Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

failed: could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied #704

Open
lknite opened this issue Mar 6, 2025 · 0 comments
Open

failed: could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied #704

lknite opened this issue Mar 6, 2025 · 0 comments

Comments

@lknite
Copy link

lknite commented Mar 6, 2025
edited
Loading

Describe your Issue

Deployed nextcloud with an external postgres database.

Everything comes up ok, but unable to get past the initial screen asking me to create an admin use account.

Is there a helm chart option I need to enable tls db access?

If I disable 'tls' on my database then I get past the admin screen but it still says that I chose SQLite database along with this error:

Error while trying to initialise the database: An exception occurred while executing a query: SQLSTATE[42501]: Insufficient privilege: 7 ERROR: permission denied for table oc_migrations

Create an admin account

Logs and Errors

Previous: PDOException: SQLSTATE[08006] [7] connection to server at "yb-tserver-service" (10.103.147.103), port 5433 failed: could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied
connection to server at "yb-tserver-service" (10.103.147.103), port 5433 failed: FATAL:  no pg_hba.conf entry for host "172.16.182.189", user "yugabyte", database "yugabyte", SSL off

Describe your Environment

  • Kubernetes distribution: kubeadm

  • Helm Version (or App that manages helm): ArgoCD v2.14.2+ad27246

  • Helm Chart Version: 6.6.5

  • Chart.yaml:

dependencies:
- name: yugabyte
  version: 2024.2.1
  repository: https://charts.yugabyte.com
- name: nextcloud
  version: 6.6.5
  repository: https://nextcloud.github.io/helm
  • values.yaml:
nextcloud:

  ingress:
    enabled: true
    className: nginx
    annotations:
      cert-manager.io/cluster-issuer: vault-issuer
    # ingress configuration redacted, the ingress is working file

  internalDatabase:
    enabled: false

  externalDatabase:
    enabled: true

    ## Supported database engines: mysql or postgresql
    type: postgresql

    ## Database host. You can optionally include a colon delimited port like "myhost:1234"
    #host: "yb-tserver-service:6379"
    host: "yb-tserver-service:5433"
    #host: "yb-tserver-service.nextcloud.svc:6379"
    #host: "yb-tserver-service.nextcloud.svc:5433"

    ## Database user
    user: yugabyte

    ## Database password
    password: yugabyte

    ## Database name
    database: yugabyte

    ## Use a existing secret
    existingSecret:
      enabled: false
      # secretName: nameofsecret
      usernameKey: db-username
      passwordKey: db-password
      # hostKey: db-hostname-or-ip
      # databaseKey: db-name

  redis:
    enabled: false

yugabyte:

  tls:
    enabled: true

  preflight:
    skipUlimit: true

  replicas:
    master: 3
    tserver: 3

  resource:
    master:
      requests:
        cpu: "1"
        memory: 2Gi
      limits:
        cpu: "2"
        ## Ensure the 'memory' value is strictly in 'Gi' or 'G' format. Deviating from these formats
        ## may result in setting an incorrect value for the 'memory_limit_hard_bytes' flag.
        ## Avoid using floating numbers for the numeric part of 'memory'. Doing so may lead to
        ## the 'memory_limit_hard_bytes' being set to 0, as the function expects integer values.
        memory: 2Gi
    tserver:
      requests:
        cpu: "1"
        memory: 4Gi
      limits:
        cpu: "2"

Screenshot
Image

# \dt
             List of relations
 Schema |      Name      | Type  |  Owner   
--------+----------------+-------+----------
 public | oc_appconfig   | table | oc_admin
 public | oc_filecache   | table | oc_admin
 public | oc_group_admin | table | oc_admin
 public | oc_group_user  | table | oc_admin
 public | oc_groups      | table | oc_admin
 public | oc_jobs        | table | oc_admin
 public | oc_migrations  | table | oc_admin
 public | oc_mimetypes   | table | oc_admin
 public | oc_mounts      | table | oc_admin
 public | oc_preferences | table | oc_admin
 public | oc_properties  | table | oc_admin
 public | oc_share       | table | oc_admin
 public | oc_storages    | table | oc_admin

If I use the latest version of yugabyte, postgres 15 compatible it gets a little further:

# \dt
                 List of relations
 Schema |          Name          | Type  |  Owner   
--------+------------------------+-------+----------
 public | oc_appconfig           | table | oc_admin
 public | oc_authtoken           | table | oc_admin
 public | oc_bruteforce_attempts | table | oc_admin
 public | oc_filecache           | table | oc_admin
 public | oc_group_admin         | table | oc_admin
 public | oc_group_user          | table | oc_admin
 public | oc_groups              | table | oc_admin
 public | oc_jobs                | table | oc_admin
 public | oc_migrations          | table | oc_admin
 public | oc_mimetypes           | table | oc_admin
 public | oc_mounts              | table | oc_admin
 public | oc_preferences         | table | oc_admin
 public | oc_properties          | table | oc_admin
 public | oc_share               | table | oc_admin
 public | oc_storages            | table | oc_admin
 public | oc_users               | table | oc_admin
 public | oc_vcategory           | table | oc_admin
(17 rows)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lknite