Chart not accounting for PostgreSQL stream replication check changes #888

New Issue

jadedeane · 2025-06-20T02:37:12Z

2025-06-20 02:37:12 +00:00

Moving from Gitea chart 11.x to 12.x, using postgresql-ha, db logs flooding with:

FATAL: password authentication failed for user "sr_check_user"

Looks like Gitea's chart isn't adding a pgpool 'sr-check-password' secret along with 'adminPassword', e.g.:

postgresql-ha: pgpool: adminPassword: changeme sr-check-password: change <--- doesn't exist

Found this, which indicates per these instructions an 'sr_check_user' role is needed, with corresponding login password.

Adding the role and grants per aforementioned instructions, making sure to set the password equal to password pulled from 'sr-check-password' credential in "gitea-postgresql-ha-pgpool" secret, and things work.

Moving from Gitea chart 11.x to 12.x, using postgresql-ha, db logs flooding with: ``` FATAL: password authentication failed for user "sr_check_user" ``` Looks like Gitea's chart isn't adding a pgpool 'sr-check-password' secret along with 'adminPassword', e.g.: ``` postgresql-ha: pgpool: adminPassword: changeme sr-check-password: change <--- doesn't exist ``` Found [this](https://github.com/bitnami/charts/pull/33552#issuecomment-2870952140), which indicates per these [instructions](https://github.com/bitnami/charts/tree/main/bitnami/postgresql-ha#to-1600) an 'sr_check_user' role is needed, with corresponding login password. Adding the role and grants per aforementioned instructions, making sure to set the password equal to password pulled from 'sr-check-password' credential in "gitea-postgresql-ha-pgpool" secret, and things work.

jadedeane commented

2025-06-20 22:39:00 +00:00

Seems like every time Gitea is upgraded (Renovate upgraded the container image a moment ago, when v1.24.2 was released) the 'sr-check-password' key's value in the secret is changed, requiring connecting the lead db's container, running pgsql, and altering the 'sr_check_user' password:

❯ k -n gitea get secret gitea-postgresql-ha-pgpool -o jsonpath="{.data.sr-check-password}" | base64 -d XXXXXX% ❯ k -n gitea exec -it gitea-postgresql-ha-postgresql-1 -c postgresql -- bash 1001@gitea-postgresql-ha-postgresql-1:/$ psql -U postgres -W Password: psql (17.5) Type "help" for help. postgres=# ALTER ROLE sr_check_user WITH LOGIN PASSWORD 'XXXXXX'; ALTER ROLE

Seems like every time Gitea is upgraded (Renovate upgraded the container image a moment ago, when v1.24.2 was released) the 'sr-check-password' key's value in the secret is changed, requiring connecting the lead db's container, running pgsql, and altering the 'sr_check_user' password: ``` ❯ k -n gitea get secret gitea-postgresql-ha-pgpool -o jsonpath="{.data.sr-check-password}" | base64 -d XXXXXX% ❯ k -n gitea exec -it gitea-postgresql-ha-postgresql-1 -c postgresql -- bash 1001@gitea-postgresql-ha-postgresql-1:/$ psql -U postgres -W Password: psql (17.5) Type "help" for help. postgres=# ALTER ROLE sr_check_user WITH LOGIN PASSWORD 'XXXXXX'; ALTER ROLE ```

jadedeane closed this issue

2025-06-23 23:24:35 +00:00

jadedeane reopened this issue

2025-06-23 23:24:44 +00:00

pat-s commented

2025-06-24 08:01:20 +00:00

Thanks for reporting. Would you mind fixing this in a PR?

jadedeane referenced a pull request that will close this issue

2025-06-26 19:18:01 +00:00

fix: add `srCheckPassword` param to support new postgresql-ha stream replication check requirements #894

jadedeane commented

2025-06-26 19:19:55 +00:00