Skip to content

postgresql_ssl_on causes install to fail #420

@d1nuc0m

Description

@d1nuc0m

Describe the Bug

Setting postgresql_ssl_on => true fails to install PuppetDB

Expected Behavior

It works and allow to install PuppetDB with SSL PostgreSQL

Steps to Reproduce

Example code

class { 'puppetdb':
  postgres_version        => '17',
  listen_address          => '0.0.0.0',
  disable_cleartext       => true,
  postgresql_ssl_on       => true,
  database_host           => $networking['fqdn'],
  database_listen_address => '0.0.0.0',
  database_password       => stdlib::fqdn_rand_string(36),
}

Environment

  • Version 8.1.0
  • Platform EL 9.5

Additional Context

Log

Notice: /Stage[main]/Puppetdb::Database::Ssl_configuration/File[postgres private key]/ensure: defined content as '{sha256}df4d396b21ed6c6d2e50a4883b1abf914a327b0a69296947cad1fc73303c7fcb'
Notice: /Stage[main]/Puppetdb::Database::Ssl_configuration/File[postgres public key]/ensure: defined content as '{sha256}f83fed1d2dc3ade6549f010f96e1f1a4a1d9d42685aa961f07b6bc13cfdb0015'
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: The files belonging to this database system will be owned by user "postgres".
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: This user must also own the server process.
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: 
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: The database cluster will be initialized with locale "C.UTF-8".
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: The default database encoding has accordingly been set to "UTF8".
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: The default text search configuration will be set to "english".
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: 
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: Data page checksums are disabled.
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: 
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: initdb: error: directory "/var/lib/pgsql/17/data" exists but is not empty
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: initdb: hint: If you want to create a new database system, either remove or empty the directory "/var/lib/pgsql/17/data" or run initdb with an argument other than "/var/lib/pgsql/17/data".
Error: '/usr/pgsql-17/bin/initdb --pgdata '/var/lib/pgsql/17/data' --username 'postgres' ' returned 1 instead of one of [0]
Error: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: change from 'notrun' to ['0'] failed: '/usr/pgsql-17/bin/initdb --pgdata '/var/lib/pgsql/17/data' --username 'postgres' ' returned 1 instead of one of [0]

It shows the issues: certificate/key are created before the DB is initialized, so initdb fails - a Require relationship might be enough

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions