-
Notifications
You must be signed in to change notification settings - Fork 900
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use environment instead of pgpass file #6328
Conversation
File.delete(PGPASS_FILE) if opts[:password] | ||
AwesomeSpawn.run!(cmd_str, :params => params, :env => { | ||
"PGUSER" => opts[:username], | ||
"PGPASSWORD" => opts[:password]}).output |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this works, 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see we aren't using the opts[:dbname]
, will this work if the dbname for the cmd_str
is ambiguous?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Before:
The command line arguments (cmd_str
and params
) needs to specify the username and dbname.
The dbname
in .pgpass
helps libpg
determine which password to use.
After:
The command line still needs to specify the username and database name.
The environment variables helps libpg
determine which password to use.
It looks like PGUSER
will not be read because we are specifying the username on the command line.
We could specify PGDATABASE
, but it would not be read because we are specifying that too on the command line.
@jrafanie Those 2 fields are redundant. I can:
- add
PGDATABASE
- remove
PGUSER
- OR leave as is
I'm more than happy with any of those 3 solutions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest we change the callers to do the right thing if we're not... specify everything we need to specific. I believe it's isolated to just a handful of locations. I don't remember if there was a reason I did a pgpass file instead of environment variables.
Either way, if you are able to do a backup and restore from an appliance using your changes, I think we can fix the fallout in the future.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm leaning towards option 3.
428b8b1
to
1164ec7
Compare
1164ec7
to
bbcb0cf
Compare
@gtanzillo please review |
@jrafanie I'm not sure what you wanted to do here. Remove the |
To clarify, if you can run these rake tasks on an appliance, I'm fine with the changes. These should cover the use cases I was concerned about:
The backup/restore args are documented in the rake task here If you have ideas on how to unit test these, I'm all 👂 |
<pr_mergeability_checker />This pull request is not mergeable. Please rebase and repush. |
@kbrock any interest in completing this? |
Thanks - I'll test the rake tasks here and rebase |
@kbrock can you please rebase? |
<pr_mergeability_checker />This pull request is not mergeable. Please rebase and repush. |
@jrafanie so I started digging into this
I can't figure out how to even get a password into the system to backup the database. Since most appliances are setup to trust, this problem is not evident. So we have a few options:
|
WIPing: this functionality is never used. no password can be passed in |
- no potential conflicts - not writing passwords to text files - no longer tied to root user - now works on mac - less code
@jrafanie let me know if your now good with this. |
Checked commits kbrock/manageiq@0dcef4f~...2a1402b with ruby 2.2.5, rubocop 0.37.2, and haml-lint 0.16.1 |
@jrafanie I did the following on a mac:
|
Looks good 👍 |
blocked on: ManageIQ/awesome_spawn#34.pgpass
file./cc @Fryguy @jrafanie @carbonin
@Fryguy
would it be ok to release awesome_spawn? feature was added there in AugustTHANKSUPDATE: allow passwords to be specified and database dumps to work. Added testing instructions below