From 168be1b75da0e9f90d72c3eed678123d9b9909de Mon Sep 17 00:00:00 2001 From: dragarcia Date: Tue, 17 Aug 2021 18:25:18 +0800 Subject: [PATCH 1/2] chore: bump postgres and pgbouncer - #67 #68 --- ansible/vars.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 614f595c6..7d15eb3bb 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -1,12 +1,12 @@ supabase_internal: true postgresql_major: "13" -postgresql_release: "13.3" -postgresql_release_checksum: sha1:aeb645988b1ec9ffbb2fc0a49d9055d3ab17affa +postgresql_release: "13.4" +postgresql_release_checksum: sha1:100ab62f9ef5dbd90f83c5da284e24ab0070ddb4 # Non Postgres Extensions -pgbouncer_release: "1.15.0" -pgbouncer_release_checksum: sha1:ea7e9dbcab178f439a0fa402a78a7f1e4f43e6d4 +pgbouncer_release: "1.16.0" +pgbouncer_release_checksum: sha1:7d4b7e1110387df2245b22de3168884fdc8092c4 postgrest_arm_release: 2021-03-05-19-03-d3a8b5f-ubuntu-aarch64 postgrest_arm_release_checksum: sha1:b9e9b06ead7230b75033e8ae17912714bf463a33 From e1611f690ab03a85a63b662f63115c396848f6cd Mon Sep 17 00:00:00 2001 From: dragarcia Date: Tue, 17 Aug 2021 18:26:09 +0800 Subject: [PATCH 2/2] chore: #65 sha-scram-256 encryption --- ansible/files/pgbouncer_config/pgbouncer.ini.j2 | 2 +- ansible/files/postgresql_config/pg_hba.conf.j2 | 4 ++-- ansible/files/postgresql_config/postgresql.conf.j2 | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/files/pgbouncer_config/pgbouncer.ini.j2 b/ansible/files/pgbouncer_config/pgbouncer.ini.j2 index c0c5dd0f6..6ebce5ca6 100644 --- a/ansible/files/pgbouncer_config/pgbouncer.ini.j2 +++ b/ansible/files/pgbouncer_config/pgbouncer.ini.j2 @@ -113,7 +113,7 @@ unix_socket_dir = /tmp ;;; ;; any, trust, plain, md5, cert, hba, pam -auth_type = md5 +auth_type = scram-sha-256 auth_file = /etc/pgbouncer/userlist.txt ;; Path to HBA-style auth config diff --git a/ansible/files/postgresql_config/pg_hba.conf.j2 b/ansible/files/postgresql_config/pg_hba.conf.j2 index 1e4c86604..17b8d7c15 100755 --- a/ansible/files/postgresql_config/pg_hba.conf.j2 +++ b/ansible/files/postgresql_config/pg_hba.conf.j2 @@ -84,11 +84,11 @@ local all all peer # IPv4 local connections: host all all 127.0.0.1/32 trust # IPv6 local connections: -host all all ::1/128 md5 +host all all ::1/128 scram-sha-256 # Local root Unix user, passwordless access local all postgres peer map=root_as_postgres # IPv4 external connections -host all all 0.0.0.0/0 md5 +host all all 0.0.0.0/0 scram-sha-256 # MD5 hashed password hosts diff --git a/ansible/files/postgresql_config/postgresql.conf.j2 b/ansible/files/postgresql_config/postgresql.conf.j2 index 8b4fec8e2..e15022dbb 100644 --- a/ansible/files/postgresql_config/postgresql.conf.j2 +++ b/ansible/files/postgresql_config/postgresql.conf.j2 @@ -92,7 +92,7 @@ listen_addresses = '*' # what IP address(es) to listen on; # - Authentication - authentication_timeout = 1min # 1s-600s -password_encryption = md5 # scram-sha-256 or md5 +password_encryption = scram-sha-256 # scram-sha-256 or md5 db_user_namespace = off # GSSAPI using Kerberos