Uploaded image for project: 'Puppet Enterprise'
  1. Puppet Enterprise
  2. ENTERPRISE-749

Unable to restrict access on pg_hba.conf for pe_postgresql

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • PE 3.8.1
    • None
    • None

    Description

      Want to restrict access to pre-installed postgresql in pg_hba.conf.

      class { 'pe_postgresql::globals': 
      user => 'pe-postgres', 
      group => 'pe-postgres', 
      pg_hba_conf_path => '/opt/puppet/var/lib/pgsql/9.2/data/pg_hba.conf', 
      }
      		 
       
      		 
      pe_postgresql::server::pg_hba_rule { 'local access as postgres user': 
      type => 'local', 
      database => 'all', 
      user => 'pe-postgres', 
      auth_method => 'ident', 
      order => '001', 
      }

      With the above manifest, we are getting the error below:

      Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid relationship: File[/var/opt/lib/pe-puppet/pe_concat//fragments/001_pg_hba_rule_local access as postgres user] { notify => Exec[pe_concat_] }, because Exec[pe_concat_] doesn't seem to be in the catalog

      We have added the "target" attribute to "pe_postgresql::server::pg_hba_rule" as this is required in the manifest:

      class { 'pe_postgresql::globals': 
      user => 'pe-postgres', 
      group => 'pe-postgres', 
      pg_hba_conf_path => '/opt/puppet/var/lib/pgsql/9.2/data/pg_hba.conf', 
      }
      		 
       
      		 
      pe_postgresql::server::pg_hba_rule { 'local access as postgres user': 
      target => '/opt/puppet/var/lib/pgsql/9.2/data/pg_hba.conf', 
      type => 'local', 
      database => 'all', 
      user => 'pe-postgres', 
      auth_method => 'ident', 
      order => '001', 
      }

      And it returns this error:

      Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid relationship: File[/var/opt/lib/pe-puppet/pe_concat/_opt_puppet_var_lib_pgsql_9.2_data_pg_hba.conf/fragments/001_pg_hba_rule_local access as postgres user] { notify => Exec[pe_concat_/opt/puppet/var/lib/pgsql/9.2/data/pg_hba.conf] }, because Exec[pe_concat_/opt/puppet/var/lib/pgsql/9.2/data/pg_hba.conf] doesn't seem to be in the catalog

      Adding the "target" attribute does not help to resolve the error but able to get the exec to call concat on the right path. However, it seems unable to find the exec resource.

      Attachments

        Issue Links

          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. MODULES-2321 PostgreSQL Module - pg_hba_rule defined type should be usable without managing a postgresql instance

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              cj.toolseram CJ Toolseram [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support