1146d5f296
The 8.0.0 version of the 'puppetlabs-postgresql'
module uses 'md5' as the default authentication
method. This value is hardcoded, making it impossible
to set dynamically during bootstrap. The newest
versions of 'puppetlabs-postgresql' have added a new
parameter to set the authorization method dynamically.
The proposed solution patches the current version
using the same parameter name as in the newer versions
to dynamically set the authorization method. This also
allows a future update of the 'puppetlabs-postgresql'
module to be done seamlessly.
Test Plan:
- PASS Fresh Install SX env
* Verify system status unlock/available
* Login as admin user in psql
(psql -U admin -h 127.0.0.1 -d sysinv)
* Check postgres authorization configuration
(SELECT * from pg_hba_file_rules;)
* Check postgres password encryption configuration
(SELECT rolname, rolpassword
FROM pg_authid WHERE rolpassword IS NOT NULL;).
- PASS Fresh Install DX env
* Verify system status unlock/available
* Login as admin user in psql
(psql -U admin -h 127.0.0.1 -d sysinv)
* Check postgres authorization configuration
(SELECT * from pg_hba_file_rules;)
* Check postgres password encryption configuration
(SELECT rolname, rolpassword
FROM pg_authid WHERE rolpassword IS NOT NULL;).
* Host swact to controller-1
* Login as admin user in psql
(psql -U admin -h 127.0.0.1 -d sysinv)
* Check postgres authorization configuration
(SELECT * from pg_hba_file_rules;)
* Check postgres password encryption configuration
(SELECT rolname, rolpassword
FROM pg_authid WHERE rolpassword IS NOT NULL;).
* collect logs (collect)
* verify '/var/extra/database/' content
- PASS Fresh Install DC env
* Verify system status unlock/available
* Check postgres authorization configuration
(SELECT * from pg_hba_file_rules;)
* Check postgres password encryption configuration
(SELECT rolname, rolpassword
FROM pg_authid WHERE rolpassword IS NOT NULL;).
- PASS Upgrade SX
- PASS Upgrade SX-rollback
- PASS Upgrade DX
- PASS Upgrade DX-rollback
Partial-bug: 2069842
Change-Id: I74fff1715bf362fe5f7952bf2175984dc6a68f68
Signed-off-by: Jorge Saffe <jorge.saffe@windriver.com>
31 lines
985 B
Diff
Executable File
31 lines
985 B
Diff
Executable File
From 7954a4416c5605803df8f570148f948195bac267 Mon Sep 17 00:00:00 2001
|
|
From: Jorge Saffe <jorge.saffe@windriver.com>
|
|
Date: Thu, 19 Sep 2024 22:18:43 +0200
|
|
Subject: [PATCH 6/6] Update Postgres Auth and Password Encryption
|
|
|
|
---
|
|
manifests/db/postgresql.pp | 7 ++++++-
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/manifests/db/postgresql.pp b/manifests/db/postgresql.pp
|
|
index a7ddedf..adadfb5 100644
|
|
--- a/manifests/db/postgresql.pp
|
|
+++ b/manifests/db/postgresql.pp
|
|
@@ -45,7 +45,12 @@ define openstacklib::db::postgresql (
|
|
in a future release. Use password instead')
|
|
$password_hash_real = $password_hash
|
|
} elsif $password != undef {
|
|
- $password_hash_real = postgresql::postgresql_password($user, $password)
|
|
+ $password_hash_real = postgresql::postgresql_password(
|
|
+ $user,
|
|
+ $password,
|
|
+ $password =~ Sensitive[String],
|
|
+ $postgresql::server::password_encryption,
|
|
+ )
|
|
} else {
|
|
fail('password should be set')
|
|
}
|
|
--
|
|
2.39.2
|
|
|