Ticket #1385 (closed enhancement: fixed)

Opened 3 years ago

Last modified 2 years ago

Resolve postgres permissions issues

Reported by: dread Owned by: dread
Priority: major Milestone:
Component: ckan Keywords:
Cc: [email protected] Repository: ckan
Theme: none

Description

Currently there is a problem because the docs guide us to set the sqlalchemy url to use 'localhost' i.e. loopback, whereas paster commands don't specify '-h localhost' so use unix sockets (you need to do 'sudo -u postgres'). These should be the same.

Also do we need to tell people to add a line to their postgres authentication config /etc/postgresql/8.4/main/pg_hba.conf to help things? Florian suggests:

local   std         std                          md5

/etc/postgresql/8.4/main/pg_hba.conf

Change History

comment:1 Changed 3 years ago by dread

Another change needed for this (via Florian):

diff -r 6f27828a4621 ckan/lib/cli.py
--- a/ckan/lib/cli.py	Wed Oct 12 11:10:32 2011 +0100
+++ b/ckan/lib/cli.py	Wed Oct 12 12:23:18 2011 +0100
@@ -132,7 +132,7 @@
         pg_cmd += ' -U %(db_user)s' % self.db_details
         if self.db_details.get('db_pass') not in (None, ''):
             pg_cmd = 'export PGPASSWORD=%(db_pass)s && ' % self.db_details + pg_cmd
-        if self.db_details.get('db_host') not in (None, '', 'localhost'):
+        if self.db_details.get('db_host') not in (None, ''):
             pg_cmd += ' -h %(db_host)s' % self.db_details
         if self.db_details.get('db_port') not in (None, ''):
             pg_cmd += ' -p %(db_port)s' % self.db_details

comment:2 Changed 2 years ago by dread

  • Status changed from new to closed
  • Resolution set to fixed

This patch has gone in (aimed for CKAN 1.5.2) [master 5b518e5].

Regarding setup to use unix sockets (as opposed to the loopback), I'm not keen, since it requires an extra step in editing the postgres config, for a barely noticeable performance improvement. Thanks for alerting us to it though, Florian.

Note: See TracTickets for help on using tickets.