Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-19521

ENCRYPTED_PROPERTY_CIPHER_CLASSNAME is not supported on Docker image

XMLWordPrintable

      Issue Summary

      As per jdbc.password.decrypter.classname, this is deprecated in favour of the global encrypted-property.cipher.classname property. However, starting Bitbucket on Docker with encrypted-property.cipher.classname property will result in a database connection error.

      Note: The documented and tested configuration for Docker is to use the older property which is jdbc.password.decrypter.classname:

      services:
  bitbucket:
    image: atlassian/bitbucket:8.18.1
    volumes:
      - "bitbucketVolume8.18.1:/var/atlassian/application-data/bitbucket"
    network_mode: bridge
    ports:
      - "7990:7990"
      - "7999:7999"
    environment: 
      - "JDBC_DRIVER=org.postgresql.Driver"
      - "JDBC_URL=jdbc:postgresql://172.17.0.2:5432/bb8-18-1"
      - "JDBC_USER=postgres"
      - "JDBC_PASSWORD=cG9zdGdyZXM="
      - "JDBC_PASSWORD_DECRYPTER_CLASSNAME=com.atlassian.secrets.store.base64.Base64SecretStore"

volumes:
  bitbucketVolume8.18.1:
      1. This is documented in JDBC password encryption.
      2. This will start Bitbucket as usual. However, there will be a WARN log message which can be safely ignored: 
        2024-07-09 23:53:17,589 WARN  [spring-startup]  c.a.s.i.l.JdbcLicenseRetrievalDao The 'jdbc.password.decrypter.classname' property has been deprecated. Use the 'encrypted-property.cipher.classname' property instead.
2024-07-09 23:53:17,589 INFO  [spring-startup]  c.a.s.DefaultSecretStoreProvider Initiating secret store class: com.atlassian.secrets.store.base64.Base64SecretStore
2024-07-09 23:53:17,589 INFO  [spring-startup]  c.a.s.DefaultSecretStoreProvider Initiated secret store class: Base64SecretStore
2024-07-09 23:53:17,991 INFO  [spring-startup]  c.a.s.DefaultSecretStoreProvider Initiating secret store class: com.atlassian.secrets.store.base64.Base64SecretStore
2024-07-09 23:53:17,992 INFO  [spring-startup]  c.a.s.DefaultSecretStoreProvider Initiated secret store class: Base64SecretStore
      3. Users coming from reading the content under Bitbucket 8.18 - Basic encryption would be confused because it's documented to use the new property.

      This is reproducible on Data Center: yes

      Steps to Reproduce

      Example of a docker-compose file:

      services:
  bitbucket:
    image: atlassian/bitbucket:8.18.1
    volumes:
      - "bitbucketVolume8.18.1:/var/atlassian/application-data/bitbucket"
    network_mode: bridge
    ports:
      - "7990:7990"
      - "7999:7999"
    environment: 
      - "JDBC_DRIVER=org.postgresql.Driver"
      - "JDBC_URL=jdbc:postgresql://172.17.0.2:5432/bb8-18-1"
      - "JDBC_USER=postgres"
      - "JDBC_PASSWORD={ENC}cG9zdGdyZXM="
      - "ENCRYPTED_PROPERTY_CIPHER_CLASSNAME=com.atlassian.secrets.store.base64.Base64SecretStore"

volumes:
  bitbucketVolume8.18.1:

      Expected Results

      Bitbucket is able to communicate with the database as usual.

      Actual Results

      Bitbucket fails to be started. The below exception is thrown in the atlassian-bitbucket.log file:

      2024-07-10 02:16:38,820 ERROR [spring-startup]  c.a.j.s.w.s.JohnsonDispatcherServlet SpringMVC dispatcher [springMvc] could not be started
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'licenseValidator' defined in class path resource [critical-context.xml]: Invocation of init method failed; nested exception is org.springframework.dao.DataAccessResourceFailureException: Unable to retrieve license details from the database: ; nested exception is org.postgresql.util.PSQLException: FATAL: password authentication failed for user "postgres"
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1804)
	at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:171)
 	at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:756)
 	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:572)
 	at javax.servlet.GenericServlet.init(GenericServlet.java:143)
 	at java.base/java.lang.Thread.run(Thread.java:840)
 	... 22 frames trimmed
Caused by: org.springframework.dao.DataAccessResourceFailureException: Unable to retrieve license details from the database: ; nested exception is org.postgresql.util.PSQLException: FATAL: password authentication failed for user "postgres"
 	at com.atlassian.stash.internal.license.JdbcLicenseRetrievalDao.getLicense(JdbcLicenseRetrievalDao.java:53)
 	at com.atlassian.stash.internal.server.LicenseValidator.validate(LicenseValidator.java:49)
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 	... 6 common frames omitted
Caused by: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "postgres"
 	at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:693)
 	at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:203)
 	at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:258)
 	at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:54)
 	at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:263)
 	at org.postgresql.Driver.makeConnection(Driver.java:443)
 	at org.postgresql.Driver.connect(Driver.java:297)
 	at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:681)
 	at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:229)
 	at com.atlassian.stash.internal.license.JdbcLicenseRetrievalDao.getDatabaseConnection(JdbcLicenseRetrievalDao.java:81)
 	at com.atlassian.stash.internal.license.JdbcLicenseRetrievalDao.getLicense(JdbcLicenseRetrievalDao.java:46)
 	... 10 common frames omitted

      Workaround

      If you would like to use the new property, encrypted-property.cipher.classname:

      1. Move all the configuration to the bitbucket-home/shared/bitbucket.properties file. Don't use the enviroment variable within the Docker container.
        OR
      2. Add the jdbc.password={ENC}cG9zdGdyZXM= into the bitbucket-home/shared/bitbucket.properties file. The rest can stay as environment variables as it is: 
        services:
  bitbucket:
    image: atlassian/bitbucket:8.18.1
    volumes:
      - "bitbucketVolume8.18.1:/var/atlassian/application-data/bitbucket"
    network_mode: bridge
    ports:
      - "7990:7990"
      - "7999:7999"
    environment: 
      - "JDBC_DRIVER=org.postgresql.Driver"
      - "JDBC_URL=jdbc:postgresql://172.17.0.2:5432/bb8-18-1"
      - "JDBC_USER=postgres"
      - "ENCRYPTED_PROPERTY_CIPHER_CLASSNAME=com.atlassian.secrets.store.base64.Base64SecretStore"

volumes:
  bitbucketVolume8.18.1:

              74d6667aa35c Josh Aguilar
              mmuthusamy Moga
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: