HomeDevCentral

Allow external connections to PostgreSQL

Description

Allow external connections to PostgreSQL

Summary:
As this change is the first to modify the PostgreSQL configuration
files, it provisions both postgresql.conf and pg_hba.conf.

PostgreSQL is currently configured to only accept local connections.
As the goal is to use it for applications on other hosts,
this change adds external connections possibilities to pg_hba.conf.

External connections are allowed to selected CIDR, depending
of the user and database selected. For fantoir and airflow users,
connections are expected from Dwellers and docker-002.

The 'peer' authentication mechanism is selected on the server,
so it's possible to use postgres account to get a root shell
on the database for maintenance purpose. No reference to 'trust'.

Ref T1750

References:

Test Plan:

  • Connectivity: sockstat + nc -zv db-A-001 5432
  • Actual connection: airflow nasqueron upgrade

Reviewers: dereckson

Reviewed By: dereckson

Maniphest Tasks: T1750

Differential Revision: https://devcentral.nasqueron.org/D2942

Details

Provenance
derecksonAuthored on Mar 29 2023, 17:22
derecksonPushed on Mar 29 2023, 19:47
Reviewer
dereckson
Differential Revision
D2942: Allow external connections to PostgreSQL
Parents
rOPSe472250c6ae7: Create airflow PostgreSQL database
Branches
Unknown
Tags
Unknown
Tasks
T1750: Import FANTOIR database