Updating database credential AFTER server startup

Server version is 8.5.0.

I’m looking for a server API that can indicate database connection error after the server is started, one preferably doesn’t require authentication.

Backgroud: our SonarQube server connects to an AWS RDS database, and the database user credential rotation is natively managed by AWS. The issue I’m facing is I’m unable to find a health ping that can trigger a server restart as soon as the current db user password is rotated and longer valid, while the SonarQube server is running (we have custom logic to fetch the latest database credential upon SonarQube startup). The api/system/status API was my first choice, but from experiments it will continue to return 200 with health: GREEN when the server is in a bad state as such.

The reason I’d like to use an API with no authentication required is so I can also configure it on our load balancers (which does not support custom HTTP headers) to detect the server outage.

I understand this is a less uncommon situation, but just curious if the community has any suggestion here before we roll our own code. Thanks!

Michael

Hi,

api/liveness (documentation) is designed exactly for this need. It supports authentication with a passcode as HTTP header X-Sonar-Passcode. You have two options to define the allowed passcode:

  • using an env variable in the SQ context: SONAR_WEB_SYSTEMPASSCODE
  • define sonar.web.systemPasscode property in sonar.properties