PostgreSQL Charm

setting extra_pg_conf="log_file_mode=0600" results in a traceback

Bug #1956250 reported by Chris Johnston
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
PostgreSQL Charm
Fix Released
Medium
Unassigned

Bug Description

As per PostgreSQL 9.x STIG V-214152 [1], log_file_mode must be configured to 0600.

When trying to do this via `juju config landscape-postgresql extra_pg_conf="log_file_mode=0600"` it results in the following error:

2022-01-03 20:05:46 WARNING config-changed Traceback (most recent call last):
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/juju/agents/unit-landscape-postgresql-1/charm/hooks/config-changed", line 22, in <module>
2022-01-03 20:05:46 WARNING config-changed main()
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/juju/agents/unit-landscape-postgresql-1/.venv/lib/python3.6/site-packages/charms/reactive/__init__.py", line 74, in main
2022-01-03 20:05:46 WARNING config-changed bus.dispatch(restricted=restricted_mode)
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/juju/agents/unit-landscape-postgresql-1/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 390, in dispatch
2022-01-03 20:05:46 WARNING config-changed _invoke(other_handlers)
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/juju/agents/unit-landscape-postgresql-1/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 359, in _invoke
2022-01-03 20:05:46 WARNING config-changed handler.invoke()
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/juju/agents/unit-landscape-postgresql-1/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 181, in invoke
2022-01-03 20:05:46 WARNING config-changed self._action(*args)
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/juju/agents/unit-landscape-postgresql-1/charm/reactive/postgresql/service.py", line 246, in configure_cluster
2022-01-03 20:05:46 WARNING config-changed update_postgresql_conf()
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/juju/agents/unit-landscape-postgresql-1/charm/reactive/postgresql/service.py", line 820, in update_postgresql_conf
2022-01-03 20:05:46 WARNING config-changed settings = assemble_postgresql_conf()
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/juju/agents/unit-landscape-postgresql-1/charm/reactive/postgresql/service.py", line 558, in assemble_postgresql_conf
2022-01-03 20:05:46 WARNING config-changed validate_postgresql_conf(conf) # May terminate.
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/juju/agents/unit-landscape-postgresql-1/charm/reactive/postgresql/service.py", line 813, in validate_postgresql_conf
2022-01-03 20:05:46 WARNING config-changed raise ValueError("{} above maximum {}".format(v, r.maxvalue))
2022-01-03 20:05:46 WARNING config-changed AttributeError: 'pg_settings' object has no attribute 'maxvalue'
2022-01-03 20:05:46 ERROR juju.worker.uniter.operation runhook.go:136 hook "config-changed" (via explicit, bespoke hook script) failed: exit status 1

Looking into this validate_postgresql_conf, I see that the min/max for this config option is 0/511 [2]. To validate that this isn't something related to the charm at all, I have installed postgresql-10 on a 18.04 VM and ran:

`sudo runuser -u postgres -- psql -c "SELECT name, unit, context, vartype, min_val, max_val, enumvals, boot_val FROM pg_settings WHERE context <> 'internal';`

which results in:

log_file_mode | | sighup | integer | 0 | 511 | | 384

Confirming that the max value is 511. Upon reading the PostgreSQL documentation [3], I see that the default value for this field is 0600, though 0640 is also commonly used. While 0600 is the default, a user should still be able to hard code the default value, or the 0640 as mentioned in the documentation.

[1] https://www.stigviewer.com/stig/postgresql_9.x/2021-06-04/finding/V-214152
[2] https://git.launchpad.net/postgresql-charm/tree/lib/pg_settings_10.json#n1640
[3] https://www.postgresql.org/docs/10/runtime-config-logging.html#id-1.6.6.11.3.4.5.1.3

Tags: sts

Related branches

~seyeongkim/postgresql-charm:adding_octal
Tom Haddon: Approve
Canonical IS Reviewers: Pending requested
Diff: 178 lines (+27/-20)
6 files modified
lib/pg_settings_10.json (+4/-4)
lib/pg_settings_11.json (+4/-4)
lib/pg_settings_12.json (+4/-4)
lib/pg_settings_9.5.json (+4/-4)
lib/pg_settings_9.6.json (+4/-4)
reactive/postgresql/service.py (+7/-0)
~seyeongkim/postgresql-charm:fix_typo_max_val
Tom Haddon: Approve
Canonical IS Reviewers: Pending requested
Diff: 13 lines (+1/-1)
1 file modified
reactive/postgresql/service.py (+1/-1)
Seyeong Kim (seyeongkim)
tags: added: sts
Revision history for this message
Tom Haddon (mthaddon) wrote :

Ok, so the issue here is that the value is specified as an octal (e.g. 0600) which corresponds to 384 as an integer (0600 = (0 × 8³) + (6 × 8²) + (0 × 8¹) + (0 × 8⁰) = 384). However, we're not converting from octal to integer before comparing in the code.

I think the follow up fix here should be to switch the "type" in the pg_settings json files to octal and then convert that appropriately in `validate_postgresql_conf`.

Tom Haddon (mthaddon)
Changed in postgresql-charm:
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Tom Haddon (mthaddon) wrote :

This has been fixed in cs:postgresql-236. This change will also be propogated to charmhub within 24 hours.

Changed in postgresql-charm:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.