Specify password authentication for initdb and adjust pwfile permissions#12
Open
acritelli wants to merge 1 commit intocloudify-community:masterfrom
Open
Specify password authentication for initdb and adjust pwfile permissions#12acritelli wants to merge 1 commit intocloudify-community:masterfrom
acritelli wants to merge 1 commit intocloudify-community:masterfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The current
configure-psql.shscript will report success (and the appropriate capabilities appear in the deployment), but attempts to log in to Postgres via thepsqlcommand on the host fail. This is because current versions of Postgres use peer authentication by default in theirpg_hba.conffile.The fix proposed in this PR adds the
-A passwordswitch toinitdb, which allows password authentication to work.Adding this switch revealed that the permissions on the temporary password file were preventing
initdbfrom reading it. By default,mktempcreates the temporary file with0600permissions. Since this is run as thecentosuser, thepostgresuser was unable to read the password file.I confirmed this fix works by uploading the updated blueprints to my Cloudify manager (v6.2) and creating a
dev-smallenvironment.