Added auth method for su/replication user #380
Conversation
cmd/keeper/keeper.go
Outdated
| @@ -112,9 +114,11 @@ func init() { | |||
| cmdKeeper.PersistentFlags().StringVar(&cfg.pgListenAddress, "pg-listen-address", "localhost", "postgresql instance listening address") | |||
| cmdKeeper.PersistentFlags().StringVar(&cfg.pgPort, "pg-port", "5432", "postgresql instance listening port") | |||
| cmdKeeper.PersistentFlags().StringVar(&cfg.pgBinPath, "pg-bin-path", "", "absolute path to postgresql binaries. If empty they will be searched in the current PATH") | |||
| cmdKeeper.PersistentFlags().StringVar(&cfg.pgReplAuthMethod, "pg-repl-auth-method", "md5", "postgres replication user auth method. Required.") | |||
There was a problem hiding this comment.
I'll remove "Required" since the default is set to md5 and will break current behavior.
cmd/keeper/keeper.go
Outdated
| @@ -1610,6 +1619,12 @@ func keeper(cmd *cobra.Command, args []string) { | |||
| die("cannot create data dir: %v", err) | |||
| } | |||
|
|
|||
| if cfg.pgReplAuthMethod == "" { | |||
| die("--pg-repl-auth-method is required") | |||
There was a problem hiding this comment.
Don't make it required. If not specified will used the default md5 as of now.
cmd/keeper/keeper.go
Outdated
| @@ -1579,6 +1587,7 @@ func main() { | |||
|
|
|||
| func keeper(cmd *cobra.Command, args []string) { | |||
| var err error | |||
| validAuthMethods := map[string]bool{"md5": true, "password": true, "trust": true} | |||
There was a problem hiding this comment.
not a big deal but when a map doesn't require a values I prefer to use struct{}: map[string]struct{}
cmd/keeper/keeper.go
Outdated
| @@ -1620,6 +1635,11 @@ func keeper(cmd *cobra.Command, args []string) { | |||
| if cfg.pgReplPassword != "" && cfg.pgReplPasswordFile != "" { | |||
| die("only one of --pg-repl-password or --pg-repl-passwordfile must be provided") | |||
There was a problem hiding this comment.
When using the trust auth method the user doesn't have to provide a password.
| @@ -76,16 +78,18 @@ type InitConfig struct { | |||
| DataChecksums bool | |||
| } | |||
|
|
|||
| func NewManager(pgBinPath string, dataDir string, localConnParams, replConnParams ConnParams, suUsername, suPassword, replUsername, replPassword string, requestTimeout time.Duration) *Manager { | |||
| func NewManager(pgBinPath string, dataDir string, localConnParams, replConnParams ConnParams, suAuthMethod, suUsername, suPassword, replAuthMethod, replUsername, replPassword string, requestTimeout time.Duration) *Manager { | |||
There was a problem hiding this comment.
In https://github.com/emdem/stolon/blob/8635f157ab57190d8607c179b8b66b47af7f7d6b/pkg/postgresql/postgresql.go#L363 we also populate the su and repl user password. I'll change them to populate it only with md5 auth since with trust I'll ignore if the user have provided a password.
There was a problem hiding this comment.
@sgotti I gave it a lot of thought and decided to simply force the user to either utilize md5 + password and then over-ride specific connections via the spec/stolonctl update/init.
Need to confirm, but if I recall correctly, it's possible with this code to set a password/md5 auth for super user from the keeper, then to utilize stolonctl or the json spec provided to sentinel to add trust for localhost superuser connections.
I'll start working on the documentation changes when the code changes are at a state you feel comfortable.
cmd/keeper/keeper.go
Outdated
| @@ -1579,6 +1587,7 @@ func main() { | |||
|
|
|||
| func keeper(cmd *cobra.Command, args []string) { | |||
| var err error | |||
| validAuthMethods := map[string]bool{"md5": true, "password": true, "trust": true} | |||
There was a problem hiding this comment.
I'm not sure if we should also add the password method since postgres doc suggests to use md5.
emdem
force-pushed
the
master
branch
4 times, most recently
from
512eb5a to
2975db9
Compare
|
Added #42 code changes as well. Simply fails with error message indicating version 9.4 or greater is needed. |
|
@emdem Thanks! I thinks this needs some tests but we can make them in another PR. So it looks good to me after removing the unrelated changes:
Please put this in another pull request since they are two completely different changes. |
There was a problem hiding this comment.
@emdem I tried this PR but I'm getting some errors:
-
initializing the db when using trust for both su and repl users. I think it's related to my comment.
-
when using trust for only repl user the standby continuously restarts with the message:
connection parameters changed. Reconfiguring.It thinks the replication parameters are changed because the parsed one doesn't contain thepasswordkey while the generated one contains a password key with an empty value. So thegetReplConnParammethod (and similar ones) should be changed to not add empty passwords to the returnedConnParams.
pkg/postgresql/postgresql.go
Outdated
| name := filepath.Join(p.pgBinPath, "pg_ctl") | ||
| log.Infow("starting database") |
pkg/postgresql/postgresql.go
Outdated
| @@ -360,15 +364,15 @@ func (p *Manager) SetupRoles() error { | |||
| ctx, cancel := context.WithTimeout(context.Background(), p.requestTimeout) | |||
| defer cancel() | |||
|
|
|||
| if p.suUsername == p.replUsername { | |||
| if p.suUsername == p.replUsername && p.suAuthMethod != "trust" && p.replAuthMethod != "trust" { | |||
There was a problem hiding this comment.
We should add the replication role to superuser also when authmethod is trust. What shouldn't be done is to set a password. Probably alterRole method should be improved/changed to work with empty passwords.
The same also for the call to createRole below (in creating replication role).
emdem
force-pushed
the
master
branch
4 times, most recently
from
86e6c64 to
e434672
Compare
|
@sgotti I made some changes, including incorporating the additional comments/suggestions you made... I'm testing them a bit more thoroughly. So far... much better. |
cmd/keeper/keeper.go
Outdated
| die("provided superuser name and replication user name are the same but provided passwords are different") | ||
| } | ||
| } | ||
|
|
||
| if cfg.pgReplPasswordFile != "" { | ||
| if cfg.pgReplAuthMethod != "trust" && cfg.pgReplPasswordFile != "" { |
There was a problem hiding this comment.
The check for cfg.pgReplAuthMethod != "trust" can be omitted since it was already checked previously
cmd/keeper/keeper.go
Outdated
| cfg.pgReplPassword, err = readPasswordFromFile(cfg.pgReplPasswordFile) | ||
| if err != nil { | ||
| die("cannot read pg replication user password: %v", err) | ||
| } | ||
| } | ||
| if cfg.pgSUPasswordFile != "" { | ||
| if cfg.pgSUAuthMethod != "trust" && cfg.pgSUPasswordFile != "" { |
There was a problem hiding this comment.
The check for cfg.pgSuAuthMethod != "trust" can be omitted since it was already checked previously
Added auth method for su/replication user
|
@emdem Thanks a lot! Merged. |
For issue #362