Bug: FATAL: could not connect to the primary server: server certificate for "PostgreSQL" does not match host name "<ip address>"
Summary
I think this is a big bug, the error occurred when I setting up my geo, after I replicate the geo database in secondary server, PostgreSQL log shows the title error, it's because the PostgreSQL streaming replication connect to primary server use the sslmode=verify-full, the certificate made by gitlab for PostgreSQL is not bind hostname strictly, So it's cannot verify the Common Name(CN) in certificate, at most sslmode=verify-ca it can use.
Before version 14.9.x, It's always use sslmode=verify-ca method to connect to primary, but now .....
Steps to reproduce
- following the document to setting up geo with version 14.9.2
Example Project
What is the current bug behavior?
PostgreSQL Streaming Replication cannot working normally.
What is the expected correct behavior?
Relevant logs and/or screenshots
2022-04-14_14:44:27.50956 FATAL: could not connect to the primary server: server certificate for "PostgreSQL" does not match host name "10.37.129.9"
2022-04-14_14:44:27.57514 FATAL: could not connect to the primary server: server certificate for "PostgreSQL" does not match host name "10.37.129.9"
2022-04-14_14:44:32.58330 FATAL: could not connect to the primary server: server certificate for "PostgreSQL" does not match host name "10.37.129.9"
2022-04-14_14:44:37.56621 FATAL: could not connect to the primary server: server certificate for "PostgreSQL" does not match host name "10.37.129.9"
2022-04-14_14:44:42.62703 FATAL: could not connect to the primary server: server certificate for "PostgreSQL" does not match host name "10.37.129.9"
2022-04-14_14:44:47.63971 FATAL: could not connect to the primary server: server certificate for "PostgreSQL" does not match host name "10.37.129.9"
2022-04-14_14:44:52.62272 FATAL: could not connect to the primary server: server certificate for "PostgreSQL" does not match host name "10.37.129.9"
2022-04-14_14:44:57.64672 FATAL: could not connect to the primary server: server certificate for "PostgreSQL" does not match host name "10.37.129.9"Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)(we will only investigate if the tests are passing)