vault-charm

Cannot relate with postgresql:db when using IPv6

Bug #1948484 reported by Simon Déziel on 2021-10-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	vault-charm	New	Undecided	Unassigned

Bug Description

With charm-vault version from charmhub/stable rev 5, if one tries to relate with postgresql:db (version 12.8 from charmhub/stable rev 235) when using IPv6, no connection is possible and the hook "db-relation-changed" fails.

Here is how it fails with IPv6:

unit-vault-0: 16:42:37 ERROR unit.vault/0.juju-log db:4: Hook error:
  File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/charms/reactive/__init__.py", line 74, in main
  File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/charms/reactive/bus.py", line 390, in dispatch
  File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/charms/reactive/bus.py", line 359, in _invoke
  File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/charms/reactive/bus.py", line 181, in invoke
  File "/var/lib/juju/agents/unit-vault-0/charm/reactive/vault_handlers.py", line 313, in create_vault_table
  File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/psycopg2/__init__.py", line 127, in connect
psycopg2.OperationalError: FATAL: pg_hba.conf rejects connection for host "2602:fc62:b:1018:1::8957", user "juju_vault", database "vault", SSL on
FATAL: pg_hba.conf rejects connection for host "2602:fc62:b:1018:1::8957", user "juju_vault", database "vault", SSL off
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed Traceback (most recent call last):
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed File "/var/lib/juju/agents/unit-vault-0/charm/hooks/db-relation-changed", line 22, in <module>
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed main()
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/charms/reactive/__init__.py", line 74, in main
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed bus.dispatch(restricted=restricted_mode)
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/charms/reactive/bus.py", line 390, in dispatch
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed _invoke(other_handlers)
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/charms/reactive/bus.py", line 359, in _invoke
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed handler.invoke()
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/charms/reactive/bus.py", line 181, in invoke
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed self._action(*args)
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed File "/var/lib/juju/agents/unit-vault-0/charm/reactive/vault_handlers.py", line 313, in create_vault_table
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed conn = psycopg2.connect(str(pgsql.master))
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/psycopg2/__init__.py", line 127, in connect
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed psycopg2.OperationalError: FATAL: pg_hba.conf rejects connection for host "2602:fc62:b:1018:1::8957", user "juju_vault", database "vault", SSL on
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed FATAL: pg_hba.conf rejects connection for host "2602:fc62:b:1018:1::8957", user "juju_vault", database "vault", SSL off
unit-vault-0: 16:42:37 WARNING unit.vault/0.db-relation-changed
unit-vault-0: 16:42:38 ERROR juju.worker.uniter.operation hook "db-relation-changed" (via explicit, bespoke hook script) failed: exit status 1

root@cloud-vm09:~# grep -hv ^# /etc/postgresql/12/main/pg_{ident,hba}.conf | grep -v ^$
juju_charm postgres postgres
juju_charm root postgres
local all postgres peer map=juju_charm
local all nagios password
local all all peer
local all all reject # Refuse by default
host all all all reject # Refuse by default

When using only IPv4, it works as intended and the proper entries are in pg_hba:

root@juju-556298-0-lxd-0:~# grep -hv ^# /etc/postgresql/12/main/pg_{ident,hba}.conf | grep -v ^$
juju_charm root postgres
juju_charm postgres postgres
local all postgres peer map=juju_charm
local all nagios password
local all all peer
host "vault" "juju_vault" "172.17.18.7/32" md5 # db:4 (vault/0)
host "vault" "juju_vault" "172.17.18.7/32" md5 # db:4 (vault/0)
local all all reject # Refuse by default
host all all all reject # Refuse by default

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.