dcache icon indicating copy to clipboard operation
dcache copied to clipboard
verified publisher icon dCache

chimera shell does not work with chimerashell.db.password.file

Open rptaylor opened this issue 4 years ago • 4 comments

Hello,

I have chimera.db.password.file = /etc/dcache/admin/chimera.pgpass in my layout file (and chimera.db.name, chimera.db.user are also defined). The chimera, pnfsmanager, cleaner etc. services all work fine.

After #2928 , the cleaner can use a password file too so I am trying to fully remove passwords from the config files (using dcache 5.2.41).

However chimera shell can not start. I am running as the dcache user to make sure I have read access to the /etc/dcache/admin/chimera.pgpass file.

$ chimera
ERROR - HikariPool-1 - Exception during pool initialization.
org.postgresql.util.PSQLException: FATAL: password authentication failed for user "chimera"
	at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:514)
	at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:141)
	at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
	at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
	at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
	at org.postgresql.Driver.makeConnection(Driver.java:454)
	at org.postgresql.Driver.connect(Driver.java:256)
	at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:117)
	at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:123)
	at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:375)
	at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:204)
	at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:459)
	at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:533)
	at com.zaxxer.hikari.pool.HikariPool.<init>(HikariPool.java:114)
	at com.zaxxer.hikari.HikariDataSource.<init>(HikariDataSource.java:72)
	at org.dcache.chimera.FsFactory.getDataSource(FsFactory.java:53)
	at org.dcache.chimera.FsFactory.createFileSystem(FsFactory.java:33)
	at org.dcache.chimera.cli.Shell.<init>(Shell.java:105)
	at org.dcache.chimera.cli.Shell.main(Shell.java:97)
Exception in thread "main" com.zaxxer.hikari.pool.HikariPool$PoolInitializationException: Failed to initialize pool: FATAL: password authentication failed for user "chimera"
	at com.zaxxer.hikari.pool.HikariPool.throwPoolInitializationException(HikariPool.java:568)
	at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:554)
	at com.zaxxer.hikari.pool.HikariPool.<init>(HikariPool.java:114)
	at com.zaxxer.hikari.HikariDataSource.<init>(HikariDataSource.java:72)
	at org.dcache.chimera.FsFactory.getDataSource(FsFactory.java:53)
	at org.dcache.chimera.FsFactory.createFileSystem(FsFactory.java:33)
	at org.dcache.chimera.cli.Shell.<init>(Shell.java:105)
	at org.dcache.chimera.cli.Shell.main(Shell.java:97)
Caused by: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "chimera"
	at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:514)
	at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:141)
	at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
	at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
	at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
	at org.postgresql.Driver.makeConnection(Driver.java:454)
	at org.postgresql.Driver.connect(Driver.java:256)
	at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:117)
	at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:123)
	at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:375)
	at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:204)
	at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:459)
	at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:533)
	... 6 more

I see in /usr/share/dcache/defaults/chimerashell.properties

chimerashell.db.password.file = ${chimera.db.password.file}

implying that this should work and that the same configuration syntax (like a pgpass file) that works for chimera should also work for chimera shell.

It seems that chimera shell is unable to correctly read or use the configured chimerashell.db.password.file . It works only if I set chimerashell.db.password in the layout file.

rptaylor avatar May 07 '21 20:05 rptaylor

Duplicate of https://rt.dcache.org/Ticket/Display.html?id=10130

kofemann avatar May 10 '21 09:05 kofemann

Has there been any update on that internal RT? I can't see it.

rptaylor avatar Nov 22 '23 23:11 rptaylor

Hi @rptaylor. I am pretty sure that the issue has been solved in commit c262f5491d07880b541f11d0b5edf8265d105854 and is available starting from 7.1.10

kofemann avatar Nov 23 '23 15:11 kofemann

Indeed. But I did notice last week that the dcache command isn't dcache.db.password.file aware. At least the "dcache database update" command isn't. I need to write a ticket about that.

nsc-jens avatar Nov 23 '23 16:11 nsc-jens