Ticket #1385 (closed enhancement: fixed)
Resolve postgres permissions issues
| Reported by: | dread | Owned by: | dread |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | ckan | Keywords: | |
| Cc: | florian.marienfeld@… | Repository: | ckan |
| Theme: | none |
Description
Currently there is a problem because the docs guide us to set the sqlalchemy url to use 'localhost' i.e. loopback, whereas paster commands don't specify '-h localhost' so use unix sockets (you need to do 'sudo -u postgres'). These should be the same.
Also do we need to tell people to add a line to their postgres authentication config /etc/postgresql/8.4/main/pg_hba.conf to help things? Florian suggests:
local std std md5
/etc/postgresql/8.4/main/pg_hba.conf
Change History
comment:2 Changed 2 years ago by dread
- Status changed from new to closed
- Resolution set to fixed
This patch has gone in (aimed for CKAN 1.5.2) [master 5b518e5].
Regarding setup to use unix sockets (as opposed to the loopback), I'm not keen, since it requires an extra step in editing the postgres config, for a barely noticeable performance improvement. Thanks for alerting us to it though, Florian.
Another change needed for this (via Florian):
diff -r 6f27828a4621 ckan/lib/cli.py --- a/ckan/lib/cli.py Wed Oct 12 11:10:32 2011 +0100 +++ b/ckan/lib/cli.py Wed Oct 12 12:23:18 2011 +0100 @@ -132,7 +132,7 @@ pg_cmd += ' -U %(db_user)s' % self.db_details if self.db_details.get('db_pass') not in (None, ''): pg_cmd = 'export PGPASSWORD=%(db_pass)s && ' % self.db_details + pg_cmd - if self.db_details.get('db_host') not in (None, '', 'localhost'): + if self.db_details.get('db_host') not in (None, ''): pg_cmd += ' -h %(db_host)s' % self.db_details if self.db_details.get('db_port') not in (None, ''): pg_cmd += ' -p %(db_port)s' % self.db_details