Use environment instead of pgpass file #6328
Conversation
| File.delete(PGPASS_FILE) if opts[:password] | ||
| AwesomeSpawn.run!(cmd_str, :params => params, :env => { | ||
| "PGUSER" => opts[:username], | ||
| "PGPASSWORD" => opts[:password]}).output |
There was a problem hiding this comment.
I see we aren't using the opts[:dbname], will this work if the dbname for the cmd_str is ambiguous?
There was a problem hiding this comment.
Before:
The command line arguments (cmd_str and params) needs to specify the username and dbname.
The dbname in .pgpass helps libpg determine which password to use.
After:
The command line still needs to specify the username and database name.
The environment variables helps libpg determine which password to use.
It looks like PGUSER will not be read because we are specifying the username on the command line.
We could specify PGDATABASE, but it would not be read because we are specifying that too on the command line.
@jrafanie Those 2 fields are redundant. I can:
- add
PGDATABASE - remove
PGUSER - OR leave as is
I'm more than happy with any of those 3 solutions.
There was a problem hiding this comment.
I'd suggest we change the callers to do the right thing if we're not... specify everything we need to specific. I believe it's isolated to just a handful of locations. I don't remember if there was a reason I did a pgpass file instead of environment variables.
Either way, if you are able to do a backup and restore from an appliance using your changes, I think we can fix the fallout in the future.
There was a problem hiding this comment.
I'm leaning towards option 3.
kbrock
changed the title
kbrock
force-pushed
the
pgpass_be_gone
branch
from
428b8b1
to
1164ec7
Compare
kbrock
force-pushed
the
pgpass_be_gone
branch
from
1164ec7
to
bbcb0cf
Compare
kbrock
changed the title
|
@gtanzillo please review |
|
@jrafanie I'm not sure what you wanted to do here. Remove the |
To clarify, if you can run these rake tasks on an appliance, I'm fine with the changes. These should cover the use cases I was concerned about: The backup/restore args are documented in the rake task here If you have ideas on how to unit test these, I'm all 👂 |
|
<pr_mergeability_checker />This pull request is not mergeable. Please rebase and repush. |
|
@kbrock any interest in completing this? |
|
Thanks - I'll test the rake tasks here and rebase |
|
@kbrock can you please rebase? |
|
<pr_mergeability_checker />This pull request is not mergeable. Please rebase and repush. |
|
@jrafanie so I started digging into this
I can't figure out how to even get a password into the system to backup the database. Since most appliances are setup to trust, this problem is not evident. So we have a few options:
|
kbrock
changed the title
|
WIPing: this functionality is never used. no password can be passed in |
- no potential conflicts - not writing passwords to text files - no longer tied to root user - now works on mac - less code
kbrock
changed the title
|
@jrafanie let me know if your now good with this. |
|
Checked commits kbrock/manageiq@0dcef4f~...2a1402b with ruby 2.2.5, rubocop 0.37.2, and haml-lint 0.16.1 |
|
@jrafanie I did the following on a mac:
|
|
Looks good 👍 |
blocked on: ManageIQ/awesome_spawn#34.pgpassfile./cc @Fryguy @jrafanie @carbonin
@Fryguy
would it be ok to release awesome_spawn? feature was added there in AugustTHANKSUPDATE: allow passwords to be specified and database dumps to work. Added testing instructions below