Last Modified: Jan 18, 2022
See more info
BIG-IQ System User Interface
Known Affected Versions:
Opened: Jul 24, 2020
If postgresql is not properly configured to allow SSL connections, services (such as tokumond) fail to connect to postgresql and an error similar to the following is logged in /var/log/tokumon/current: 2020-07-07_08:25:04.37666 [ERROR] postgresql: Failed connecting to dbConnectUrl:postgres://postgres_replication@[localhost]:<REDACTED>postgres://postgres_replication@[localhost]:5432/bigiq_db - Error: The server does not support SSL connections
Services are not able to connect to postgres. Setup and bootstrap are unable to complete successfully.
This occurs when the postgresql config file at /var/lib/pgsql/data/postgresql.conf has the default SSL settings, instead of "ssl = on". This can happen if the postgresql configuration gets reset to defaults after being configured for SSL connections. Because the SSL certificate and key files exist under /var/lib/pgsql/config, the modifications to the configuration file are assumed to already be complete and are not re-applied.
Run the following command to force re-configuration of postgresql: # ha_generate_certs --force <DISCOVERY_ADDRESS> Replacing <DISCOVERY_ADDRESS> with your BIG-IQ's discovery IP address.
Reconfiguring postgresql for SSL mode no longer depends on the absence of the SSL certificate and key files. Instead, the configuration will be updated to SSL mode (if it isn't already in SSL mode) any time ha_generate_certs runs. Since ha_generate_certs runs on bootstrap (on default service startup or on completion of the setup wizard), a misconfiguration will be automatically repaired by running the setup wizard or by restarting services with "bigstart restart".