Uploaded image for project: 'Server Deployments and Scale'
  1. Server Deployments and Scale
  2. SCALE-137

'&amp' parameters are not taking effect for Synchrony JDBC URL

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • None
    • master
    • None
    • Minor
    • S

      Issue Summary

      '&' parameters are not taking effect for Synchrony JDBC URL as:

      • Helm Chart needs the JDBC URL defined with &
        • This will correctly configure the JDBC URL in confluence.cfg.xml which needs to have &
        • However, this breaks Synchrony JDBC URL as Synchrony expects & instead of &

      This is reproducible on Data Center: yes

      Steps to Reproduce

      1. Deploy Postgres with SSL enabled
        helm install postgres bitnami/postgresql --set image.tag=14 --set global.postgresql.auth.postgresPassword=password --set tls.enabled=true --set tls.autoGenerated=true
        
      2. Use this for Confluence JDBC URL
        database:
          url: jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key
        
      3. Deploy Confluence with Synchrony enabled

      Expected Results

      • Confluence can connect to the Postgres SSL database
      • Synchrony can connect to the Postgres SSL database
        • Synchrony logs should show JDBC URL as:
          ... jdbcUrl -> jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key ...
          

      As you can see from a non-Kubernetes Confluence DC deployment:

      confluence.cfg.xml
          <property name="hibernate.connection.url">jdbc:postgresql://localhost:5432/conf859?sslmode=disable&amp;sslrootcert=/Users/ubuntu/k8s/root.crt</property>
      

      and the Confluence deployed atlassian-synchrony.log will show:

      jdbcUrl -> jdbc:postgresql://localhost:5432/conf859?sslmode=disable&sslrootcert=/Users/ubuntu/k8s/root.crt
      

      as Confluence code base does the transformation of the &amp; -> just & before it's passed to Managed Synchrony

      Actual Results

      • Confluence can connect to the Postgres SSL database
      • Synchrony can not connect to the Postgres SSL database

      The below exception is thrown in the atlassian-synchrony.log file:

      JDBC URL picked up
      ... jdbcUrl -> jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&amp;sslrootcert=/var/ssl/root.crt&amp;sslcert=/var/ssl/server.crt&amp;sslkey=/var/ssl/server.key ...
      
      Caused by: java.io.FileNotFoundException: /root/.postgresql/root.crt (No such file or directory)
      	at java.base/java.io.FileInputStream.open0(Native Method)
      	at java.base/java.io.FileInputStream.open(FileInputStream.java:216)
      	at java.base/java.io.FileInputStream.<init>(FileInputStream.java:157)
      	at java.base/java.io.FileInputStream.<init>(FileInputStream.java:111)
      	at org.postgresql.ssl.LibPQFactory.<init>(LibPQFactory.java:148)
      	... 18 more
      

      i.e. the &amp; parameters did not appear to take effect in Synchrony process

      Workaround 1

      Clone the Atlassian Data Center Helm Chart github repo and update only the Synchrony section as follows in:

      • data-center-helm-charts/src/main/charts/confluence/templates/_helpers.tpl
      • SYNCHRONY_DATABASE_URL

      with &amp; transformed to just &

      FROM
      {{- define "synchrony.databaseEnvVars" -}}
      {{ with .Values.database.url }}
      - name: SYNCHRONY_DATABASE_URL
        value: {{ . | quote }}
      {{ end }}
      
      TO
      {{- define "synchrony.databaseEnvVars" -}}
      {{ with .Values.database.url }}
      - name: SYNCHRONY_DATABASE_URL
        value: {{ . | replace "&amp;" "&" | quote }}
      {{ end }}
      

      Workaround 2

      1. With the Helm Chart JDBC URL containing &amp;, e.g.
        url: jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&amp;sslrootcert=/var/ssl/root.crt&amp;sslcert=/var/ssl/server.crt&amp;sslkey=/var/ssl/server.key
        
        • Scale the Confluence Cluster to the max desired pod count so every pod has confluence.cfg.xml already created.
      2. Now, update the Helm Chart JDBC URL without the &amp;, e.g.
        url: jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key
        
      3. Re-deploy the Helm Chart
        • Synchrony pods should pick up the correct JDBC params without &amp;
        • Existing Confluence pods should use the already created confluence.cfg.xml with &amp;
        • Note that any new Confluence pods would fail until the JDBC string in the Helm Chart JDBC is corrected back with &amp;

              c64f33b2bce3 Yevhen
              hlam@atlassian.com Eric Lam
              Affected customers:
              0 This affects my team
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: