Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

patroni.yml.j2 auth method hard coded to md5 #389

Closed
chuegel opened this issue Jul 2, 2023 · 2 comments
Closed

patroni.yml.j2 auth method hard coded to md5 #389

chuegel opened this issue Jul 2, 2023 · 2 comments
Labels
wontfix This will not be worked on

Comments

@chuegel
Copy link
Contributor

chuegel commented Jul 2, 2023

First of all thank you for this awesome playbook.

We successfully deployed patroni to a 3 node test cluster and noticed that in the /etc/patroni/patroni.yml file the pg_hba section is referencing md5 as auth type.
The file is created from roles/patroni/templates/patroni.yml.j2

.
.
  pg_hba:  # Add following lines to pg_hba.conf after running 'initdb'
    - host replication {{ patroni_replication_username }} 127.0.0.1/32 md5
    - host all all 0.0.0.0/0 md5
.
.

shouldn't this use the auth method defined in vars/main.yml postgresql_password_encryption_algorithm ?

like

.
.
  pg_hba:  # Add following lines to pg_hba.conf after running 'initdb'
    - host replication {{ patroni_replication_username }} 127.0.0.1/32 {{ postgresql_password_encryption_algorithm }}
    - host all all 0.0.0.0/0 {{ postgresql_password_encryption_algorithm }}
.
.
@vitabaks
Copy link
Owner

vitabaks commented Jul 2, 2023
edited

In fact, this configuration section is accessible only during initdb and then we configure the pghba file using ansible.

But I agree with you that it is necessary to define a variable here. feel free to create a PR or I'll do it myself a little later.

@vitabaks vitabaks added the wontfix This will not be worked on label Jul 2, 2023
vitabaks added a commit that referenced this issue Jul 6, 2023
@vitabaks
Patroni: Replace md5 with postgresql_password_encryption_algorithm in…
28c0878 
… pg_hba.conf section

This commit updates the pg_hba.conf file during the initdb process. The modification involves replacing the md5 password encryption algorithm with a dynamic variable, {{ postgresql_password_encryption_algorithm }}, which allows for flexible and secure password encryption.

Note that this configuration change is specific to the initdb process and is typically managed through automation tools like Ansible.

Issue #389
@vitabaks vitabaks mentioned this issue Jul 6, 2023
Merged
vitabaks added a commit that referenced this issue Jul 6, 2023
@vitabaks
Patroni: Replace md5 with postgresql_password_encryption_algorithm in…
c5d96ca 
… pg_hba.conf section (#398)

This commit updates the pg_hba.conf file during the initdb process. The modification involves replacing the md5 password encryption algorithm with a dynamic, {{ postgresql_password_encryption_algorithm }}, which allows for flexible and secure password encryption.

Note that this configuration change applies only to the initdb process and further pg_hba.conf is managed using Ansible.

Issue #389
@vitabaks
Copy link
Owner

vitabaks commented Jul 6, 2023

Done #398

@vitabaks vitabaks closed this as completed Jul 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chuegel @vitabaks