-
Bug
-
Resolution: Fixed
-
Low
-
None
-
master
-
None
-
Minor
-
S
Issue Summary
'&' parameters are not taking effect for Synchrony JDBC URL as:
- Helm Chart needs the JDBC URL defined with &
- This will correctly configure the JDBC URL in confluence.cfg.xml which needs to have &
- However, this breaks Synchrony JDBC URL as Synchrony expects & instead of &
- This will correctly configure the JDBC URL in confluence.cfg.xml which needs to have &
This is reproducible on Data Center: yes
Steps to Reproduce
- Deploy Postgres with SSL enabled
helm install postgres bitnami/postgresql --set image.tag=14 --set global.postgresql.auth.postgresPassword=password --set tls.enabled=true --set tls.autoGenerated=true
- Use this for Confluence JDBC URL
database: url: jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key
- Deploy Confluence with Synchrony enabled
Expected Results
- Confluence can connect to the Postgres SSL database
- Synchrony can connect to the Postgres SSL database
- Synchrony logs should show JDBC URL as:
... jdbcUrl -> jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key ...
- Synchrony logs should show JDBC URL as:
As you can see from a non-Kubernetes Confluence DC deployment:
confluence.cfg.xml
<property name="hibernate.connection.url">jdbc:postgresql://localhost:5432/conf859?sslmode=disable&sslrootcert=/Users/ubuntu/k8s/root.crt</property>
and the Confluence deployed atlassian-synchrony.log will show:
jdbcUrl -> jdbc:postgresql://localhost:5432/conf859?sslmode=disable&sslrootcert=/Users/ubuntu/k8s/root.crt
as Confluence code base does the transformation of the & -> just & before it's passed to Managed Synchrony
Actual Results
- Confluence can connect to the Postgres SSL database
- Synchrony can not connect to the Postgres SSL database
The below exception is thrown in the atlassian-synchrony.log file:
JDBC URL picked up
... jdbcUrl -> jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key ...
Caused by: java.io.FileNotFoundException: /root/.postgresql/root.crt (No such file or directory) at java.base/java.io.FileInputStream.open0(Native Method) at java.base/java.io.FileInputStream.open(FileInputStream.java:216) at java.base/java.io.FileInputStream.<init>(FileInputStream.java:157) at java.base/java.io.FileInputStream.<init>(FileInputStream.java:111) at org.postgresql.ssl.LibPQFactory.<init>(LibPQFactory.java:148) ... 18 more
i.e. the & parameters did not appear to take effect in Synchrony process
Workaround 1
Clone the Atlassian Data Center Helm Chart github repo and update only the Synchrony section as follows in:
- data-center-helm-charts/src/main/charts/confluence/templates/_helpers.tpl
- SYNCHRONY_DATABASE_URL
with & transformed to just &
FROM
{{- define "synchrony.databaseEnvVars" -}} {{ with .Values.database.url }} - name: SYNCHRONY_DATABASE_URL value: {{ . | quote }} {{ end }}
TO
{{- define "synchrony.databaseEnvVars" -}} {{ with .Values.database.url }} - name: SYNCHRONY_DATABASE_URL value: {{ . | replace "&" "&" | quote }} {{ end }}
Workaround 2
- With the Helm Chart JDBC URL containing &, e.g.
url: jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key
- Scale the Confluence Cluster to the max desired pod count so every pod has confluence.cfg.xml already created.
- Now, update the Helm Chart JDBC URL without the &, e.g.
url: jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key
- Re-deploy the Helm Chart
- Synchrony pods should pick up the correct JDBC params without &
- Existing Confluence pods should use the already created confluence.cfg.xml with &
Note that any new Confluence pods would fail until the JDBC string in the Helm Chart JDBC is corrected back with &
- Synchrony pods should pick up the correct JDBC params without &
- mentioned in
-
Page Loading...