WormBase / caltech-curation-services

Modular curation services for Caltech WormBase data
1 stars 0 forks source link

Update db config files #2

Closed valearna closed 2 years ago

valearna commented 2 years ago

We need to update postgresql.conf and pg_hba.conf to reflect tazendra's config. We could directly add the allowed IP addresses to pg_hba or inject them with a shell command to the mounted file before running the docker command.

valearna commented 2 years ago

Can you take a look at the config files @azurebrd?

azurebrd commented 2 years ago

Thanks @valearna I've confirmed the postgresql_tazendra.conf is the same as what postgres is using on tazendra, and added pg_hba_tazendra.conf I'd be fine with manually added the IPs, but good to know about the possibility of injecting, and I'm good with that too. I'll defer to what you think is best. I'm not sure whether we want to close this now, or wait until we know what IPs we want and add them, but I'm good with closing this ticket if you are.

valearna commented 2 years ago

Thanks @azurebrd. The postgresql config file that I'm using is postgresql.conf and not postgresql_tazendra.conf. There are some differences in timezone related options and I had to disable ssl, but we could set it up if needed. It seems that ssl is used only for username based access and thus we can ignore it, is this right?

azurebrd commented 2 years ago

Thanks @valearna .
I don't recall why there are ssl cert files. What you said about username logins make sense. We wouldn't want user-based login because we'd be IP-restricting and allowing any access without password ? This is on tazendra, I don't know what it's for : unix_socket_directories = '/var/run/postgresql' This is on the new one, also don't know what it's for, but posix makes sense ? dynamic_shared_memory_type = posix Also don't know about min/max _wal_size I'll stop looking at stuff, what you said about trying to run it and debugging sounds good.

valearna commented 2 years ago

Added trusted IP addresses from tazendra and deployed the stack on cervino. @azurebrd can you confirm that you can connect to the db on cervino.caltech.edu, port 5432, user postgres from tazendra or mangolassi? I tried to connect from textpressocentral and it worked. Also, I can't connect from home, so the access list works as expected.

azurebrd commented 2 years ago

psql -h cervino.caltech.edu postgres -U postgres works from tazendra and mangolassi, thanks @valearna

valearna commented 2 years ago

Thanks @azurebrd!