[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] trying to bootstrap database on Mac "Cannot bootstrap
From: |
Jim Busser |
Subject: |
Re: [Gnumed-devel] trying to bootstrap database on Mac "Cannot bootstrap bundles." |
Date: |
Mon, 05 Jul 2010 12:35:46 -0700 |
On 2010-07-01, at 12:05 AM, Karsten Hilbert wrote:
>> alter the pg_hba.conf file, which had very few lines in it, and into which I
>> inserted (hopefully at a suitable place) the "local samegroup ..." line:
>>
>> *************************************************
>> # allow anyone knowing the proper password to
>> # log into our GNUmed databases
>> local samegroup +gm-logins md5
>>
>> # TYPE DATABASE USER CIDR-ADDRESS METHOD
>>
>> # "local" is for Unix domain socket connections only
>> local all all md5
>
> The place is suitable (that is, before the catch-all "local
> all all" phrase) but OTOH the catch all was non-dangerously
> suitable as well already:
>
> It allowed anyone (all-2) to connect to any database (all-1)
> via UNIX domain sockets (local) if they knew the appropriate
> password (md5).
>
> It would have been problematic if it had had "ident" rather
> than "md5" because that would have required the PG account
> "any-doc" to exist in the system as well (be IDENTical).
>
> But the line you added does not hurt either and also
> documents an explicit security decision.
>
> For bootstrapping, however, it isn't even necessary :-)
I *think* the newest bootstrapper as recently checked-in (to master) --
supplemented by my uncommenting prompts for postgres password -- works even
despite letting the downloaded master.tgz reside in user space (and not, as
Sebastian previously found necessary, to copy it to /tmp/).
However, in regard to the need (or lack of need) for
local samegroup +gm-logins md5
which was missing from my freshly-reinstalled postgres, the bottom of the
bootstrap log yielded the following, in which it seemed to look for
regex: local.*samegroup.*\+gm-logins
making me wonder...was that just for information, or are the warnings relevant?
********************************
2010-07-05 12:03:30 INFO gm.bootstrapper
(./bootstrap_gm_db_system.py::connect() #245): trying DB connection to
gnumed_v14 on localhost as postgres
2010-07-05 12:03:30 DEBUG gm.db
(/Users/djb/Downloads/gnumed-gnumed/gnumed/gnumed/Gnumed/pycommon/gmPG2.py::get_raw_connection()
#1204): new database connection, backend PID: 21975, readonly: False
2010-07-05 12:03:30 DEBUG gm.db
(/Users/djb/Downloads/gnumed-gnumed/gnumed/gnumed/Gnumed/pycommon/gmPG2.py::get_raw_connection()
#1241): access mode [READ WRITE]
2010-07-05 12:03:30 DEBUG gm.db
(/Users/djb/Downloads/gnumed-gnumed/gnumed/gnumed/Gnumed/pycommon/gmPG2.py::get_connection()
#1304): client string encoding [UTF8], isolation level [serializable], time
zone [America/Dawson], datestyle [ISO], sql_inheritance [ON]
2010-07-05 12:03:30 INFO gm.bootstrapper
(./bootstrap_gm_db_system.py::connect() #256): successfully connected
2010-07-05 12:03:30 INFO gm.bootstrapper
(./bootstrap_gm_db_system.py::check_holy_auth_line() #893): hba file:
/Library/PostgreSQL/8.4/data/pg_hba.conf
2010-07-05 12:03:30 INFO gm.bootstrapper
(./bootstrap_gm_db_system.py::check_holy_auth_line() #912): did not find
standard GNUmed authentication directive in pg_hba.conf
2010-07-05 12:03:30 INFO gm.bootstrapper
(./bootstrap_gm_db_system.py::check_holy_auth_line() #913): regex:
local.*samegroup.*\+gm-logins
2010-07-05 12:03:30 WARNING gm.bootstrapper
(./bootstrap_gm_db_system.py::main() #1470): open connection detected:
database.__connect_owner_to_db via database.__connect_superuser_to_db
2010-07-05 12:03:30 WARNING gm.bootstrapper
(./bootstrap_gm_db_system.py::main() #1471): <connection object at 0x1013a7260;
dsn: 'dbname=gnumed_v14 port=5432 user=postgres password=xxxxxxxx
sslmode=prefer', closed: 0>
2010-07-05 12:03:30 WARNING gm.bootstrapper
(./bootstrap_gm_db_system.py::main() #1472): closing connection
2010-07-05 12:03:30 INFO gm.bootstrapper
(./bootstrap_gm_db_system.py::main() #1475): shutdown
-- Jim