chef - [chef] Broken "not_if" in "assign-postgres-password" in "recipes/server.rb" in "opscode-cookbooks/postgresql"

First login ?
Lost password ?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Broken "not_if" in "assign-postgres-password" in "recipes/server.rb" in "opscode-cookbooks/postgresql"

From: David Crane < >
To: " " < >
Subject: [chef] Broken "not_if" in "assign-postgres-password" in "recipes/server.rb" in "opscode-cookbooks/postgresql"
Date: Fri, 4 Jan 2013 19:02:04 -0500
Accept-language: en-US
Acceptlanguage: en-US

I've put a detailed explanation of the problem and my proposed fix at http://tickets.opscode.com/browse/COOK-2163.

I have already implemented my proposed fix in my forked cookbook. Just getting this out there to seek comments before I submit a pull request.

In short, It's merely a coincidence that "assign-postgres-password" has been succeeding. Every recipe[postgresql::server] run resets the password, regardless of whether or what password is currently set.

The coincidence is a counter-intuitive effect of the following pg_hba.conf authorization rules generated by a couple of attributes/default.rb settings:

# TYPE DATABASE USER CIDR-ADDRESS METHOD

local all postgres ident

host all all 127.0.0.1/32 md5

My proposal involves making the first of those authorizations permanently hard-coded in the pg_hba.conf.erb template.

David Crane

[chef] Broken "not_if" in "assign-postgres-password" in "recipes/server.rb" in "opscode-cookbooks/postgresql", David Crane, 01/04/2013