Commit 27b9b2f7 authored by DJ Mountney's avatar DJ Mountney

Quote read passwords in yml files

This should help ensure the passwords are read as strings, so they won't
break the yaml parsing.
parent 941325ba
Pipeline #51535652 passed with stages
in 46 minutes and 50 seconds
---
title: Quote read passwords in yml files
merge_request:
author:
type: fixed
......@@ -16,7 +16,7 @@ data:
:ssl: {{ .ssl }}
:start_tls: {{ .startTls }}
:email: {{ .user }}
:password: <%= File.read("/etc/gitlab/mailroom/password") %>
:password: "<%= File.read("/etc/gitlab/mailroom/password") %>"
:idle_timeout: {{ .idleTimeout }}
:name: {{ .mailbox }}
:delete_after_delivery: true
......
......@@ -14,7 +14,7 @@ data:
database: {{ template "gitlab.psql.database" . }}
pool: 10
username: {{ template "gitlab.psql.username" . }}
password: <%= File.read("/etc/gitlab/postgres/psql-password") %>
password: "<%= File.read("/etc/gitlab/postgres/psql-password") %>"
host: {{ template "gitlab.psql.host" . }}
port: {{ template "gitlab.psql.port" . }}
# load_balancing:
......
......@@ -16,7 +16,7 @@ data:
database: {{ template "gitlab.psql.database" . }}
pool: 10
username: {{ template "gitlab.psql.username" . }}
password: <%= File.read("/etc/gitlab/postgres/psql-password") %>
password: "<%= File.read("/etc/gitlab/postgres/psql-password") %>"
host: {{ template "gitlab.psql.host" . }}
port: {{ template "gitlab.psql.port" . }}
# load_balancing:
......
......@@ -14,7 +14,7 @@ data:
database: {{ template "gitlab.psql.database" . }}
pool: 10
username: {{ template "gitlab.psql.username" . }}
password: <%= File.read("/etc/gitlab/postgres/psql-password") %>
password: "<%= File.read("/etc/gitlab/postgres/psql-password") %>"
host: {{ template "gitlab.psql.host" . }}
port: {{ template "gitlab.psql.port" . }}
{{- include "gitlab.psql.ssl.config" . | indent 6 }}
......
......@@ -16,7 +16,7 @@ data:
database: {{ template "gitlab.psql.database" . }}
pool: 10
username: {{ template "gitlab.psql.username" . }}
password: <%= File.read("/etc/gitlab/postgres/psql-password") %>
password: "<%= File.read("/etc/gitlab/postgres/psql-password") %>"
host: {{ template "gitlab.psql.host" . }}
port: {{ template "gitlab.psql.port" . }}
# load_balancing:
......
  • Since this change my helm updates fail due to psql database password incorrect. I removed the quotes around the psql password in the configmaps directly and then it worked again.

    Took me a while to find it, but analyzing the database login traffic I found that the password was sent with the quotes making the password incorrect.

    Running on EKS with an RDS database backend.

  • Same here. This broke the whole upgrade

  • @fbueno Can you please be specific with the versions between that this broke? If possible, we'd appreciate a proper bug report issue being raised. This should have been previously addressed.

  • @WarheadsSE I have had this during upgrade of a major version every time and manually fixed this several times by changing the values in cm or secret manually and removing the quotes. Since we are moving away from EKS anyway we are doing a rebuild of the whole cluster soon. So it has not been addresses imho.

  • @jaapgorjup Please raise an proper bug report issue, so that we can follow the resolution 🙇 If you're seeing this every release, then you seem to have a difference in replication to what we've manager to perform. Comments on the commit are sadly not a great workflow for us prioritize / resolve your apparently long-standing issue 🎱

Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment