search

dCache / dcache

dCache - a system for storing and retrieving huge amounts of data, distributed among a large number of heterogenous server nodes, under a single virtual filesystem tree with a variety of standard access methods
https://dcache.org
291 stars 136 forks source link

chimera shell does not work with chimerashell.db.password.file #5898

Open rptaylor opened 3 years ago

rptaylor commented 3 years ago

Hello,

I have chimera.db.password.file = /etc/dcache/admin/chimera.pgpass in my layout file (and chimera.db.name, chimera.db.user are also defined). The chimera, pnfsmanager, cleaner etc. services all work fine.

After #2928 , the cleaner can use a password file too so I am trying to fully remove passwords from the config files (using dcache 5.2.41).

However chimera shell can not start. I am running as the dcache user to make sure I have read access to the /etc/dcache/admin/chimera.pgpass file.

$ chimera
ERROR - HikariPool-1 - Exception during pool initialization.
org.postgresql.util.PSQLException: FATAL: password authentication failed for user "chimera"
    at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:514)
    at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:141)
    at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
    at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
    at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
    at org.postgresql.Driver.makeConnection(Driver.java:454)
    at org.postgresql.Driver.connect(Driver.java:256)
    at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:117)
    at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:123)
    at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:375)
    at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:204)
    at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:459)
    at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:533)
    at com.zaxxer.hikari.pool.HikariPool.<init>(HikariPool.java:114)
    at com.zaxxer.hikari.HikariDataSource.<init>(HikariDataSource.java:72)
    at org.dcache.chimera.FsFactory.getDataSource(FsFactory.java:53)
    at org.dcache.chimera.FsFactory.createFileSystem(FsFactory.java:33)
    at org.dcache.chimera.cli.Shell.<init>(Shell.java:105)
    at org.dcache.chimera.cli.Shell.main(Shell.java:97)
Exception in thread "main" com.zaxxer.hikari.pool.HikariPool$PoolInitializationException: Failed to initialize pool: FATAL: password authentication failed for user "chimera"
    at com.zaxxer.hikari.pool.HikariPool.throwPoolInitializationException(HikariPool.java:568)
    at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:554)
    at com.zaxxer.hikari.pool.HikariPool.<init>(HikariPool.java:114)
    at com.zaxxer.hikari.HikariDataSource.<init>(HikariDataSource.java:72)
    at org.dcache.chimera.FsFactory.getDataSource(FsFactory.java:53)
    at org.dcache.chimera.FsFactory.createFileSystem(FsFactory.java:33)
    at org.dcache.chimera.cli.Shell.<init>(Shell.java:105)
    at org.dcache.chimera.cli.Shell.main(Shell.java:97)
Caused by: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "chimera"
    at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:514)
    at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:141)
    at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
    at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
    at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
    at org.postgresql.Driver.makeConnection(Driver.java:454)
    at org.postgresql.Driver.connect(Driver.java:256)
    at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:117)
    at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:123)
    at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:375)
    at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:204)
    at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:459)
    at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:533)
    ... 6 more

I see in /usr/share/dcache/defaults/chimerashell.properties

chimerashell.db.password.file = ${chimera.db.password.file}

implying that this should work and that the same configuration syntax (like a pgpass file) that works for chimera should also work for chimera shell.

It seems that chimera shell is unable to correctly read or use the configured chimerashell.db.password.file . It works only if I set chimerashell.db.password in the layout file.

kofemann commented 3 years ago

Duplicate of https://rt.dcache.org/Ticket/Display.html?id=10130

rptaylor commented 1 year ago

Has there been any update on that internal RT? I can't see it.

kofemann commented 1 year ago

Hi @rptaylor. I am pretty sure that the issue has been solved in commit c262f5491d07880b541f11d0b5edf8265d105854 and is available starting from 7.1.10

nsc-jens commented 1 year ago

Indeed. But I did notice last week that the dcache command isn't dcache.db.password.file aware. At least the "dcache database update" command isn't. I need to write a ticket about that.