-12-14 17:07:02.932824463 +0100
@@ -1,3 +1,8 @@
+#
+# Generated by Chef for test-debian-11.vagrantup.com
+# Do NOT modify this file by hand.
+#
+
# Default values for pg_createcluster(8)
# Occurrences of '%v' are replaced by the major version number,
# and '%c' by the cluster name. Use '%%' for a literal '%'.
@@ -17,7 +22,7 @@
#waldir = '/var/lib/postgresql/wal/%v/%c/pg_wal'
# Options to pass to initdb.
-#initdb_options = ''
+initdb_options = ''
# The following options are copied into the new cluster's postgresql.conf:
@@ -28,7 +33,7 @@
# Show cluster name in process title
cluster_name = '%v/%c'
-# Put stats_temp_directory on tmpfs (PG <= 14)
+# Put stats_temp_directory on tmpfs
stats_temp_directory = '/var/run/postgresql/%v-%c.pg_stat_tmp'
# Add prefix to log lines
* postgresql_install[postgresql] action init_server (up to date)
* postgresql_service[postgresql] action enable
* service[postgresql] action enable (up to date)
(up to date)
* postgresql_service[postgresql] action start
* service[postgresql] action nothing (skipped due to action :nothing)
* service[postgresql] action start (up to date)
(up to date)
* postgresql_user[foo] action create
Recipe: <Dynamically Defined Resource>
* build_essential[Build Essential] action install
* apt_package[autoconf, binutils-doc, bison, build-essential, flex, gettext, ncurses-dev] action install
- install version 2.69-14 of package autoconf
- install version 2.35.2-2 of package binutils-doc
- install version 2:3.7.5+dfsg-1 of package bison
- install version 12.9 of package build-essential
- install version 2.6.4-8 of package flex
- install version 0.21-4 of package gettext
- install version 6.2+20201114-2 of package ncurses-dev
* apt_package[libpq-dev] action install
- install version 15.1-1.pgdg110+1 of package libpq-dev
* chef_gem[pg] action install
- install version ~> 1.4 of package pg
================================================================================
Error executing action `create` on resource 'postgresql_user[foo]'
================================================================================
PG::ConnectionBad
-----------------
connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: Peer authentication failed for user "postgres"
Cookbook Trace: (most recent call first)
----------------------------------------
/tmp/kitchen/cache/cookbooks/postgresql/libraries/sql/_connection.rb:111:in `pg_client'
/tmp/kitchen/cache/cookbooks/postgresql/libraries/sql/_connection.rb:135:in `execute_sql_params'
/tmp/kitchen/cache/cookbooks/postgresql/libraries/sql/role.rb:46:in `pg_role?'
/tmp/kitchen/cache/cookbooks/postgresql/resources/role.rb:86:in `block in class_from_file'
Resource Declaration:
---------------------
suppressed sensitive resource output
Compiled Resource:
------------------
suppressed sensitive resource output
System Info:
------------
chef_version=17.10.0
platform=debian
platform_version=11
ruby=ruby 3.0.3p157 (2021-11-24 revision 3fb7d2cadc) [x86_64-linux]
program_name=/opt/cinc/bin/cinc-client
executable=/opt/cinc/bin/cinc-client
Running handlers:
[2022-12-14T17:07:35+01:00] ERROR: Running exception handlers
Running handlers complete
[2022-12-14T17:07:35+01:00] ERROR: Exception handlers complete
Infra Phase failed. 30 resources updated in 01 minutes 07 seconds
[2022-12-14T17:07:35+01:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/cinc-stacktrace.out
[2022-12-14T17:07:35+01:00] FATAL: ---------------------------------------------------------------------------------------
[2022-12-14T17:07:35+01:00] FATAL: PLEASE PROVIDE THE CONTENTS OF THE stacktrace.out FILE (above) IF YOU FILE A BUG REPORT
[2022-12-14T17:07:35+01:00] FATAL: ---------------------------------------------------------------------------------------
[2022-12-14T17:07:35+01:00] FATAL: PG::ConnectionBad: postgresql_user[foo] (test::test line 10) had an error: PG::ConnectionBad: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: Peer authentication failed for user "postgres"
π Expected behavior
The PostgreSQL user object foo
should be created successfully.
β Additional context
The file /etc/postgresql/13/main/pg_hba.conf
contains the following content (skipped header comments for readability).
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
Since version 11 the SQL query are executed via the Chef Infra Client which is ran as user root
. The root
-user cannot perform peer authentication of the postgres
database superuser.
It seems the cookbook requires to trust all superuser access to the database, although there is no reference to it in the postgresql_role
-documentation. At least all CI tests contain the following resource.
postgresql_access 'local all postgresql trust' do
type 'local'
database 'all'
user 'postgres'
auth_method 'trust'
comment 'Testing local postgres trust'
end
But this would introduce a severe security weakness into the database server. This would effectively provide superuser access to the database to every unprivileged user with local access to the server. This is strongly discouraged and shouldn't be a valid solution.
CI tests shouldn't even rely on the HBA rule, to identify such issues in advance.
SQL queries issued from the Chef Infra Client should be executed with the postgres
local user privileges.