[Puppet - Bug #3134] (Rejected) puppetmaster insists on TCP for postgresql password auth

Mon, 01 Feb 2010 11:23:28 -0800 

Issue #3134 has been updated by Markus Roberts.

Status changed from Unreviewed to Rejected

This appears to be a rails issue, not puppet; we just pass the configuration 
information through (renaming the parameters as follows (args being what rails 
sees)):

<pre>
            args[:host]     = Puppet[:dbserver] unless Puppet[:dbserver].empty?
            args[:username] = Puppet[:dbuser] unless Puppet[:dbuser].empty?
            args[:password] = Puppet[:dbpassword] unless 
Puppet[:dbpassword].empty?
            args[:database] = Puppet[:dbname]
            args[:reconnect]= true

            socket          = Puppet[:dbsocket]
            args[:socket]   = socket unless socket.empty?
</pre>

Looking at the rails documentation, it appears that the effect you want can be 
obtained by setting the path to the unix socket as the host (so dbserver, in 
puppet), with something like this:

<pre>
dbserver = /var/run/postgresql
</pre>

Note that this is all based on glancing at code and documentation; I'm not a 
rails expert.
----------------------------------------
Bug #3134: puppetmaster insists on TCP for postgresql password auth
http://projects.reductivelabs.com/issues/3134

Author: micah -
Status: Rejected
Priority: High
Assigned to: 
Category: 
Target version: 
Affected version: 0.25.4
Keywords: 
Branch: 


puppetmaster insists in using a TCP connection to the postgresql server instead 
of the UNIX socket. The postgresql library hardcodes "localhost" to use the 
UNIX socket and I have explicitely set dbserver to localhost.

This can be a security bug as typicaly remote TCP access requires a password 
for access, while local access via UNIX sockets does not require them (as its 
done based on user/permissions).

<pre>
Config excerpt:
| [puppetmasterd]
| templatedir=/var/lib/puppet/templates
| 
| storeconfigs = true
| thin_storeconfigs = true
| dbadapter = postgresql
| dbname = puppet
| dbserver = localhost
</pre>



-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://reductivelabs.com/redmine/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.

Reply via email to