Geo: use a pgpass file to authenticate transparently when using the `gitlab-geo-psql` command (!3099) · Merge requests · GitLab.org / omnibus-gitlab

Gabriel Mazetto requested to merge 4186-fix-geo-psql-fdw-access into master Mar 12, 2019

A previous attempt to do this:

By adding the extra line in pg_ident we allow the usage of gitlab-psql -U gitlab and gitlab-geo-psql -U gitlab_geo without needing to type a password when running from the same machine as postgres is running.

After discussing this with @ibaum, we figured out a better way: use a .pgpass file approach, which would work for HA and remote Geo PostgreSQL (like managed instances by cloud providers).

The proposal is to leverage something similar to what already exists in our toolset: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-ctl-commands/lib/postgresql/pgpass.rb and authenticate to the geo database with the correct user by default: gitlab-geo.

Closes #4186 (closed)

Edited Apr 27, 2019 by Gabriel Mazetto

Geo: use a pgpass file to authenticate transparently when using the `gitlab-geo-psql` command

Merge request reports