allow for separate configuration and data directories #187
Conversation
postgres/server/init.sls
Outdated
| @@ -70,6 +70,9 @@ postgresql-config-dir: | |||
| - makedirs: True | |||
| - require: | |||
| - cmd: postgresql-cluster-prepared | |||
| {%- if postgres.conf_dir == postgres.data_dir %} | |||
| - dir_mode: 0700 | |||
There was a problem hiding this comment.
This is a good change, and the configuration directory should definitely have to be secured even if does not match the data directory. No need for if statement. Just put it above of the require items as a matter of consistent style.
There was a problem hiding this comment.
I was reading PG documentation regarding this (due to error in logs). I could not find any instruction that conf_dir needs to be secured. I understand you see no issues using 0700 for conf_dir so agree here.
There was a problem hiding this comment.
I have implemented this. Because it's allowed to have cond_dir and data_dir the same in PG implementations, and 0700 was already requirement, then 0700 applies to conf_dir too. You are correct therefore - the if should be removed.
There was a problem hiding this comment.
Having ability to define separate configuration and data directory is very good.
However, this new paramenter data_dir has not been used in any state directly. It will have no effect at all if put any random string there, since real data directory will be created with prepare_cluster.command. Internally, the data_dir jinja varible was used to modify prepare_cluster.command for upstream-based installations. Also, if you would like to change real data dir, you will need to make corresponding changes in the postgresql.conf file.
I feel like this PR is incomplete.
|
The primary PR goal is to fix 0700 permission bug. PG documentation/error complains about data_dir not configuration directory. In default.yaml the '/var/lib/pgsql/data' string occurs 3 times to avoid Jinja, and be consistent with conf_dir parameter declarations. In osmap.yaml the data_dir is declared as Jinja, not YAML. I'm fixing the inconsistency cautiously. It is better for everyone to address the YAML first, and SLS in later PR. Researching correct values for osmap.yaml involved significant research into various wiki's and distro docs. Can we just ensure we are happy with YAML first. |
|
In hindsight, its better to do SLS now. Implementation wise, we could remove UPDATE: Below is my implementation decision regarding SLS usage of PR updated with full support in YML and SLS files. |
|
@vutny Please review this again when you have free time. thx |
|
Testing this today. |
|
Closing to rebase & submit smaller PRs. Comments here will be adopted. |
This PR allows different "configuration" and "data" directory, resolving some issues-
Ubuntu postgresql-server stores config in
/etc, and data into/var. Thepostgresstate fails horribly if/etc/postgresql/../postgresql.confexists, perhaps afterpostgres.droppedruns.User may want separation of data and configuration.
This is current situation where
conf_dirvariable exists but notdata_dir.postgresinstall always fails after 'dropped' (or remove Add basic postgres.server.remove state #182) states, because conf_dir remains.If
conf_diranddata_dirhave same value,pg_ctlthrows permissions error.pg_ctl[8774]: FATAL: data directory "/var/lib/pgsql/data" has group or world access