search

vitabaks / postgresql_cluster

PostgreSQL High-Availability Cluster (based on Patroni). Automating with Ansible.
https://postgresql-cluster.org
MIT License
1.69k stars 411 forks source link

patroni.yml.j2 auth method hard coded to md5 #389

Closed chuegel closed 1 year ago

chuegel commented 1 year ago

First of all thank you for this awesome playbook.

We successfully deployed patroni to a 3 node test cluster and noticed that in the /etc/patroni/patroni.yml file the pg_hba section is referencing md5 as auth type. The file is created from roles/patroni/templates/patroni.yml.j2

.
.
  pg_hba:  # Add following lines to pg_hba.conf after running 'initdb'
    - host replication {{ patroni_replication_username }} 127.0.0.1/32 md5
    - host all all 0.0.0.0/0 md5
.
.

shouldn't this use the auth method defined in vars/main.yml postgresql_password_encryption_algorithm ?

like 

.
.
  pg_hba:  # Add following lines to pg_hba.conf after running 'initdb'
    - host replication {{ patroni_replication_username }} 127.0.0.1/32 {{ postgresql_password_encryption_algorithm }}
    - host all all 0.0.0.0/0 {{ postgresql_password_encryption_algorithm }}
.
.
vitabaks commented 1 year ago

In fact, this configuration section is accessible only during initdb and then we configure the pghba file using ansible.

But I agree with you that it is necessary to define a variable here. feel free to create a PR or I'll do it myself a little later.

vitabaks commented 1 year ago

Done https://github.com/vitabaks/postgresql_cluster/pull/398