Opened 3 years ago

Closed 3 years ago

#21277 closed task (fixed)

Please set up a new PostgreSQL database called webstats on meronense

Reported by: karsten Owned by: tpa
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We need a new PostgreSQL database called webstats on meronense that is owned by the metrics user. Feel free to use settings (Encoding, Collate, Ctype) from the userstats database as defaults.

Ideally, the metrics user would be able to log in without password prompt. The background here is that we'd want to use jdbc:postgresql:webstats as JDBC string to connect to this database without having to configure a password in the Java sources. I guess if psql webstats works on the metrics user prompt without asking for a password, we're good with respect to JDBC.

Thanks!

Child Tickets

Change History (5)

comment:1 Changed 3 years ago by weasel

Resolution: fixed
Status: newclosed

comment:2 Changed 3 years ago by karsten

Resolution: fixed
Status: closedreopened

Hmm, I see the database and can connect to it using psql, but connecting via JDBC doesn't work. Apparently, the issue is that JDBC connections always happen via TCP/IP, not Unix-domain sockets.

Can you update pg_hba.conf and put in a line like this (please triple-check -- untested)?

host all metrics 127.0.0.1/32 ident

Here's some context what we're using this database for: twice per day, we're fetching new logs from webstats.torproject.org, importing them into the database, extracting statistics from the database, and storing those statistics to a local .csv file.

We're not accessing the database via some web server running under the metrics user. It's just used locally. (This is the case for all database on this host, which is why I wrote all in the line above.)

Hope that helps for risk assessment.

comment:3 Changed 3 years ago by weasel

I'm not sure we really want to start running ident servers again in 2017. Hm.

comment:4 Changed 3 years ago by karsten

How about trust? :) Okay, I don't know how to solve this problem. There's no clear winner.

But until we have found a compromise, can you put the database password on the server, maybe in ~metrics/.pgpass, so that I can start importing data via JDBC using password authentication? Thanks!

comment:5 Changed 3 years ago by weasel

Resolution: fixed
Status: reopenedclosed

Note that .pgpass has well defined semantics. Also, you already have the password.

Note: See TracTickets for help on using tickets.