[Feat Req] Add support for Certs for Postgres database #6655

Closed
tomkozlowski opened this Issue Nov 21, 2016 · 3 comments

Projects

None yet

2 participants

@tomkozlowski
Contributor
  • I'm submitting a ...
  • Bug report
  • Feature request
  • Question / Support request: Please do not open a github issue. Support Options

Please include this information:

  • What Grafana version are you using?
    4.0.0-beta1
  • What datasource are you using?
    n/a
  • What OS are you running grafana on?
    CentOS 6
  • What did you do?
    Tried to implement postgres backing on grafana against an SSL-secured version of Postgres
  • What was the expected result?
    That the DB migration would init successfully
  • What happened instead?
    Got this error:
t=2016-11-21T14:08:12-0500 lvl=info msg="Starting Grafana" logger=main version=4.0.0-beta1 commit=v4.0.0-beta1+35-gd11e141 compiled=2016-11-16T11:16:11-0500
t=2016-11-21T14:08:12-0500 lvl=info msg="Config loaded from" logger=settings file=/opt/palantir/services/.166922840/service/conf/defaults.ini
t=2016-11-21T14:08:12-0500 lvl=info msg="Config loaded from" logger=settings file=/opt/palantir/services/.166922840/var/conf/custom.ini
t=2016-11-21T14:08:12-0500 lvl=info msg="Path Home" logger=settings path=/opt/palantir/services/.166922840/service
t=2016-11-21T14:08:12-0500 lvl=info msg="Path Data" logger=settings path=/opt/palantir/services/.166922840/var/data
t=2016-11-21T14:08:12-0500 lvl=info msg="Path Logs" logger=settings path=/opt/palantir/services/.166922840/var/log
t=2016-11-21T14:08:12-0500 lvl=info msg="Path Plugins" logger=settings path=/opt/palantir/services/.166922840/service/data/plugins
t=2016-11-21T14:08:12-0500 lvl=info msg="Initializing DB" logger=sqlstore dbtype=postgres
t=2016-11-21T14:08:12-0500 lvl=info msg="Starting DB migration" logger=migrator
t=2016-11-21T14:08:12-0500 lvl=eror msg="Fail to initialize orm engine" logger=sqlstore error="Sqlstore::Migration failed err: x509: certificate signed by unknown authority\n"
@torkelo
Member
torkelo commented Nov 22, 2016

have you added a ca key on the server?

I think these are the locations where it will look for ca
"/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL
"/etc/ssl/ca-bundle.pem", // OpenSUSE

what is your ssl_mode set to?

the cert options in the database setting is currently only used for mysql
ca_cert_path
client_key_path
client_cert_path
server_cert_name

@torkelo torkelo changed the title from postgres database doesn't support certificates to [Feat Req]; Add support for Certs for Postgres database Nov 22, 2016
@torkelo torkelo changed the title from [Feat Req]; Add support for Certs for Postgres database to [Feat Req] Add support for Certs for Postgres database Nov 22, 2016
@tomkozlowski
Contributor

I can't add a CA key because I'm running in user-space (i.e. no root access)

My ssl_mode is set to verify_full

@torkelo
Member
torkelo commented Nov 22, 2016

Well then you need root, if you have very full and the cert ca is unknown

@bergquist bergquist closed this in #6670 Nov 29, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment