Uploaded image for project: 'Puppet Enterprise'
  1. Puppet Enterprise
  2. ENTERPRISE-749

Unable to restrict access on pg_hba.conf for pe_postgresql

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • PE 3.8.1
    • None
    • None

    Description

      Want to restrict access to pre-installed postgresql in pg_hba.conf.

      class { 'pe_postgresql::globals': 
      user => 'pe-postgres', 
      group => 'pe-postgres', 
      pg_hba_conf_path => '/opt/puppet/var/lib/pgsql/9.2/data/pg_hba.conf', 
      }
       
      pe_postgresql::server::pg_hba_rule { 'local access as postgres user': 
      type => 'local', 
      database => 'all', 
      user => 'pe-postgres', 
      auth_method => 'ident', 
      order => '001', 
      } 
      

      With the above manifest, we are getting the error below:

      Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid relationship: File[/var/opt/lib/pe-puppet/pe_concat//fragments/001_pg_hba_rule_local access as postgres user] { notify => Exec[pe_concat_] }, because Exec[pe_concat_] doesn't seem to be in the catalog 
      

      We have added the "target" attribute to "pe_postgresql::server::pg_hba_rule" as this is required in the manifest:

      class { 'pe_postgresql::globals': 
      user => 'pe-postgres', 
      group => 'pe-postgres', 
      pg_hba_conf_path => '/opt/puppet/var/lib/pgsql/9.2/data/pg_hba.conf', 
      }
       
      pe_postgresql::server::pg_hba_rule { 'local access as postgres user': 
      target => '/opt/puppet/var/lib/pgsql/9.2/data/pg_hba.conf', 
      type => 'local', 
      database => 'all', 
      user => 'pe-postgres', 
      auth_method => 'ident', 
      order => '001', 
      } 
      

      And it returns this error:

      Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid relationship: File[/var/opt/lib/pe-puppet/pe_concat/_opt_puppet_var_lib_pgsql_9.2_data_pg_hba.conf/fragments/001_pg_hba_rule_local access as postgres user] { notify => Exec[pe_concat_/opt/puppet/var/lib/pgsql/9.2/data/pg_hba.conf] }, because Exec[pe_concat_/opt/puppet/var/lib/pgsql/9.2/data/pg_hba.conf] doesn't seem to be in the catalog
      

      Adding the "target" attribute does not help to resolve the error but able to get the exec to call concat on the right path. However, it seems unable to find the exec resource.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              jirauser17110 user-09a28 (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support