Ok. I reviewed what was changed and I'm afraid that these changes are
no good. Using PGPASSWORD variable isn't recommended because it's
considered as insecure. Putting DBA password into pacemaker
configuration brings even more security issues. .pgpass file shall be
used instead when password authentication required. See PostgreSQL
documentation.
Then this line:
: ${OCF_RESKEY_psql=/usr/bin/psq}
doesn't make seance since. I don;t think that psql was renamed to psq.
Changing runasowner function to
runasowner() {
su $OCF_RESKEY_pgdba
export PGPASSWORD=$OCF_RESKEY_pwd
su $OCF_RESKEY_pgdba -c "$*"
}
completely breaks it since first su command starts shell and leaves
user there at the command prompt .
Have you tested your changes?
On Sun, Sep 20, 2009 at 8:54 AM, Serge Dubrouski <serge...@gmail.com> wrote:
> Can you provide your change as a diff patch?
>
> On Sat, Sep 19, 2009 at 11:22 PM, E-Blokos <in...@e-blokos.com> wrote:
>> For whos are interested to have more password security with Postgresql
>> until now the RA didn't work if db user in pg_hba.conf was set on other than
>> "trust",
>> otherwise psql command always ask password prompt, which break the RA
>> script.
>> So I updated the PGSQL RA to use pgsql with more security.
>>
>> Regards
>>
>> Franck Chionna
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> _______________________________________________
>> Pacemaker mailing list
>> Pacemaker@oss.clusterlabs.org
>> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>>
>>
>
>
>
> --
> Serge Dubrouski.
>
--
Serge Dubrouski.
_______________________________________________
Pacemaker mailing list
Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
