stackoom
  简体   繁体   中英

chef-solo not updating postgres pg_hba.conf

 原文  2014-10-30 04:57:26       postgresql/ chef/ access-control

Question

I am using Chef Solo to provision a Vagrant Virtual Machine. Here is the relevant Vagrantfile snippet: 

chef.run_list = [
    "databox::default",
    "mydbstuff"
]

chef.json = {

    "postgresql": {
        "config" : {
            "listen_addresses": "*"
        },
        "pg_hba": [
            {"type": "local", "db": "all", "user": "postgres",   "addr": null,               "method": "ident"},
            {"type": "local", "db": "all", "user": "all",        "addr": null,               "method": "md5"},
            {"type": "host",  "db": "all", "user": "all",        "addr": "127.0.0.1/32",     "method": "md5"},
            {"type": "host",  "db": "all", "user": "all",        "addr": "::1/128",          "method": "md5"},

            {"type": "local", "db": "all", "user": "vagrant",    "addr": null,               "method": "ident"},
            {"type": "host",  "db": "all", "user": "all",        "addr": "192.168.248.1/24", "method": "md5"}
        ]
    },
    "databox": {
        "db_root_password": "abc123",
        "databases": {
            "postgresql": [
                { "username": "db1", "password": "abc123", "database_name": "db1" },
                { "username": "db2", "password": "abc123", "database_name": "db2" }
            ]
        }
    }
}

The mydbstuff::default recipe looks like this: 

postgresql_connection_info = {
  :host => "localhost",
  :port => node['postgresql']['config']['port'],
  :username => 'postgres',
  :password => node['postgresql']['password']['postgres']
}

postgresql_database_user 'vagrant' do
  connection postgresql_connection_info
  password 'vagrant'
  action :create
end

node['databox']['databases']['postgresql'].each do |db|
  postgresql_database_user 'vagrant' do
    connection postgresql_connection_info
    action :grant
    database_name db.database_name
  end
end

I am trying to allow connections by the local vagrant user without a password, and by any user from the VirtualBox private network. The pg_hba array in my chef.json has four lines that are copied from the default configuration and two lines to do the other stuff that I want to do. If I add these two lines to the pg_hba.conf file manually, they work just fine.

The problem is that my changes aren't actually written to the pg_hba.conf file. What's preventing them from being written?

2 answers

solution1
 0 ACCPTED  2014-10-30 04:57:26

It appears that the databox cookbook overwrites the Postgres permissions array using node.set instead of just modifying the part that it needs.

I have submitted a pull request to the project to change this behavior so that additional entries can be added to the file.

solution2
 0  2014-10-30 12:09:03

I faced same problem with chef-solo. My way out was to create a template for pg_hba.conf and replaced at the end of execution of recipe.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question chef-solo + postgres result in invalid pg_hba.conf Postgres pg_hba.conf Postgres Auth failed, no pg_hba.conf postgres with custom pg_hba.conf at startup Modifying pg_hba.conf Is there a pg_hba.conf at Azure? Add custom pg_hba.conf in postgres docker container? No entries in pg_hba.conf Postgres: missing or erroneous pg_hba.conf file in postgres, editing pg_hba.conf didnt enable passwordless login
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM