Allow external connections to PostgreSQL
Summary:
As this change is the first to modify the PostgreSQL configuration
files, it provisions both postgresql.conf and pg_hba.conf.
PostgreSQL is currently configured to only accept local connections.
As the goal is to use it for applications on other hosts,
this change adds external connections possibilities to pg_hba.conf.
External connections are allowed to selected CIDR, depending
of the user and database selected. For fantoir and airflow users,
connections are expected from Dwellers and docker-002.
The 'peer' authentication mechanism is selected on the server,
so it's possible to use postgres account to get a root shell
on the database for maintenance purpose. No reference to 'trust'.
Ref T1750
References:
- https://www.postgresql.org/docs/current/runtime-config-connection.html
- https://www.postgresql.org/docs/current/auth-peer.html
- https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
Test Plan:
- Connectivity: sockstat + nc -zv db-A-001 5432
- Actual connection: airflow nasqueron upgrade
Reviewers: dereckson
Reviewed By: dereckson
Maniphest Tasks: T1750
Differential Revision: https://devcentral.nasqueron.org/D2942