Chef-server-ctl reconfigure failing for external postgresql aws rds

Chef Infra (archive)
1

I am facing issues while setup chefserver with external postgresql (aws rds).

I am using the postgres attributes setting in /etc/opscode/chef-server.rb as documented in this url
https://docs.chef.io/release/server_12-2/release_notes.html#external-postgresql and ran the ‘chef-server-ctl reconfigure’ which failed with errors, and also I got errors on rds log, which looks some thing is missing while setting up the postgresql or chef-server.rb

My question is here, does rds postgresql requires any specific ‘postgresql version’ and any specific database which authenticate to pg user ?

Can you please help me to setting up chefserver using external postgresql on rds.

text: background:
2016-01-28 11:04:26 UTC::@:[3254]:LOG: checkpoint starting: time
2016-01-28 11:04:26 UTC::@:[3254]:LOG: checkpoint complete: wrote 1 buffers (0.0%); 0 transaction log file(s) added, 0 removed, 1 recycled; write=0.000 s, sync=0.002 s, total=0.011 s; sync files=1, longest=0.002 s, average=0.002 s
2016-01-28 11:09:26 UTC::@:[3254]:LOG: checkpoint starting: time
2016-01-28 11:09:26 UTC::@:[3254]:LOG: checkpoint complete: wrote 1 buffers (0.0%); 0 transaction log file(s) added, 0 removed, 1 recycled; write=0.000 s, sync=0.004 s, total=0.012 s; sync files=1, longest=0.004 s, average=0.004 s
2016-01-28 11:14:26 UTC::@:[3254]:LOG: checkpoint starting: time
2016-01-28 11:14:26 UTC::@:[3254]:LOG: checkpoint complete: wrote 1 buffers (0.0%); 0 transaction log file(s) added, 0 removed, 1 recycled; write=0.000 s, sync=0.002 s, total=0.011 s; sync files=1, longest=0.002 s, average=0.002 s
2016-01-28 11:19:26 UTC::@:[3254]:LOG: checkpoint starting: time
2016-01-28 11:19:27 UTC::@:[3254]:LOG: checkpoint complete: wrote 3 buffers (0.0%); 0 transaction log file(s) added, 0 removed, 1 recycled; write=0.205 s, sync=0.004 s, total=0.218 s; sync files=3, longest=0.004 s, average=0.001 s
2016-01-28 11:24:26 UTC::@:[3254]:LOG: checkpoint starting: time
2016-01-28 11:24:26 UTC::@:[3254]:LOG: checkpoint complete: wrote 5 buffers (0.0%); 0 transaction log file(s) added, 0 removed, 1 recycled; write=0.403 s, sync=0.004 s, total=0.415 s; sync files=5, longest=0.004 s, average=0.000 s
2016-01-28 11:29:26 UTC::@:[3254]:LOG: checkpoint starting: time
2016-01-28 11:29:26 UTC::@:[3254]:LOG: checkpoint complete: wrote 2 buffers (0.0%); 0 transaction log file(s) added, 0 removed, 1 recycled; write=0.101 s, sync=0.003 s, total=0.112 s; sync files=2, longest=0.003 s, average=0.001 s
2016-01-28 11:34:26 UTC::@:[3254]:LOG: checkpoint starting: time
2016-01-28 11:34:26 UTC::@:[3254]:LOG: checkpoint complete: wrote 1 buffers (0.0%); 0 transaction log file(s) added, 0 removed, 1 recycled; write=0.000 s, sync=0.002 s, total=0.010 s; sync files=1, longest=0.002 s, average=0.002 s
2016-01-28 11:39:26 UTC::@:[3254]:LOG: checkpoint starting: time
2016-01-28 11:39:26 UTC::@:[3254]:LOG: checkpoint complete: wrote 1 buffers (0.0%); 0 transaction log file(s) added, 0 removed, 1 recycled; write=0.000 s, sync=0.002 s, total=0.010 s; sync files=1, longest=0.002 s, average=0.002 s
2016-01-28 11:42:13 UTC:10.100.27.187(43413):chef_server_conn_test@template1:[24362]:FATAL: password authentication failed for user "chef_server_conn_test"
2016-01-28 11:42:13 UTC:10.100.27.187(43413):chef_server_conn_test@template1:[24362]:DETAIL: Connection matched pg_hba.conf line 13: "host all all 0.0.0.0/0 md5"
2016-01-28 11:42:13 UTC:10.100.27.187(43414):chef_server_conn_test@template1:[24363]:FATAL: password authentication failed for user "chef_server_conn_test"
2016-01-28 11:42:13 UTC:10.100.27.187(43414):chef_server_conn_test@template1:[24363]:DETAIL: Connection matched pg_hba.conf line 13: "host all all 0.0.0.0/0 md5"
2016-01-28 11:44:26 UTC::@:[3254]:LOG: checkpoint starting: time
2016-01-28 11:44:26 UTC::@:[3254]:LOG: checkpoint complete: wrote 1 buffers (0.0%); 0 transaction log file(s) added, 0 removed, 1 recycled; write=0.000 s, sync=0.003 s, total=0.011 s; sync files=1, longest=0.003 s, average=0.003 s
2016-01-28 11:48:44 UTC:10.100.27.239(38580):chef_server_conn_test@template1:[25331]:FATAL: password authentication failed for user "chef_server_conn_test"
2016-01-28 11:48:44 UTC:10.100.27.239(38580):chef_server_conn_test@template1:[25331]:DETAIL: Connection matched pg_hba.conf line 13: "host all all 0.0.0.0/0 md5"
2016-01-28 11:48:44 UTC:10.100.27.239(38581):chef_server_conn_test@template1:[25332]:FATAL: password authentication failed for user "chef_server_conn_test"
2016-01-28 11:48:44 UTC:10.100.27.239(38581):chef_server_conn_test@template1:[25332]:DETAIL: Connection matched pg_hba.conf line 13: "host all all 0.0.0.0/0 md5"
2016-01-28 11:49:26 UTC::@:[3254]:LOG: checkpoint starting: time
2016-01-28 11:49:26 UTC::@:[3254]:LOG: checkpoint complete: wrote 1 buffers (0.0%); 0 transaction log file(s) added, 0 removed, 1 recycled; write=0.000 s, sync=0.003 s, total=0.012 s; sync files=1, longest=0.003 s, average=0.003 s
----------------------- END OF LOG ----------------------

Following is the system details and the chef-server.rb, I am using.

OS = CentOS release 6.7 (Final)
chef server version: chef-server-core-12.4.0-1.el6.x86_64

ubuntu@ip-172-31-18-184:~$ sudo cat /etc/opscode/chef-server.rb
topology "standalone"
api_fqdn "ip-172-31-18-184.us-west-2.compute.internal"
postgresql[‘external’] = true
postgresql[‘vip’] = 'chefdb.ckgvvwcgfjkz.us-west-2.rds.amazonaws.com
postgresql[‘port’] = 5432
postgresql[‘db_superuser’] = 'chefuser’
postgresql[‘db_superuser_password’] = ‘MySuperStrongPassword’

-Ravi

2

In your error log, you can see that the credentials are failing for the
user chef_server_conn_test. Perhaps look in to why that credential is
incorrect.

3

Thank you Brian,

I tried it manually to connect to the rds database, which works, are there any more setting I need to provide, this will help me to fix this issue.

[centos@ip-10-100-27-239 ~]$ psql -h chefdb.ckgvvwcgfjkz.us-west-2.rds.amazonaws.com -p 5432 -U cheffer -W chefdb
Password for user cheffer:
psql (9.3.10, server 9.4.1)
WARNING: psql major version 9.3, server major version 9.4.
Some psql features might not work.
SSL connection (cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256)
Type “help” for help.

chefdb=>

-Ravi

4

Hi,

I believe that the chef_server_conn_test errors are probably not your issue
as we expect that to fail. That is an invalid user that chef-server-ctl
reconfigure uses to test basic network connectivity to the postgresql
backend. Do you have the error message output from chef-server-ctl reconfigure that would probably be most helpful.

Sincerely,

Steven

Software Development Engineer, Platform Engineering
Chef Software, Inc

5

Thank you very much Steven,

I will re-produce the scenario and provide the error message output from chef-server-ctl reconfigure command.

Between, what are the standard configuration for RDS you (chef) will suggest, just like,

if I need to setup the rds with db or without ?
if db need to be create, does I need to set any exact db name ?
do I need to set any specific pg super username and password ?

Looking forward to hear…

-Ravi

6

Hi,

if I need to setup the rds with db or without ?

chef-server-ctl reconfigure will set up any required databases and users.

do I need to set any specific pg super username and password ?

No specific username or password is needed, but you do need to provide
chef-server with the information about the external database include the
superuser name and password. An example configuration might look like:

postgresql['external'] = true
postgresql['vip'] = '1.2.3.4'
postgresql['db_superuser'] = 'chef_pgsql'
postgresql['db_superuser_password'] =
'92462305b12e49bf85c6d0dd5bc9bf11558eb10fb7aeb2bd6eaf5110baa23a0cee2f58f7b9337a28ff395e42126b9e0ecf2a'

I hope this helps.

Sincerely,

Steven

Software Development Engineer, Platform Engineering
Chef Software, Inc