Control: clone -1 -2 -3 Control: retitle -1 psql ident without existing sys-user unclear error Control: tags -1 -moreinfo Control: retitle -2 psql incorrectly falls back to TCP in ident case Control: tags -1 -moreinfo Control: retitle -3 psql alters credentials with dbuser iso dbadmin
Hi Christoph,
On 13-08-16 23:22, Christoph Anton Mitterer wrote:
> See below... went actually much faster than I'd have expected.
Thanks, that was helpful (for the ident/peer case).
And just to be sure, I assume everything we discuss here is done with
the backported version of dbconfig. There are too many changes since
Jessie to investigate that now (I may check once we identified all issues).
> I think it already shows the possible problem that happens:
>> populating database via sql... warning: ident method specified but local
>> account doesn't exist.
>> warning: ident method specified but local account doesn't exist.
>
> It thinks the account doesn't exist (which is correct, but doesn't
> really matter) and I'd blindly assume now it falls back to TCP for this
> reason?
Yes, it does that by design and it does really matter. However, as seen
in this bug, I guess it should just fail instead, right? We fill the
database with the database user credentials to avoid the need for the
administrator credentials (requiring the administrator credentials for
anything that isn't strictly needing it is a bug¹ that I intent to close
soon), so using the administrator credentials to solve this issue is a
no-go. I wasn't aware of the possibility to have system-user to
postgresql-user mapping, so I am afraid that we need an additional
debconf question to ask for the system-user name that will be used for
the connection in case of ident/peer.
After writing the above, I found where the fallback to TCP happens: the
logic of _dbc_psql_cmd_args checks for the password instead of the
method. Should be easy to fix, but alone it will change the fallback
from TCP/$dbc_dbuser to ident/root and still fail (I think).
> populating database via sql... warning: ident method specified but local
> account doesn't exist.
> warning: ident method specified but local account doesn't exist.
> su -s /bin/sh root -c "env HOME='/tmp/dbconfig-common.psql_home.RIlqrF'
> PGPASSFILE='/tmp/dbconfig-common.psql_home.RIlqrF/.pgpass' PGSSLMODE='prefer'
> psql --set \"ON_ERROR_STOP=1\" -q -h 'localhost' -U 'icinga' icinga" 2>&1.
^^^^ should have read icinga
The user to use is here is determined by the _dbc_psql_local_username
function in /usr/share/dbconfig-common/internal/pgsql.
Could you also create the debugging info for the TCP issue you reported?
I cloned this bug to separate out that issue and leave the moreinfo tag
standing for that issue.
Paul
¹ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475829
signature.asc
Description: OpenPGP digital signature
