Closed tarekziade closed 9 years ago
In development and in TravisCI we deploy the app using the postgres
user, which is the owner of most internal PostgreSQL objects.
I suppose that the problem you had was using a different user (not mentionned).
I can reproduce the following problem locally:
postgres=# CREATE USER kinto PASSWORD 'kinto';
ALTER ROLE
postgres=# CREATE DATABASE kintodb OWNER kinto;
CREATE DATABASE
postgres=#
$ psql -h 127.0.0.1 -U kinto -d kintodb;
Password for user kinto:
psql (9.4.1)
kintodb=> CREATE OR REPLACE FUNCTION as_epoch(ts TIMESTAMP) RETURNS BIGINT AS $$
kintodb$> BEGIN
kintodb$> RETURN (EXTRACT(EPOCH FROM ts) * 1000)::BIGINT;
kintodb$> END;
kintodb$> $$ LANGUAGE plpgsql;
CREATE FUNCTION
kintodb=>
kintodb=> DROP CAST IF EXISTS (TIMESTAMP AS BIGINT);
NOTICE: cast from type pg_catalog.timestamp to type pg_catalog.int8 does not exist, skipping
DROP CAST
kintodb=>
kintodb=> CREATE CAST (TIMESTAMP AS BIGINT)
kintodb-> WITH FUNCTION as_epoch(TIMESTAMP) AS ASSIGNMENT;
ERROR: must be owner of type timestamp without time zone or type bigint
For convience we create a cast from timestamp to big int, and postgres prevents us from doing it with a user that doesn't own the source/destination types.
We have several solutions (by order of personal preference):
1. Temporary rights: Set our user as superuser temporarily (during schema creation on first app run and during future schema migrations)
postgres=# CREATE DATABASE kintodb OWNER kinto;
CREATE DATABASE
postgres=# ALTER USER kinto SUPERUSER;
ALTER ROLE
<install app>
postgres=# ALTER USER kinto NOSUPERUSER;
ALTER ROLE
2. Using distinct roles: Create the schema with user postgres
(using cliquet/storage/postgresq/schema.sql
) and give our user some privileges.
(Obviously, the less privileges possible the better, but here as an example, and to ease future schema migrations etc. I give almost full privileges)
postgres=# CREATE DATABASE kintodb OWNER kinto;
CREATE DATABASE
postgres=# \?
postgres=# \c kintodb;
You are now connected to database "kintodb" as user "postgres".
kintodb=# \i /path/to/cliquet/storage/postgresql/schema.sql
...
...[ ... ] does not exist, skipping.
...
kintodb=# \d
List of relations
Schema | Name | Type | Owner
--------+----------+-------+----------
public | deleted | table | postgres
public | metadata | table | postgres
public | records | table | postgres
kintodb=#
kintodb=# GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO kinto;
GRANT
3. Postgresql internals: Set our user as owner of those types temporarily during schema creation (even if it would work I wouldn't mess up with postgres internal stuff)
Thanks @leplatrem for all this informations. I had a similar problem when settings up the readinglist-preprod server. I like the temporary superuser (first) solution.
Can we document this in the documentation?
trying to deploy with postgres we're getting an error
"must be owner of type timestamp without time zone or type bigint"
Is there anything special to do prior to running the app ?