TLDR; The security sever is unable to configure users and roles etc when using remote db.
I am using docker compose and here is my configuration.
version: "3.3"
services:
# other services
# ...
xroad-security-server:
image: niis/xroad-security-server-sidecar:7.2.2-ee
# restart: always
container_name: xroad-security-server
ports:
- 4000:4000
- 5588:5588
- 8443:8443
- 5500:5500
- 5577:5577
environment:
XROAD_TOKEN_PIN: ${XROAD_TOKEN_PIN}
XROAD_ADMIN_USER: ${XROAD_ADMIN_USER}
XROAD_ADMIN_PASSWORD: ${XROAD_ADMIN_PASSWORD}
XROAD_DB_HOST: xroad-postgres
XROAD_DB_PASSWORD: ${XROAD_DB_PASSWORD}
XROAD_LOG_LEVEL: INFO
depends_on:
- xroad-postgres
xroad-postgres:
image: postgres:12
restart: always
container_name: xroad-postgres
volumes:
- xroad-db-volume:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${XROAD_DB_PASSWORD}
volumes:
xroad-db-volume:
name: xroad-db-data
Environment variables in the compose config are provided in a separate .env file. After running docker compose up -d
, I checked the logs of both containers and saw the following errors.
2023-05-07T10:49:58+00:00 INFO [entrypoint] Starting X-Road Security Server version 7.2.2-1.ubuntu20.04
2023-05-07T10:49:58+00:00 INFO [entrypoint] Creating admin user with user-supplied credentials
2023-05-07T10:49:58+00:00 INFO [entrypoint] Generating new internal TLS key and certificate
Generating a RSA private key
...........+++++
.......................................................+++++
writing new private key to '/etc/xroad/ssl/internal.key'
-----
2023-05-07T10:49:59+00:00 INFO [entrypoint] Generating new SSL key and certificate for the admin UI
Generating a RSA private key
........................................................................................+++++
...............................+++++
writing new private key to '/etc/xroad/ssl/proxy-ui-api.key'
-----
2023-05-07T10:49:59+00:00 INFO [entrypoint] Creating serverconf database and properties file
2023-05-07T10:49:59+00:00 INFO [entrypoint] Using remote database xroad-postgres:5432
2023-05-07T10:49:59+00:00 INFO [entrypoint] Waiting for the database to become available...
2023-05-07T10:49:59+00:00 INFO [entrypoint] Reconfiguring packages
Configuring groups
psql: error: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
Creating database 'serverconf' on 'xroad-postgres:5432' failed, please check database availability and configuration in /etc/xroad/db.properties and /etc/xroad/xroad.properties
psql: error: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
Creating database 'messagelog' on 'xroad-postgres:5432' failed, please check database availability and configuration in /etc/xroad/db.properties and /etc/xroad/xroad.properties
psql: error: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
Creating database 'op-monitor' on 'xroad-postgres:5432' failed, please check database availability and configuration in /etc/xroad/db.properties and /etc/xroad/xroad.properties
2023-05-07 10:50:04,280 INFO Included extra file "/etc/supervisor/conf.d/xroad.conf" during parsing
2023-05-07 10:50:04,281 INFO Set uid to user 0 succeeded
2023-05-07 10:50:04,291 INFO RPC interface 'supervisor' initialized
2023-05-07 10:50:04,292 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2023-05-07 10:50:04,292 INFO supervisord started with pid 1
2023-05-07 10:49:59.816 UTC [129] FATAL: password authentication failed for user "root"
2023-05-07 10:49:59.816 UTC [129] DETAIL: Role "root" does not exist.
Connection matched pg_hba.conf line 99: "host all all all md5"
2023-05-07 10:50:01.534 UTC [130] FATAL: password authentication failed for user "serverconf"
2023-05-07 10:50:01.534 UTC [130] DETAIL: Role "serverconf" does not exist.
Connection matched pg_hba.conf line 99: "host all all all md5"
2023-05-07 10:50:02.543 UTC [131] FATAL: password authentication failed for user "messagelog"
2023-05-07 10:50:02.543 UTC [131] DETAIL: Role "messagelog" does not exist.
Connection matched pg_hba.conf line 99: "host all all all md5"
2023-05-07 10:50:03.526 UTC [132] FATAL: password authentication failed for user "opmonitor"
2023-05-07 10:50:03.526 UTC [132] DETAIL: Role "opmonitor" does not exist.
Connection matched pg_hba.conf line 99: "host all all all md5"
As per my understanding, security server should be able to use the remote db with the config above but it seems unable to do so. Am I missing something here?
Any input is appreciated because I can't move forward with security server installation until this is resolved. Thanks.