Broken "not_if" in "assign-postgres-password" in "recipes/server.rb" in "opscode-cookbooks/postgresql"


#1

I’ve put a detailed explanation of the problem and my proposed fix at http://tickets.opscode.com/browse/COOK-2163.

I have already implemented my proposed fix in my forked cookbook. Just getting this out there to seek comments before I submit a pull request.

In short, It’s merely a coincidence that “assign-postgres-password” has been succeeding. Every recipe[postgresql::server] run resets the password, regardless of whether or what password is currently set.

The coincidence is a counter-intuitive effect of the following pg_hba.conf authorization rules generated by a couple of attributes/default.rb settings:

TYPE DATABASE USER CIDR-ADDRESS METHOD

local all postgres ident
host all all 127.0.0.1/32 md5

My proposal involves making the first of those authorizations permanently hard-coded in the pg_hba.conf.erb template.


David Crane