Zabbix-server won't install with postgres-15 #928
Comments
|
when you've set that you've applied the initial schema but zabbix said that |
|
the role applied, I did nothing by hand |
|
Please provide all the variables you passed to the role. |
|
|
The role will not create database what are you trying to achieve? and how? what is your scenario? |
|
Also we have not tested 6.4 yet |
Nevermind, I missed #937 |
|
the database is obviously created by another role, how would it appy schema if no database existed? |
|
the same variable set installs the server on posgtes14 successfully |
|
is it all-in-one (web-server-db on the same host) set up? |
|
all-in-one, yes. |
|
Any update @badfiles ? |
pyrodie18
added
bug
|
I advise against testing multiple versions of databases. This collection should not solve everything for everyone, just some LTS release of postgres/mysql should be fine |
|
So trying to do some testing on this and I run into problems. When I run molecule and just update the DB version in the prepare script to 15, I error out on the "Create Schema" task. It looks like something changed with 15 because zabbix-server password doesn't work even after the user is created. If modify the Create User task to get rid of the MD5 and just pass the plaintext password, then that password works. However, even when I do that and continue testing I get something really weird. The Create Schema task runs but it seems like it skips ahead a few tasks (see below) |
|
Hi, TASK [community.zabbix.zabbix_server : PostgreSQL | Create schema] *************
fatal: [zabbix-server]: FAILED! => {"changed": true, "cmd": "set -euxo pipefail\nFILE=server.sql\ncd /usr/share/zabbix-sql-scripts/postgresql\nif [ -f ${FILE}.gz ]\n then zcat ${FILE}.gz > /tmp/create.sql\nelse\n cp ${FILE} /tmp/create.sql\nfi\ncat /tmp/create.sql | psql -h 'localhost' -U 'zabbix-server' -d 'zabbix-server' -p '5432'\ntouch /etc/zabbix/schema.done\nrm -f /tmp/create.sql\n", "delta": "0:00:00.183380", "end": "2023-09-14 14:29:18.268812", "msg": "non-zero return code", "rc": 2, "start": "2023-09-14 14:29:18.085432", "stderr": "+ FILE=server.sql\n+ cd /usr/share/zabbix-sql-scripts/postgresql\n+ '[' -f server.sql.gz ']'\n+ zcat server.sql.gz\n+ cat /tmp/create.sql\n+ psql -h localhost -U zabbix-server -d zabbix-server -p 5432\npsql: error: connection to server at \"localhost\" (127.0.0.1), port 5432 failed: FATAL: password authentication failed for user \"zabbix-server\"\nconnection to server at \"localhost\" (127.0.0.1), port 5432 failed: FATAL: password authentication failed for user \"zabbix-server\"", "stderr_lines": ["+ FILE=server.sql", "+ cd /usr/share/zabbix-sql-scripts/postgresql", "+ '[' -f server.sql.gz ']'", "+ zcat server.sql.gz", "+ cat /tmp/create.sql", "+ psql -h localhost -U zabbix-server -d zabbix-server -p 5432", "psql: error: connection to server at \"localhost\" (127.0.0.1), port 5432 failed: FATAL: password authentication failed for user \"zabbix-server\"", "connection to server at \"localhost\" (127.0.0.1), port 5432 failed: FATAL: password authentication failed for user \"zabbix-server\""], "stdout": "", "stdout_lines": []}We believe this is due to the permission changes of version 15 (https://www.postgresql.org/docs/release/15.0/) so we implemented a rough fix for our case (by copying part of the role and running it beforehand) following this: https://www.cybertec-postgresql.com/en/error-permission-denied-schema-public/ - name: "PostgreSQL | Delegated"
become: true
become_user: postgres
delegate_to: "{{ delegated_dbhost }}"
when:
- zabbix_server_database_creation
- zabbix_server_pgsql_login_host is not defined
block:
- name: "PostgreSQL | Delegated | Create database"
community.postgresql.postgresql_db:
name: "{{ zabbix_server_dbname }}"
port: "{{ zabbix_server_dbport }}"
state: present
notify: Restart PostgreSQL
- name: "PostgreSQL | Delegated | Create database user"
community.postgresql.postgresql_user:
db: "{{ zabbix_server_dbname }}"
name: "{{ zabbix_server_dbuser }}"
password: "md5{{ (zabbix_server_dbpassword + zabbix_server_dbuser) | hash('md5') }}"
port: "{{ zabbix_server_dbport }}"
priv: ALL
state: present
encrypted: true
notify: Restart PostgreSQL
- name: "PostgreSQL | Delegated | Create timescaledb extension"
community.postgresql.postgresql_ext:
db: "{{ zabbix_server_dbname }}"
name: timescaledb
when: zabbix_server_database_timescaledb
notify: Restart PostgreSQL
# This is the fix!
- name: "Fix Permissions for public schema of zabbix-db user on zabbix-database"
community.postgresql.postgresql_privs:
db: "{{ zabbix_server_dbname }}"
privs: ALL
type: schema
objs: public
role: "{{ zabbix_server_dbuser }}"
notify: Restart PostgreSQLWe also edited a little the hba entries of Postgres (unsure if that is required for the fix to work): - name: Install PostgreSQL
ansible.builtin.include_role:
name: geerlingguy.postgresql
vars:
postgresql_hba_entries:
- { type: local, database: all, user: postgres, auth_method: peer }
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
- { type: local, database: all, user: zabbix-server, auth_method: md5 }
# - { type: local, database: all, user: all, auth_method: peer }Hope this extra information helps |
Saved my day. Same issue Debian 12, Postgres 15. THX. |
|
Another option would be to make zabbix-server an owner of zabbix-server database. So I added, also created the user in the same way for #1074. and further, copied the zabbix_server role and modified zabbix_server/tasks/postgresql.yml and commented out password field from create database user which was forcing md5 (so would keep the default scram-sha-256 hash from the previous user creation). With these changes, I can login to zabbix web. |
|
Can fix from @loricvdt be implemented into collection please ? So it can be used with psql 15 and higher |
|
@chladic there is not currently a PR in for this. If you'd like to create way it would be greatly appreciated and we can take a look at it. |
Coming up in community.postgresql 4.0.0 using priv with the postgresql_user be removed, and we are encouraged already now to start using the postgresql_privs module. This works atleast down to community.postgresql 2.0.0, possibly lower. Seems like a good time to pin a minimum requirement for this dependency. This should also take care of some outstanding issues with installing on postgres-15 (ansible-collections#928)
Coming up in community.postgresql 4.0.0 using priv with the postgresql_user be removed, and we are encouraged already now to start using the postgresql_privs module. This works atleast down to community.postgresql 2.0.0, possibly lower. Seems like a good time to pin a minimum requirement for this dependency. This should also take care of some outstanding issues with installing on postgres-15 (ansible-collections#928)
Coming up in community.postgresql 4.0.0 using priv with the postgresql_user be removed, and we are encouraged already now to start using the postgresql_privs module. This should also take care of some outstanding issues with installing on postgres-15 (ansible-collections#928)
* Don't set empty defaults Empty defaults just create problems with common ansible conventions, and is generally not a good practice. * pgsql: Split out permissions Coming up in community.postgresql 4.0.0 using priv with the postgresql_user be removed, and we are encouraged already now to start using the postgresql_privs module. This should also take care of some outstanding issues with installing on postgres-15 (#928) * mysql: quality of life improvements Much like the postgres user has carte blanche access to postgresql database, the root user has to mysql databases over the mysql.sock. We can use become when zabbix_server_dbhost_run_install: true in a similar fashion. Provide the default port for database servers. This could have been an if-statement, I just don't like the "looseness" of the else part. So I opted for a lookup-table. * molecule: remove legacy options for tests There's no testing against python2 anymore, nor zabbix-5.0. So lets lighten the load by removing this baggage.
After initial schema applied server won't start
The text was updated successfully, but these errors were encountered: