On 08/24/2012 05:11 PM, John Eckersberg wrote: > Mo Morsi <[email protected]> writes: >> + exec{ "pgauthuser": >> + command => "/usr/bin/sed -i s/ident/md5/ >> /var/lib/pgsql/data/pg_hba.conf", > Did you mean s/trust/ident/ here?
No. This patch changes the postgres init to utilize 'postgres-setup' instead of 'initdb' postgrep-setup will configure the hba to use ident authentication by default (eg systems users) whereas we want to use md5 (lookup users / passwords in the user db) > >> + require => Exec["pginitdb"], >> + notify => Service["postgresql"] >> + } > This exec ends up running on each invocation of configure, which means > the postgres service gets notified each run (and restarted). I'm seeing > intermittent failures on various things later on in the configure run > (mostly temp-admin user stuff) like: > > err: > /Stage[main]/Aeolus::Profiles::Common/Aeolus::Conductor::Login[temporary-administrative-user-4107fa646e268357fba1d0ef4d075c8c491a6179f9beffe7]/Web_request[temporary-administrative-user-4107fa646e268357fba1d0ef4d075c8c491a6179f9beffe7-conductor-login]/post: > change from to https://localhost/conductor/user_session failed: An > exception was raised when invoking web request: Invalid HTTP Return Code: 500, > was expecting one of 200 > > with the matching rails exception: > > ActiveRecord::StatementInvalid (PGError: no connection to the server > : SELECT "sessions".* FROM "sessions" WHERE "sessions"."session_id" = > '9ea0c1c3080158cee1f7ebf6bd0f7749' LIMIT 1): > > So it looks like the postgres init script doesn't block for a complete > reload, and the server is restarting somewhere in the middle of the > configure run while we are trying to use it. > > We can get around this by adding to the pgauthuser exec: > > onlyif => "/bin/grep -q trust /var/lib/pgsql/data/pg_hba.conf" > > This was all testing on a previously-configured host; I'm going to > reprovision and sanity check a clean host now. I only tried this from a fresh install which prolly explains why I missed this. Seems like a good solution, though I believe we should be able to trigger service restarts whenever postgres is restarted. I'll implement the 'onlyif' and look into this as well and send out the updated patchset shortly. -Mo
