Icinga / helm-charts

Kubernetes Helm charts to deploy a ready-to-use Icinga monitoring stack.
https://icinga.com
Apache License 2.0
9 stars 13 forks source link

[Bug]: Director Daemon does not start: DB configuration is not valid #12

Open jasase opened 1 year ago

jasase commented 1 year ago

Affected Chart

icinga-stack

Which version of the app contains the bug?

0.1.0

Please describe your problem

Creating clean installation of helm chart icinga-stack with this config values:

icingaweb2:
  auth:
    admin_password: SecurePassword1!
global:
  api:
    users:
      director:
        password: SecurePassword1!
      icingaweb:
        password: SecurePassword1!
  databases:
    director:
      password: SecurePassword1!
    icingadb:
      password: SecurePassword1!
    icingaweb2:
      password: SecurePassword1!
    x509:
      password: SecurePassword1!
icinga2:
  config:
    ticket_salt: 17243691872387e9yesrv213875654vc98761256v9876

Everything is running except the Director daemon which fails with this message: DB configuration is not valid

jasase commented 1 year ago

Startup log of the icingaweb2-director container

[Fri Jun 9 10:25:54.342331944 2023] [docker_entrypoint:info] [pid 1] DOCKERE: Initializing /data as we're the init process
[Fri Jun 9 10:25:54.342704239 2023] [docker_entrypoint:debug] [pid 1] DOCKERE: Creating "/data/etc/icingaweb2/enabledModules"
[Fri Jun 9 10:25:54.342800738 2023] [docker_entrypoint:debug] [pid 1] DOCKERE: Creating "/data/var/lib/icingaweb2"
[Fri Jun 9 10:25:54.342817738 2023] [docker_entrypoint:debug] [pid 1] DOCKERE: Translating env vars to .ini config
[Fri Jun 9 10:25:54.342997536 2023] [docker_entrypoint:trace1] [pid 1] DOCKERE: Writing "/data/etc/icingaweb2/modules/director/config.ini"
[Fri Jun 9 10:25:54.343151634 2023] [docker_entrypoint:trace1] [pid 1] DOCKERE: Writing "/data/etc/icingaweb2/modules/icingadb/commandtransports.ini"
[Fri Jun 9 10:25:54.343272332 2023] [docker_entrypoint:trace1] [pid 1] DOCKERE: Writing "/data/etc/icingaweb2/modules/icingadb/config.ini"
[Fri Jun 9 10:25:54.343390731 2023] [docker_entrypoint:trace1] [pid 1] DOCKERE: Writing "/data/etc/icingaweb2/config.ini"
[Fri Jun 9 10:25:54.343497129 2023] [docker_entrypoint:trace1] [pid 1] DOCKERE: Writing "/data/etc/icingaweb2/groups.ini"
[Fri Jun 9 10:25:54.343604328 2023] [docker_entrypoint:trace1] [pid 1] DOCKERE: Writing "/data/etc/icingaweb2/modules/director/kickstart.ini"
[Fri Jun 9 10:25:54.343730227 2023] [docker_entrypoint:trace1] [pid 1] DOCKERE: Writing "/data/etc/icingaweb2/modules/icingadb/redis.ini"
[Fri Jun 9 10:25:54.343834325 2023] [docker_entrypoint:trace1] [pid 1] DOCKERE: Writing "/data/etc/icingaweb2/roles.ini"
[Fri Jun 9 10:25:54.343954524 2023] [docker_entrypoint:trace1] [pid 1] DOCKERE: Writing "/data/etc/icingaweb2/resources.ini"
[Fri Jun 9 10:25:54.344079122 2023] [docker_entrypoint:trace1] [pid 1] DOCKERE: Writing "/data/etc/icingaweb2/authentication.ini"
[Fri Jun 9 10:25:54.344184121 2023] [docker_entrypoint:debug] [pid 1] DOCKERE: Enabling/disabling modules
[Fri Jun 9 10:25:54.34428932 2023] [docker_entrypoint:trace1] [pid 1] DOCKERE: Disabling module "dockerentrypoint"
[Fri Jun 9 10:25:54.344359919 2023] [docker_entrypoint:trace1] [pid 1] DOCKERE: Disabling module "setup"
[Fri Jun 9 10:25:54.344418218 2023] [docker_entrypoint:info] [pid 1] DOCKERE: Checking database resources used as backends
[Fri Jun 9 10:25:54.512994747 2023] [docker_entrypoint:debug] [pid 1] DOCKERE: Checking database resource "icingaweb2db"
[Fri Jun 9 10:25:54.731485363 2023] [docker_entrypoint:info] [pid 1] DOCKERE: Ensuring database authentication backend "icingaweb2" to have a user "icingaweb" with the password "***"
[Fri Jun 9 10:25:56.021364315 2023] [docker_entrypoint:info] [pid 1] DOCKERE: Running "/bin/bash"
Config 'b175ca0562434deeb4fb1fc03fd80cd7361b56df' has been deployed
DB configuration is not valid
mocdaniel commented 1 year ago

Thanks for the report, I can confirm the described behaviour. You came across a problem with 'special' characters in the *.ini config files of Icingaweb2, in your case, ! in the provided passwords (see also this Director issue).

When rendering the charts, we normally wrap all values which end up in files in double quotes if they are strings, just to make sure. In this particular case though, the resources.ini gets generated for us by the container's entrypoint based on the environment variables we pass.

So, while we could work around this in some way, I'd prefer to tackle this problem upstream in icinga/docker-icingaweb2 and have passwords and the likes properly escaped at generation time.

I will open an issue there and try to get a fix merged and released asap. I will also refer back to this issue for tracking purposes. In the meantime, I'd ask you to use a weaker, alphanumeric password - seeing as this project is not production ready yet, this should be an okay-ish workaround.

jasase commented 1 year ago

Thanks for the fast reply. Using alpanumeric password is working.