Oc_admin user incrementing number on install

2fst4u commented 6 months ago

Describe your Issue

I've changed to an ha postgres setup, with pgpool using bitnami's postgresql-ha helm chart. I'm using this postgres database with another application but when I go to install nextcloud on first start it gives the following errors:

Logs and Errors

New nextcloud instance

Installing with PostgreSQL database

=> Searching for scripts (*.sh) to run, located in the folder: /docker-entrypoint-hooks.d/pre-installation

Starting nextcloud installation

PostgreSQL username and/or password not valid

 -> You need to enter details of an existing account.

Trace: #0 /var/www/html/lib/private/Setup.php(356): OC\Setup\PostgreSQL->setupDatabase('ncadmin')

#1 /var/www/html/core/Command/Maintenance/Install.php(113): OC\Setup->install(Array, NULL)

#2 /var/www/html/3rdparty/symfony/console/Command/Command.php(298): OC\Core\Command\Maintenance\Install->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

#3 /var/www/html/3rdparty/symfony/console/Application.php(1040): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

#4 /var/www/html/3rdparty/symfony/console/Application.php(301): Symfony\Component\Console\Application->doRunCommand(Object(OC\Core\Command\Maintenance\Install), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

#5 /var/www/html/3rdparty/symfony/console/Application.php(171): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

#6 /var/www/html/lib/private/Console/Application.php(206): Symfony\Component\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

#7 /var/www/html/console.php(100): OC\Console\Application->run()

#8 /var/www/html/occ(11): require_once('/var/www/html/c...')

#9 {main}

Previous: Doctrine\DBAL\Exception: Failed to connect to the database: An exception occurred in the driver: SQLSTATE[08006] [7] connection to server at "postgres-postgresql-ha-pgpool.database" (10.43.251.141), port 5432 failed: FATAL:  SCRAM authentication failed

DETAIL:  pool_passwd file does not contain an entry for "oc_ncadmin13"

Trace: #0 /var/www/html/lib/private/Setup/PostgreSQL.php(112): OC\DB\Connection->connect()

#1 /var/www/html/lib/private/Setup.php(356): OC\Setup\PostgreSQL->setupDatabase('ncadmin')

#2 /var/www/html/core/Command/Maintenance/Install.php(113): OC\Setup->install(Array, NULL)

#3 /var/www/html/3rdparty/symfony/console/Command/Command.php(298): OC\Core\Command\Maintenance\Install->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

#4 /var/www/html/3rdparty/symfony/console/Application.php(1040): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

#5 /var/www/html/3rdparty/symfony/console/Application.php(301): Symfony\Component\Console\Application->doRunCommand(Object(OC\Core\Command\Maintenance\Install), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

#6 /var/www/html/3rdparty/symfony/console/Application.php(171): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

#7 /var/www/html/lib/private/Console/Application.php(206): Symfony\Component\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

#8 /var/www/html/console.php(100): OC\Console\Application->run()

#9 /var/www/html/occ(11): require_once('/var/www/html/c...')

#10 {main}

Retrying install...

Which says pool_passwd file does not contain an entry for "oc_ncadmin13" but the user shouldn't be oc_ncadmin13, it should just be oc_ncadmin. I have added oc_ncadmin to the passwd file but every time I try to restart the install the user it attempts to authenticate with increments. Why is it adding a number to the end of the user each time?

Describe your Environment

K3s

Helm Version (or App that manages helm): I'm not even sure, i use flux.io to create helm deployments. helm version says helm isn't installed on my k3s nodes so I don't know how it works. I'm using a lot of helm charts from other places though.
Helm Chart Version: 4.5.9
values.yaml:

image:
      repository: nextcloud
      pullPolicy: IfNotPresent
    replicaCount: 1

    ingress:
      enabled: false

    phpClientHttpsFix:
      enabled: false
      protocol: https

    nextcloud:
      host: url
      username: admin
      password: changeme
      ## Use an existing secret
      existingSecret:
        enabled: true
        secretName: nextcloud-secret
        usernameKey: adminusername
        passwordKey: adminpassword
        # tokenKey: serverinfo_token
        smtpUsernameKey: smtp_username
        smtpPasswordKey: smtp_password
        smtpHostKey: smtp_host
      update: 0
      containerPort: 80
      datadir: /var/www/html/data
      persistence:
        subPath:
      mail:
        enabled: true
        fromAddress: nextcloud
        domain: gmail.com
        smtp:
          host: smtp.gmail.com
          secure: ssl
          port: 465
          authtype: LOGIN
      phpConfigs: {}
      defaultConfigs:
        # To protect /var/www/html/config
        .htaccess: true
        # Redis default configuration
        redis.config.php: false
        # Apache configuration for rewrite urls
        apache-pretty-urls.config.php: true
        # Define APCu as local cache
        apcu.config.php: true
        # Apps directory configs
        apps.config.php: true
        # Used for auto configure database
        autoconfig.php: true

      configs:

        custom.config.php: |-
          <?php
          $CONFIG = array (
            'overwritehost' => 'url',
            'overwriteprotocol' => 'https',
            'overwrite.cli.url' => 'url',
            'filelocking.enabled' => 'true',
            'loglevel' => '2',
            'enable_previews' => true,
            'trusted_domains' =>
              [
                'nextcloud',
                'Url'
              ],
            'trusted_proxies' => ['10.0.0.0/8'],
            'default_phone_region' => 'nz',
            'maintenance' => false,
          );

        redis.config.php: |-
          <?php
          $CONFIG = array (
            'memcache.local' => '\OC\Memcache\APCu',
            'memcache.distributed' => '\OC\Memcache\Redis',
            'memcache.locking' => '\OC\Memcache\Redis',
            'redis' => array(
            'host' => 'redis.database.svc.cluster.local',
            'port' => 26379,
            'password' => getenv('REDIS_HOST_PASSWORD')
            )
          );

      ##
      ## Extra environment variables
      extraEnv:
      - name: REDIS_HOST_PASSWORD
        valueFrom:
          secretKeyRef:
            name: nextcloud-secret
            key: redis_password 

      extraVolumes:
       - name: shared
         nfs:
          server: storage
          path: /mnt/Volume01/Shared
      extraVolumeMounts:
       - name: shared
         mountPath: "/shared"

    nginx:
      enabled: false

    internalDatabase:
      enabled: false

    externalDatabase:
      enabled: true

      type: postgresql

      host: postgres-postgresql-ha-pgpool.database:5432

      database: postgres

      existingSecret:
        enabled: true
        secretName: postgres-secret
        usernameKey: POSTGRES_USER
        passwordKey: POSTGRES_PASSWORD

    mariadb:
      enabled: false

    postgresql:
      enabled: false

    redis:
      enabled: false

    cronjob:
      enabled: true
      resources:
        limits:
          cpu: 100m
          memory: 100Mi
        requests:
         cpu: 100m
         memory: 100Mi

    service:
      type: ClusterIP
      port: 80

    persistence:
      # Nextcloud Data (/var/www/html)
      enabled: true
      storageClass: "rook-cephfs"
      accessMode: ReadWriteMany
      size: 8Gi

    resources:
      limits:
        cpu: 1000m
        memory: 1000Mi
      requests:
       cpu: 1000m
       memory: 1000Mi

    livenessProbe:
      enabled: true
      initialDelaySeconds: 10
      periodSeconds: 30
      timeoutSeconds: 5
      failureThreshold: 5
      successThreshold: 1
    readinessProbe:
      enabled: true
      initialDelaySeconds: 10
      periodSeconds: 10
      timeoutSeconds: 5
      failureThreshold: 3
      successThreshold: 1
    startupProbe:
      enabled: true
      initialDelaySeconds: 30
      periodSeconds: 10
      timeoutSeconds: 5
      failureThreshold: 180
      successThreshold: 1

    metrics:
      enabled: false

Additional context, if any

On the pgpool pods:

cat /opt/bitnami/pgpool/conf/pool_passwd
postgres:AESpassword
oc_ncadmin:AESpassword

As you can see oc_ncadmin is there

2fst4u commented 6 months ago

I should also add, when I am attempting to restart the install I am deleting all pods and deleting the data PVC entirely. The only place and data might still be stored is in the postgres pods right? But if it can't even connect then why would it be incrementing the user name? Could it be the pgpool pods?

2fst4u commented 6 months ago

I'm also quite confused about why ocncadmin is used as the user when I am specifying "postgres" as the database user in my secret. Can anyone explain where this oc username comes from?

The postgres user is being passed to the pod:

root@nextcloud-64c4ffb77d-vwws8:/var/www/html# printenv
POSTGRES_HOST=postgres-postgresql-ha-pgpool.database:5432
POSTGRES_PASSWORD=passwordhere
NEXTCLOUD_ADMIN_USER=ncadmin
POSTGRES_USER=postgres
POSTGRES_DB=postgres

2fst4u commented 6 months ago

Aha new information:

root@nextcloud-64c4ffb77d-vwws8:/var/www/html# cat config/config.php
...
'dbuser' => 'oc_ncadmin48',

So it's getting it from my config.php. But why when I'm injecting the username through the helm chart?

I'm not even sure if the postgres password in the config.php is correct at this point, it seems hashed or encrypted so I can't tell.

2fst4u commented 6 months ago

Changing externalDatabase.existingSecret.enabled back to false and removing the other existing secret lines injects the correct user, so something with the existing secret isn't working.

2fst4u commented 6 months ago

I thought I was onto something but I'm right back at square one. I decided to override the config.php with the following:

db.config.php: |-
          <?php
          $CONFIG = array (

            'dbtype' => 'pgsql',
            'dbname' => getenv('POSTGRES_DB'),
            'dbuser' => getenv('POSTGRES_USER'),
            'dbpassword' => getenv('POSTGRES_PASSWORD'),
            'dbhost' => getenv('POSTGRES_HOST'),
          );

And additional Envars:

      extraEnv:
      - name: POSTGRES_DB
        valueFrom:
          secretKeyRef:
            name: nextcloud-secret
            key: db-database
      - name: POSTGRES_PASSWORD
        valueFrom:
          secretKeyRef:
            name: nextcloud-secret
            key: db-password
      - name: POSTGRES_USER
        valueFrom:
          secretKeyRef:
            name: nextcloud-secret
            key: db-username
      - name: POSTGRES_HOST
        valueFrom:
          secretKeyRef:
            name: nextcloud-secret
            key: db-host

And edit the defaultConfigs: to:

        autoconfig.php: false

Which worked fine, my config.php now shows the following (relevant) values:

$CONFIG = array (
  'dbtype' => 'pgsql',
  'dbname' => 'postgres',
  'dbuser' => 'postgres',
  'dbpassword' => 'correctpasswordhere',
  'dbhost' => 'postgres-postgresql-ha-pgpool.database:5432',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
);

But when it starts and attempts to initialise I still get the following logs:

Initializing nextcloud 28.0.0.11 ...
New nextcloud instance
Installing with PostgreSQL database
=> Searching for scripts (*.sh) to run, located in the folder: /docker-entrypoint-hooks.d/pre-installation
Starting nextcloud installation
PostgreSQL username and/or password not valid
 -> You need to enter details of an existing account.
Trace: #0 /var/www/html/lib/private/Setup.php(356): OC\Setup\PostgreSQL->setupDatabase('ncadmin')
#1 /var/www/html/core/Command/Maintenance/Install.php(113): OC\Setup->install(Array, NULL)
#2 /var/www/html/3rdparty/symfony/console/Command/Command.php(298): OC\Core\Command\Maintenance\Install->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#3 /var/www/html/3rdparty/symfony/console/Application.php(1040): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#4 /var/www/html/3rdparty/symfony/console/Application.php(301): Symfony\Component\Console\Application->doRunCommand(Object(OC\Core\Command\Maintenance\Install), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#5 /var/www/html/3rdparty/symfony/console/Application.php(171): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#6 /var/www/html/lib/private/Console/Application.php(206): Symfony\Component\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#7 /var/www/html/console.php(100): OC\Console\Application->run()
#8 /var/www/html/occ(11): require_once('/var/www/html/c...')
#9 {main}

Previous: Doctrine\DBAL\Exception: Failed to connect to the database: An exception occurred in the driver: SQLSTATE[08006] [7] connection to server at "postgres-postgresql-ha-pgpool.database" (10.43.251.141), port 5432 failed: FATAL:  SCRAM authentication failed
DETAIL:  pool_passwd file does not contain an entry for "oc_ncadmin109"
Trace: #0 /var/www/html/lib/private/Setup/PostgreSQL.php(112): OC\DB\Connection->connect()
#1 /var/www/html/lib/private/Setup.php(356): OC\Setup\PostgreSQL->setupDatabase('ncadmin')
#2 /var/www/html/core/Command/Maintenance/Install.php(113): OC\Setup->install(Array, NULL)
#3 /var/www/html/3rdparty/symfony/console/Command/Command.php(298): OC\Core\Command\Maintenance\Install->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#4 /var/www/html/3rdparty/symfony/console/Application.php(1040): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#5 /var/www/html/3rdparty/symfony/console/Application.php(301): Symfony\Component\Console\Application->doRunCommand(Object(OC\Core\Command\Maintenance\Install), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#6 /var/www/html/3rdparty/symfony/console/Application.php(171): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#7 /var/www/html/lib/private/Console/Application.php(206): Symfony\Component\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#8 /var/www/html/console.php(100): OC\Console\Application->run()
#9 /var/www/html/occ(11): require_once('/var/www/html/c...')
#10 {main}

with a new oc_ncadmin user. I do note at the start it is actually saying setupDatabase('ncadmin') which it also was before, which is strange. Why is it not using my postgres user value now that it is correct in the config?

2fst4u commented 6 months ago

It seems Nextcloud just isn't compatible with pgpool. I've deleted this and can no longer troubleshoot further.

nextcloud / helm