-
Bug
-
Resolution: Fixed
-
Low
-
None
-
master
-
None
-
Minor
-
S
Issue Summary
'&' parameters are not taking effect for Synchrony JDBC URL as:
- Helm Chart needs the JDBC URL defined with &
- This will correctly configure the JDBC URL in confluence.cfg.xml which needs to have &
- However, this breaks Synchrony JDBC URL as Synchrony expects & instead of &
- This will correctly configure the JDBC URL in confluence.cfg.xml which needs to have &
This is reproducible on Data Center: yes
Steps to Reproduce
- Deploy Postgres with SSL enabled
helm install postgres bitnami/postgresql --set image.tag=14 --set global.postgresql.auth.postgresPassword=password --set tls.enabled=true --set tls.autoGenerated=true
- Use this for Confluence JDBC URL
database: url: jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key
- Deploy Confluence with Synchrony enabled
Expected Results
- Confluence can connect to the Postgres SSL database
- Synchrony can connect to the Postgres SSL database
- Synchrony logs should show JDBC URL as:
... jdbcUrl -> jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key ...
- Synchrony logs should show JDBC URL as:
As you can see from a non-Kubernetes Confluence DC deployment:
<property name="hibernate.connection.url">jdbc:postgresql://localhost:5432/conf859?sslmode=disable&sslrootcert=/Users/ubuntu/k8s/root.crt</property>
and the Confluence deployed atlassian-synchrony.log will show:
jdbcUrl -> jdbc:postgresql://localhost:5432/conf859?sslmode=disable&sslrootcert=/Users/ubuntu/k8s/root.crt
as Confluence code base does the transformation of the & -> just & before it's passed to Managed Synchrony
Actual Results
- Confluence can connect to the Postgres SSL database
- Synchrony can not connect to the Postgres SSL database
The below exception is thrown in the atlassian-synchrony.log file:
... jdbcUrl -> jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key ...
Caused by: java.io.FileNotFoundException: /root/.postgresql/root.crt (No such file or directory) at java.base/java.io.FileInputStream.open0(Native Method) at java.base/java.io.FileInputStream.open(FileInputStream.java:216) at java.base/java.io.FileInputStream.<init>(FileInputStream.java:157) at java.base/java.io.FileInputStream.<init>(FileInputStream.java:111) at org.postgresql.ssl.LibPQFactory.<init>(LibPQFactory.java:148) ... 18 more
i.e. the & parameters did not appear to take effect in Synchrony process
Workaround 1
Clone the Atlassian Data Center Helm Chart github repo and update only the Synchrony section as follows in:
- data-center-helm-charts/src/main/charts/confluence/templates/_helpers.tpl
- SYNCHRONY_DATABASE_URL
with & transformed to just &
{{- define "synchrony.databaseEnvVars" -}}
{{ with .Values.database.url }}
- name: SYNCHRONY_DATABASE_URL
value: {{ . | quote }}
{{ end }}
{{- define "synchrony.databaseEnvVars" -}}
{{ with .Values.database.url }}
- name: SYNCHRONY_DATABASE_URL
value: {{ . | replace "&" "&" | quote }}
{{ end }}
Workaround 2
- With the Helm Chart JDBC URL containing &, e.g.
url: jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key
- Scale the Confluence Cluster to the max desired pod count so every pod has confluence.cfg.xml already created.
- Now, update the Helm Chart JDBC URL without the &, e.g.
url: jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key
- Re-deploy the Helm Chart
- Synchrony pods should pick up the correct JDBC params without &
- Existing Confluence pods should use the already created confluence.cfg.xml with &
Note that any new Confluence pods would fail until the JDBC string in the Helm Chart JDBC is corrected back with &
- Synchrony pods should pick up the correct JDBC params without &
- mentioned in
-
Page Failed to load
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[SCALE-137] '&' parameters are not taking effect for Synchrony JDBC URL
After https://bitbucket.org/atlassian-docker/docker-atlassian-confluence-server/pull-requests/178 has been merged & is replaced with & in confluence.cfg.xml, so it is possible to have `&` in `database.url` in helm values (which will work for both Confluence because of the replacement and Synchrony).
https://github.com/atlassian/data-center-helm-charts/pull/866 will be available in 1.21.1 and it essentially doing the same thing:
- "&" is replaced with "&" for Confluence
- "&" is replaced with "&" for Synchrony
This way, customers can have either & or & in their jdbc url and images entrypoint and Helm will take care of the rest.
- https://github.com/atlassian/data-center-helm-charts/pull/866 (replace & with & for Confluence and vice versa for Synchrony (in helm charts))
- https://bitbucket.org/atlassian-docker/docker-atlassian-confluence-server/pull-requests/178 (& -> & in Jinja template).
Replacement in docker image alone should be fine, but it's better to do that both in the image entrypoint and helm chart.
Did you check the actual jdbc url in cfg.xml and in env var for Synchrony pod?