search

earthobservations / luftdatenpumpe

Acquire and process live and historical air quality data without efforts. Filter by station-id, sensor-id and sensor-type, apply reverse geocoding, store into time-series and RDBMS databases, publish to MQTT, output as JSON, or visualize in Grafana. Data sources: Sensor.Community (luftdaten.info), IRCELINE, and OpenAQ.
https://luftdatenpumpe.readthedocs.io/
GNU Affero General Public License v3.0
34 stars 3 forks source link

Connecting to PostGIS without password vs. "trust"-based authentication #45

Closed ohobby closed 1 year ago

ohobby commented 1 year ago

Hi,

something are changes at postgres (or at debian 11 where i try to install the luftdatenpumpe), it is not possible to use the user luftdatenpumpe without password for the import.

https://github.com/earthobservations/luftdatenpumpe/blob/main/doc/setup/ldview-databases.rst

Regards, Oliver

amotl commented 1 year ago

Hi Oliver,

thank you for reporting this. Can you describe at which command an error is happening, and what the error output is?

Are you able to connect to PostgreSQL using this command, maybe after running su - postgres?

psql -U luftdatenpumpe -h localhost -d weatherbase

Note that, I've just removed the following section from the documentation. Maybe it was important, and should be brought back?

Sometimes, for example when working with Docker, adding options where PostGIS can be found, is sensible. Example:

export PGHOST=localhost
export PGUSER=postgres

With kind regards, Andreas.

amotl commented 1 year ago

Please note that we've configured our PostgreSQL instance to trust connections from localhost, and other local connections, to ease accessibility in testing and sandbox situations, and probably also on the server.

Please recognize that this may weaken the security a bit, so we are also happy to hear about any suggestions for improvements in this area. We will be happy to receive corresponding patches to the code base or documentation.

Relating to this directive within the Luftdaten-Viewer Databases documentation, ...

CREATE ROLE luftdatenpumpe WITH LOGIN;

... it should be possible to specify a password there, by using such a directive instead:

CREATE ROLE luftdatenpumpe WITH LOGIN PASSWORD 'YOUR_SECRET_PASSWORD';

... and then use the connection URI postgresql://luftdatenpumpe:YOUR_SECRET_PASSWORD@localhost/weatherbase in subsequent steps. Please let us know if you think adjusting the documentation correspondingly would be an improvement on this matter.

ohobby commented 1 year ago

Hi Andreas,

i have now also trust the localhost connections. I open this issue, for possible clarified this in the documentation for other new users.

Thanks, Oliver

amotl commented 1 year ago

All right, thank you. Let's keep this open as a reminder to improve the documentation further.

amotl commented 1 year ago

Hi Oliver,

documentation on this matter will be improved with ae715990d93. Let me know, and eventually re-open, if you think this issue needs further actions.

With kind regards, Andreas.