Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[yugabyted] Starting yugabyted with client cert auth enabled doesn't work #25670

Open
1 task done
iSignal opened this issue Jan 17, 2025 · 0 comments
Open
1 task done

[yugabyted] Starting yugabyted with client cert auth enabled doesn't work #25670

iSignal opened this issue Jan 17, 2025 · 0 comments
Labels
area/ecosystem Label for all ecosystem related projects area/ybd yugabyted project related Github tickets. kind/enhancement This is an enhancement of an existing feature priority/medium Medium priority issue status/awaiting-triage Issue awaiting triage

Comments

@iSignal
Copy link
Contributor

iSignal commented Jan 17, 2025
edited by jira bot
Loading

Jira Link: DB-14929

Description

Start a yugabyted single node cluster with

sanketh@varahivm yugabyte-db > cache_logging > bin/yugabyted start --secure --tserver_flags="ysql_hba_conf_csv={hostssl all all all md5 clientcert=verify-full}" --ui false

or

sanketh@varahivm yugabyte-db > cache_logging > bin/yugabyted start --secure --tserver_flags="ysql_hba_conf_csv={hostssl all all all md5 cert}" --ui false

This fails when yugabyted attempts to connect to the YSQL port

Starting yugabyted...
✅ YugabyteDB Started
| Enabling Encryption in Transit and Password Authentication...Could not update Postgress user password. Exception: Traceback (most recent call last):
  File "/home/sanketh/code/yugabyte-db/bin/yugabyted", line 5617, in update_db_passwords
    try:
  File "/home/sanketh/code/yugabyte-db/bin/yugabyted", line 10489, in retry_op_with_argument
RuntimeError: Failed after retrying operation for 60.3484206199646 secs.

yugabyted needs to either use the local socket or generate client certificates. Generating client certs is better given the user can also use them to connect in this case.

Warning: Please confirm that this issue does not contain any sensitive information

  • I confirm this issue does not contain any sensitive information.
@iSignal iSignal added area/ecosystem Label for all ecosystem related projects area/ybd yugabyted project related Github tickets. status/awaiting-triage Issue awaiting triage labels Jan 17, 2025
@yugabyte-ci yugabyte-ci added kind/enhancement This is an enhancement of an existing feature priority/medium Medium priority issue labels Jan 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/ecosystem Label for all ecosystem related projects area/ybd yugabyted project related Github tickets. kind/enhancement This is an enhancement of an existing feature priority/medium Medium priority issue status/awaiting-triage Issue awaiting triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iSignal @yugabyte-ci