[postgresql] Changing superuser creds via `hab apply` doesn't change the admin's password

OkJaybird commented 6 years ago

I'm trying to understand a way to use the core/postgresql service in a more secure way. I'm able to change the superuser password via hab apply and see it reflected in the config files Habitat regenerates, but the password doesn't actually change as far as connecting to postgres is concerned.

Steps to reproduce:

# pass.toml file
[superuser]
password = 'test'

# Load service
hab svc load core/postgresql

# Change superuser password to 'test'
hab apply postgresql.default 2 pass.toml

Trying to connect using the new password doesn't work, but admin still works.

$ psql postgresql://admin:test@localhost:5432/postgres
psql: FATAL:  password authentication failed for user "admin"

$ psql postgresql://admin:admin@localhost:5432/postgres
psql (10.4, server 9.6.8)
Type "help" for help.

postgres=# \q

Expected behavior:

I should be able to login with credentials admin/test and unable to login with admin/admin.

Also, if there are other ways to get a more secure password out of the box without ever needing to create superuser creds that are admin/admin, I'd love to see an example if someone has one. Ideally, secure random creds could be generated on the fly during init, etc.

Additional info:

hab-studio version 0.59.0/20180712161521 (Mac OS)
hab version 0.59.0/20180712162348
Debug output demonstrating configs changing below

[2][default:/src:0]# RUST_LOG=debug RUST_BACKTRACE=1 hab svc load core/postgresql && sup-log
DEBUG 2018-07-14T16:51:45Z: habitat_common::ui: UI { shell: Shell { input: InputStream { isatty: true }, out: OutputStream { coloring: Auto, isatty: true, is_colored(): true, supports_color(): true }, err: OutputStream { coloring: Auto, isatty: true, is_colored(): true, supports_color(): true } } }
DEBUG 2018-07-14T16:51:45Z: hab: clap cli args: ["hab", "svc", "load", "core/postgresql"]
DEBUG 2018-07-14T16:51:45Z: hab: remaining cli args: []
DEBUG 2018-07-14T16:51:45Z: hab::config: No CLI config found, loading defaults
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: loop process - 1 events, 0.000s
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: loop process - 1 events, 0.006s
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: loop process - 1 events, 0.000s
» Installing core/postgresql
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: loop process - 1 events, 0.000s
☁ Determining latest version of core/postgresql in the 'stable' channel
DEBUG 2018-07-14T16:51:45Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:47Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/postgresql/9.6.8/20180711204049
DEBUG 2018-07-14T16:51:47Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:48Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/acl/2.2.52/20180608091922
DEBUG 2018-07-14T16:51:48Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:48Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/attr/2.4.47/20180608091914
DEBUG 2018-07-14T16:51:48Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:48Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/bash/4.4.19/20180608092913
DEBUG 2018-07-14T16:51:48Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:48Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/bzip2/1.0.6/20180608091727
DEBUG 2018-07-14T16:51:48Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:48Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/cacerts/2018.03.07/20180608102212
DEBUG 2018-07-14T16:51:48Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:48Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/coreutils/8.29/20180608092141
DEBUG 2018-07-14T16:51:48Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:49Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/db/5.3.28/20180608094030
DEBUG 2018-07-14T16:51:49Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:49Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/gcc-libs/7.3.0/20180608091701
DEBUG 2018-07-14T16:51:49Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:51Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/gdal/2.2.1/20180608161339
DEBUG 2018-07-14T16:51:51Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:52Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/gdbm/1.14.1/20180608094002
DEBUG 2018-07-14T16:51:52Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:52Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/geos/3.6.2/20180608160941
DEBUG 2018-07-14T16:51:52Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:53Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/glibc/2.27/20180608041157
DEBUG 2018-07-14T16:51:53Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:54Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/gmp/6.1.2/20180608051426
DEBUG 2018-07-14T16:51:54Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:54Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/less/530/20180608094202
DEBUG 2018-07-14T16:51:54Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:54Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/libcap/2.25/20180608091936
DEBUG 2018-07-14T16:51:54Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:54Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/libossp-uuid/1.6.2/20180608160933
DEBUG 2018-07-14T16:51:54Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:54Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/libxml2/2.9.6/20180608141053
DEBUG 2018-07-14T16:51:54Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:54Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/linux-headers/4.15.9/20180608041107
DEBUG 2018-07-14T16:51:54Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:54Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/ncurses/6.1/20180608091810
DEBUG 2018-07-14T16:51:54Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:55Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/openssl/1.0.2n/20180608102213
DEBUG 2018-07-14T16:51:55Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:55Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/pcre/8.41/20180608092740
DEBUG 2018-07-14T16:51:55Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/perl/5.26.1/20180608094208
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/proj/4.9.3/20180608161305
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/readline/7.0.3/20180608092900
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: loop process - 1 events, 0.000s
☛ Verifying core/zlib/1.2.11/20180608050617
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/acl/2.2.52/20180608091922
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/attr/2.4.47/20180608091914
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/bash/4.4.19/20180608092913
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/bzip2/1.0.6/20180608091727
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/cacerts/2018.03.07/20180608102212
DEBUG 2018-07-14T16:51:57Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:58Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/coreutils/8.29/20180608092141
DEBUG 2018-07-14T16:51:58Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:58Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/db/5.3.28/20180608094030
DEBUG 2018-07-14T16:51:58Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:51:59Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/gcc-libs/7.3.0/20180608091701
DEBUG 2018-07-14T16:51:59Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:00Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/gdal/2.2.1/20180608161339
DEBUG 2018-07-14T16:52:00Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:00Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/gdbm/1.14.1/20180608094002
DEBUG 2018-07-14T16:52:00Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:01Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/geos/3.6.2/20180608160941
DEBUG 2018-07-14T16:52:01Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:02Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/glibc/2.27/20180608041157
DEBUG 2018-07-14T16:52:02Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:02Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/gmp/6.1.2/20180608051426
DEBUG 2018-07-14T16:52:02Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:02Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/less/530/20180608094202
DEBUG 2018-07-14T16:52:02Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:03Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/libcap/2.25/20180608091936
DEBUG 2018-07-14T16:52:03Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:03Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/libossp-uuid/1.6.2/20180608160933
DEBUG 2018-07-14T16:52:03Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:03Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/libxml2/2.9.6/20180608141053
DEBUG 2018-07-14T16:52:03Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:03Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/linux-headers/4.15.9/20180608041107
DEBUG 2018-07-14T16:52:03Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:03Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/ncurses/6.1/20180608091810
DEBUG 2018-07-14T16:52:03Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:04Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/openssl/1.0.2n/20180608102213
DEBUG 2018-07-14T16:52:04Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:04Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/pcre/8.41/20180608092740
DEBUG 2018-07-14T16:52:04Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:05Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/perl/5.26.1/20180608094208
DEBUG 2018-07-14T16:52:05Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:05Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/proj/4.9.3/20180608161305
DEBUG 2018-07-14T16:52:05Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:05Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/readline/7.0.3/20180608092900
DEBUG 2018-07-14T16:52:05Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:05Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/zlib/1.2.11/20180608050617
DEBUG 2018-07-14T16:52:05Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:07Z: tokio::reactor: loop process - 1 events, 0.000s
DEBUG 2018-07-14T16:52:07Z: tokio::reactor: loop process - 1 events, 0.000s
✓ Installed core/postgresql/9.6.8/20180711204049
★ Install of core/postgresql/9.6.8/20180711204049 complete with 26 new packages installed.
DEBUG 2018-07-14T16:52:07Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:07Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:07Z: tokio::reactor: loop process - 1 events, 0.000s
DEBUG 2018-07-14T16:52:07Z: tokio::reactor: loop process - 1 events, 0.000s
The core/postgresql service was successfully loaded
DEBUG 2018-07-14T16:52:07Z: tokio::reactor: dropping I/O source: 0
DEBUG 2018-07-14T16:52:07Z: tokio::reactor: loop process - 1 events, 0.000s
--> Tailing the Habitat Supervisor's output (use 'Ctrl+c' to stop)
hab-sup(AG): ✓ Installed core/ncurses/6.1/20180608091810
hab-sup(AG): ✓ Installed core/openssl/1.0.2n/20180608102213
hab-sup(AG): ✓ Installed core/pcre/8.41/20180608092740
hab-sup(AG): ✓ Installed core/perl/5.26.1/20180608094208
hab-sup(AG): ✓ Installed core/proj/4.9.3/20180608161305
hab-sup(AG): ✓ Installed core/readline/7.0.3/20180608092900
hab-sup(AG): ✓ Installed core/zlib/1.2.11/20180608050617
hab-sup(AG): ✓ Installed core/postgresql/9.6.8/20180711204049
hab-sup(AG): ★ Install of core/postgresql/9.6.8/20180711204049 complete with 26 new packages installed.
hab-sup(AG): The core/postgresql service was successfully loaded
hab-sup(MR): Starting core/postgresql
postgresql.default(UCW): Watching user.toml
postgresql.default(HK): health_check, compiled to /hab/svc/postgresql/hooks/health_check
postgresql.default(HK): init, compiled to /hab/svc/postgresql/hooks/init
postgresql.default(HK): reconfigure, compiled to /hab/svc/postgresql/hooks/reconfigure
postgresql.default(HK): suitability, compiled to /hab/svc/postgresql/hooks/suitability
postgresql.default(HK): run, compiled to /hab/svc/postgresql/hooks/run
postgresql.default(HK): Hooks compiled
postgresql.default(SR): Hooks recompiled
default(CF): Updated pg_hba.conf 76bb40de27470559c40676fe775f28adf0d3c78908370623f557d8205376131c
default(CF): Updated functions.sh 32b7276874ded143b22a45a8b7bfbbe014aff03130ecba77d3a528e4075fd245
default(CF): Updated recovery.conf 5dbca901e31886eeb8e16a41fc65c0645675ef7f4fc0af0f7bdad0ee1259572f
default(CF): Updated pwfile 30087c89f3dfc2b2179a2b567a67f094cf1cd8b1c6e3cc1473aef95fe65de533
default(CF): Updated pg_ident.conf 0e5751c026e543b2e8ab2eb06099daa1d1e5df47778f7787faab45cdf12fe3a8
default(CF): Updated postgresql.conf 75669656316a644abea6d776fa44cec8b1500679436e4bc62b31a4760c6369b9
postgresql.default(SR): Configuration recompiled
postgresql.default(SR): Initializing
postgresql.default hook[init]:(HK): Ensuring proper ownership: chgrp -RL 42 /hab/svc/postgresql/var /hab/svc/postgresql/data
postgresql.default hook[init]:(HK):  Database does not exist, creating with 'initdb'
postgresql.default hook[init]:(HK): The files belonging to this database system will be owned by user "hab".
postgresql.default hook[init]:(HK): This user must also own the server process.
postgresql.default hook[init]:(HK):
postgresql.default hook[init]:(HK): The database cluster will be initialized with locale "C".
postgresql.default hook[init]:(HK): The default text search configuration will be set to "english".
postgresql.default hook[init]:(HK):
postgresql.default hook[init]:(HK): Data page checksums are enabled.
postgresql.default hook[init]:(HK):
postgresql.default hook[init]:(HK): fixing permissions on existing directory /hab/svc/postgresql/data/pgdata ... ok
postgresql.default hook[init]:(HK): creating subdirectories ... ok
postgresql.default hook[init]:(HK): selecting default max_connections ... 100
postgresql.default hook[init]:(HK): selecting default shared_buffers ... 128MB
postgresql.default hook[init]:(HK): selecting dynamic shared memory implementation ... sysv
postgresql.default hook[init]:(HK): creating configuration files ... ok
postgresql.default hook[init]:(HK): running bootstrap script ... ok
postgresql.default hook[init]:(HK): performing post-bootstrap initialization ... ok
postgresql.default hook[init]:(HK): syncing data to disk ... ok
postgresql.default hook[init]:(HK):
postgresql.default hook[init]:(HK): WARNING: enabling "trust" authentication for local connections
postgresql.default hook[init]:(HK): You can change this by editing pg_hba.conf or using the option -A, or
postgresql.default hook[init]:(HK): --auth-local and --auth-host, the next time you run initdb.
postgresql.default hook[init]:(HK):
postgresql.default hook[init]:(HK): Success. You can now start the database server using:
postgresql.default hook[init]:(HK):
postgresql.default hook[init]:(HK):     pg_ctl -D /hab/svc/postgresql/data/pgdata -l logfile start
postgresql.default hook[init]:(HK):
postgresql.default(SV): Starting service as user=hab, group=hab
postgresql.default(O): Executing run hook
postgresql.default(O): Writing postgresql.local.conf file based on memory settings
postgresql.default(O): Ensuring proper ownership: chgrp -RL 42 /hab/svc/postgresql/var /hab/svc/postgresql/data
postgresql.default(O): Starting PostgreSQL
postgresql.default(O): 2018-07-14 16:52:11 GMT [243]: [1-1] user=,db=,client=  (0:00000)LOG:  redirecting log output to logging collector process
postgresql.default(O): 2018-07-14 16:52:11 GMT [243]: [2-1] user=,db=,client=  (0:00000)HINT:  Future log output will appear in directory "/hab/svc/postgresql/var/pg_log".
^C
[3][default:/src:130]# cat /hab/svc/postgresql/var/.pgpass
*:*:*:admin:admin
*:*:*:replication:replication
[4][default:/src:0]# cat /hab/svc/postgresql/config/pwfile
admin
[5][default:/src:0]# RUST_LOG=debug RUST_BACKTRACE=1 hab apply postgresql.default 2 habitat/config/runtime-modified.toml && sup-log
DEBUG 2018-07-14T16:52:31Z: habitat_common::ui: UI { shell: Shell { input: InputStream { isatty: true }, out: OutputStream { coloring: Auto, isatty: true, is_colored(): true, supports_color(): true }, err: OutputStream { coloring: Auto, isatty: true, is_colored(): true, supports_color(): true } } }
DEBUG 2018-07-14T16:52:31Z: hab: clap cli args: ["hab", "apply", "postgresql.default", "2", "habitat/config/runtime-modified.toml"]
DEBUG 2018-07-14T16:52:31Z: hab: remaining cli args: []
DEBUG 2018-07-14T16:52:31Z: hab::config: No CLI config found, loading defaults
» Setting new configuration version 2 for postgresql.default
Ω Creating service configuration
DEBUG 2018-07-14T16:52:31Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:31Z: tokio::reactor: loop process - 1 events, 0.000s
DEBUG 2018-07-14T16:52:31Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:31Z: tokio::reactor: loop process - 1 events, 0.000s
DEBUG 2018-07-14T16:52:31Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:31Z: tokio::reactor: loop process - 1 events, 0.000s
DEBUG 2018-07-14T16:52:31Z: tokio::reactor: dropping I/O source: 0
↑ Applying via peer 127.0.0.1:9632
DEBUG 2018-07-14T16:52:31Z: tokio::reactor: loop process - 1 events, 0.000s
DEBUG 2018-07-14T16:52:31Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:31Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:31Z: tokio::reactor: loop process - 1 events, 0.000s
DEBUG 2018-07-14T16:52:31Z: tokio::reactor: scheduling direction for: 0
DEBUG 2018-07-14T16:52:31Z: tokio::reactor: loop process - 1 events, 0.000s
DEBUG 2018-07-14T16:52:31Z: tokio::reactor: dropping I/O source: 0
★ Applied configuration
--> Tailing the Habitat Supervisor's output (use 'Ctrl+c' to stop)
postgresql.default hook[init]:(HK):     pg_ctl -D /hab/svc/postgresql/data/pgdata -l logfile start
postgresql.default hook[init]:(HK):
postgresql.default(SV): Starting service as user=hab, group=hab
postgresql.default(O): Executing run hook
postgresql.default(O): Writing postgresql.local.conf file based on memory settings
postgresql.default(O): Ensuring proper ownership: chgrp -RL 42 /hab/svc/postgresql/var /hab/svc/postgresql/data
postgresql.default(O): Starting PostgreSQL
postgresql.default(O): 2018-07-14 16:52:11 GMT [243]: [1-1] user=,db=,client=  (0:00000)LOG:  redirecting log output to logging collector process
postgresql.default(O): 2018-07-14 16:52:11 GMT [243]: [2-1] user=,db=,client=  (0:00000)HINT:  Future log output will appear in directory "/hab/svc/postgresql/var/pg_log".
hab-sup(MR): Setting new configuration version 2 for postgresql.default
postgresql.default(HK): Hooks compiled
default(CF): Updated functions.sh 6a122f04032baeab7a743edf62556b5b56c638b21c5ae781a31df6b39ed742ab
default(CF): Updated pwfile 579da00778a5b4567c94630399203935f7d84bb2c457e56537e36a56ff490a4a
postgresql.default(SR): Configuration recompiled
postgresql.default(O): Executing run hook
postgresql.default(O): Writing postgresql.local.conf file based on memory settings
postgresql.default(O): Ensuring proper ownership: chgrp -RL 42 /hab/svc/postgresql/var /hab/svc/postgresql/data
postgresql.default(O): Starting PostgreSQL
postgresql.default(O): 2018-07-14 16:52:32 GMT [279]: [1-1] user=,db=,client=  (0:00000)LOG:  redirecting log output to logging collector process
postgresql.default(O): 2018-07-14 16:52:32 GMT [279]: [2-1] user=,db=,client=  (0:00000)HINT:  Future log output will appear in directory "/hab/svc/postgresql/var/pg_log".
postgresql.default(HK): Hooks compiled
^C
[6][default:/src:130]# cat /hab/svc/postgresql/var/.pgpass
*:*:*:admin:test
*:*:*:replication:replication
[7][default:/src:0]# cat /hab/svc/postgresql/config/pwfile
test

predominant commented 6 years ago

Thanks for the report @OkJaybird!

I'm actually seeing some pretty interesting behaviour in the studio. I'm wondering if this is expected or not. I was trying to confirm that loading config changes before the service works as expected, and was going to suggest this option to you.

If you don't want to load config before the service, I would highly recommend creating a configuration plan, that basically declares a dependency on core/postgresql, and puts in configuration changes that you want. The core plan should remain as simple / default as possible.

Set the required config before loading the service:

# echo "[superuser]
> password = 'test'" | hab config apply postgresql.default $(date +%s)

» Setting new configuration version 1531809928 for postgresql.default
Ω Creating service configuration
↑ Applying via peer 127.0.0.1:9632
★ Applied configuration

Load the service

[2][default:/src:0]# hab svc load core/postgresql
» Installing core/postgresql
☁ Determining latest version of core/postgresql in the 'stable' channel
☛ Verifying core/postgresql/9.6.9/20180716151728
 .... snipped ....
★ Install of core/postgresql/9.6.9/20180716151728 complete with 26 new packages installed.
The core/postgresql service was successfully loaded

Confirm contents of `pwfile`

[3][default:/src:0]# cat /hab/svc/postgresql/config/pwfile
test

Convenience / binlinking

[4][default:/src:127]# hab pkg binlink core/postgresql
» Binlinking pg_test_timing from core/postgresql into /hab/bin
 .... snipped ....

Attempt logins

admin / test -> Success

[5][default:/src:0]# psql postgresql://admin:test@localhost:5432/postgres
psql (9.6.9)
Type "help" for help.

postgres=#

admin / admin -> success

[6][default:/src:0]# psql postgresql://admin:admin@localhost:5432/postgres
psql (9.6.9)
Type "help" for help.

postgres=#

admin / foo -> success

[7][default:/src:0]# psql postgresql://admin:foo@localhost:5432/postgres
psql (9.6.9)
Type "help" for help.

postgres=#

fancy / pants -> FAIL

[8][default:/src:0]# psql postgresql://fancy:pants@localhost:5432/postgres
psql: FATAL:  role "fancy" does not exist

admin / pants -> success

[9][default:/src:2]# psql postgresql://admin:pants@localhost:5432/postgres
psql (9.6.9)
Type "help" for help.

postgres=#

jsirex commented 6 years ago

For me it looks like password cannot be changed via PGPASSFILE after service had started... I had the same issue:

start postgres with defaults
change password
restart/reload - nothing helps. password is old

I can confirm that PGPASSFILE environment variable propagated correctly, postgres process sees it, content is valid (new password), but you cannot connect.

wduncanfraser commented 5 years ago

Just ran into this this morning when rotating DB passwords. I'll see if I can come up with a solution, so that when you change the superuser password, it actually changes it in the DB.

habitat-sh / core-plans