Bug#1003292: Unpassworded superuser account now causes errors in log

Fri, 07 Jan 2022 10:03:19 -0800 

Package: patroni
Version: 2.1.2-2
I actually encountered this problem in the PGDG package of Patroni for Ubuntu (version 2.1.2-2.pgdg18.04+1), but it claims to be an unchanged rebuild of Debian release 2.1.2-2, so I expect this is the best place to report problems. 


In /etc/patroni/config.yml.in, which is added by the Debian packaging, 
there's this section:


# A superuser role is required in order for Patroni to manage the local
# Postgres instance.  If the option `use_unix_socket' is set to `true', then
# specifying an empty password results in no md5 password for the superuser
# being set and sockets being used for authentication. The `password:' line is
# nevertheless required.  Note that pg_rewind will not work if no md5 password
# is set.
    superuser:
      username: "postgres"
      password:


That to me implies that not setting a superuser password should work as 
long as I have use_unix_socket set to true and use_pg_rewind set to false, 
both of which I do.  And up to Patroni 2.1.1 it did.  With the upgrade to 
2.1.2, Patroni still seems to work correctly but it produces log messages 
like this every ten seconds:


Jan  7 17:51:09 moa-dev-patroni1 patroni@13-main[10646]: 2022-01-07 
17:51:09,869 ERROR: Exception when working with leader
Jan  7 17:51:09 moa-dev-patroni1 patroni@13-main[10646]: Traceback (most recent 
call last):
Jan  7 17:51:09 moa-dev-patroni1 patroni@13-main[10646]:   File 
"/usr/lib/python3/dist-packages/patroni/postgresql/rewind.py", line 60, in 
check_leader_is_not_in_recovery
Jan  7 17:51:09 moa-dev-patroni1 patroni@13-main[10646]:     with 
get_connection_cursor(connect_timeout=3, options='-c statement_timeout=2000', 
**conn_kwargs) as cur:
Jan  7 17:51:09 moa-dev-patroni1 patroni@13-main[10646]:   File 
"/usr/lib/python3.8/contextlib.py", line 113, in __enter__
Jan  7 17:51:09 moa-dev-patroni1 patroni@13-main[10646]:     return 
next(self.gen)
Jan  7 17:51:09 moa-dev-patroni1 patroni@13-main[10646]:   File 
"/usr/lib/python3/dist-packages/patroni/postgresql/connection.py", line 44, in 
get_connection_cursor
Jan  7 17:51:09 moa-dev-patroni1 patroni@13-main[10646]:     conn = 
psycopg.connect(**kwargs)
Jan  7 17:51:09 moa-dev-patroni1 patroni@13-main[10646]:   File 
"/usr/lib/python3/dist-packages/psycopg2/__init__.py", line 127, in connect
Jan  7 17:51:09 moa-dev-patroni1 patroni@13-main[10646]:     conn = 
_connect(dsn, connection_factory=connection_factory, **kwasync)
Jan  7 17:51:09 moa-dev-patroni1 patroni@13-main[10646]: psycopg2.OperationalError: 
connection to server at "172.28.208.196", port 5432 failed: fe_sendauth: no 
password supplied


It looks like Patroni now wants to connect to other nodes as a superuser 
even when use_pg_rewind is false.



I haven't managed to find anywhere in the upstream Patroni documentation 
that says that running with no password on the superuser account should 
work, so I think this is probably an error in the comment in config.yml.in 
rather than a bug in Patroni itself.


--
Ben Harris, University of Cambridge Information Services.















    











					Reply via email to