I was looking through the ambari-server postgres setup because we're having occasional issues with postgresql initdb failing. That's kind of tangential, but I found something that concerns me that I'd like some feedback on. Afaict, it sets up postgres to:
1. Listen for traffic from anywhere 2. Accept connections from anywhere (using a password, at least) Is there any reason to set up this broad access? I thought that only the ambari-server processes used postgres directly, so it should be locked down to local connections only. I can't think of any reason you'd need to allow remote access. The agents should do everything through the agent API. Let me know if there's a legitimate reason for this that I'm unaware of. Greg