Univention Bugzilla – Full Text Bug Listing |
Summary: | Make pg_hba.conf configurable through ucr variable | ||
---|---|---|---|
Product: | UCS | Reporter: | Jürn Brodersen <brodersen> |
Component: | PostgreSQL | Assignee: | Jannik Ahlers <ahlers> |
Status: | CLOSED FIXED | QA Contact: | Jürn Brodersen <brodersen> |
Severity: | normal | ||
Priority: | P5 | CC: | hahn, requate |
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.3-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: |
https://forge.univention.org/bugzilla/show_bug.cgi?id=47365 https://forge.univention.org/bugzilla/show_bug.cgi?id=31081 |
||
What kind of report is it?: | Feature Request | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Jürn Brodersen
2018-07-02 13:03:35 CEST
As discussed in team meeting, we should make it generic: postgres9.6/pg_hba/config/1="settingX abc def ghi" postgres9.6/pg_hba/config/2="settingY xyz" This would allow adding of arbitrary ordered lines. We have example code for this in /etc/univention/templates/files/etc/ssh/sshd_config . Successful build Package: univention-postgresql Version: 10.0.1-2A~4.3.0.201811131054 Branch: ucs_4.3-0 Scope: errata4.3-2 univention-postgresql.yaml e486e85118d5 | Bug #47276: yaml univention-postgresql (10.0.1-2) c7d4f65b577a | Bug #47276: Add ucr variable postgres9/pg_hba/config/* for additional configuration options in pg_hba.conf file I implemented the new ucr variable postgres9/pg_hba/config/.* which allows for additional configuration. These variables get inserted in alphabetical order of the variable name. It's very similar to Arvids example in sshd_config. I added an example to the ucr variable description. Package: univention-postgresql Version: 10.0.1-3A~4.3.0.201811261619 Branch: ucs_4.3-0 Scope: errata4.3-2 ucr set postgres9/pg_hba/config/06="host mydb administrator06 192.168.0.0/24 md5" -> OK ucr set postgres9/pg_hba/config/05="host mydb administrator05 192.168.0.0/24 md5" -> OK ucr set postgres9/pg_hba/config/07="host mydb administrator07 192.168.0.0/24 md5" -> OK ucr unset postgres9/pg_hba/config/06 -> OK YAML -> OK (In reply to Jannik Ahlers from comment #2) > I implemented the new ucr variable postgres9/pg_hba/config/.* which allows > for additional configuration. These variables get inserted in alphabetical > order of the variable name. if this is 'alphabetical', why is the prefix stripping limited to digits? sort(key=int) != sort(key=str) While at it maybe have a look at Bug #31081 and move at least the rule for user "postgres" from 99 to 00. The order of rules is relevant: The current mechanism can only be used to *append* rules "at the end" which have the *lowest* priority as they come after all rules shipped by packages. This may be desired, but should be documented clearly. The documentation is inconsistent: +++ b/services/univention-postgresql/debian/univention-postgresql.univention-config-registry-variables +Description[en]=Specifies additional configuration options for /etc/postgresql/9.6/main/pg_hba.conf. See `https://www.postgresql.org/docs/9.1/auth-pg-hba-conf.html` for details. 9.1 vs. 9.6 PS: conffiles/etc/cron.d/postgresql is defunc as those binaries no longer exist and PostgreSQL does automatic vacuum by default <https://www.postgresql.org/docs/9.1/runtime-config-autovacuum.html> |