[Dbconfig-common-devel] Re: dbconfig-common Problems

Andreas Tille tillea at rki.de
Fri Jul 29 10:15:41 UTC 2005 

On Fri, 29 Jul 2005, sean finney wrote:

> assuming you mean ssl and not ssh?
Sure. :)

> okay, in that case you should select "password" for the authentication
> method questions.  looking at the dbconfig code, it's not clear whether
> or not you can preseed this value (by setting something like
> dbc_pgsql_authmethod_user="password" etc), though you ought to be able to
> for just this reason.
OK, if I add

         local   all         all    password

to /etc/postgresql/pg_hba.conf I will be asked at least for a password,
but this does not really help, because I have no password information about
any user in postgresql default configuration because the default is just
ident.  On the other hand this is a to rude hack because it will break other
applications which are using ident authentication.

IMHO the following steps are necessary to do in dbconfig-common to work out
of the box:

   1. Edit /etc/postgresql/pg_hba.conf

      ### -- Begin dbconfig-common -- ##
      local   @dbconfig-common.databases   @dbconfig-common.users  password
      ### -- End dbconfig-common -- ##

   2. Set links to database / username lists

      ln -s /etc/dbconfig-common/pgDatabases.list /var/lib/postgres/data/dbconfig-common.database
      ln -s /etc/dbconfig-common/pgUser.list /var/lib/postgres/data/dbconfig-common.users

   3. List Databases and users in the according config files

      echo "dbtestpgsql" >> /etc/dbconfig-common/pgDatabases.list
      echo "dbtestpgsql" >> /etc/dbconfig-common/pgUser.list

      The user names and database names can be obtained via debconf

   4. Restart postgresql server to enable the changed configuration

> i'd try the above mentioned debug routines to see if that sheds any
> more light on why things are failing.  you could then forward this
> information to me and/or the bts and we could take things from
> there.
I tried

$ export dbc_debug=1
$ export dbc_authmethod_admin="password"
$ export dbc_authmethod_user="password"
$ sudo dpkg -i db-test-pgsql_2.1_all.deb 
Selecting previously deselected package db-test-pgsql.
(Reading database ... 174973 files and directories currently installed.)
Unpacking db-test-pgsql (from db-test-pgsql_2.1_all.deb) ...
dbconfig-common: writing config to /etc/dbconfig-common/db-test-pgsql.conf

Creating config file /etc/dbconfig-common/db-test-pgsql.conf with new version
Setting up db-test-pgsql (2.1) ...
dbconfig-common: writing config to /etc/dbconfig-common/db-test-pgsql.conf
dbconfig-common: writing config to /etc/dbconfig-common/db-test-pgsql.conf
Replacing config file /etc/dbconfig-common/db-test-pgsql.conf with new version
dbconfig-common: writing config to /etc/dbconfig-common/db-test-pgsql.conf
creating postgres user dbtestpgsql:  success.
verifying creation of user: success.
creating database dbtestpgsql: success.
verifying database dbtestpgsql exists: success.
chown: `dbtestpgsql': invalid user
error encountered populating database:
Unknown id: dbtestpgsql
dbconfig-common: db-test-pgsql configure: aborted.
dbconfig-common: flushing administrative password
dpkg: error processing db-test-pgsql (--install):
  subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
  db-test-pgsql


Interestingly enough setting dbc_authmethod_* in the environment did not
succeed, because /etc/dbconfig-common/db-test-pgsql.conf says:

    dbc_authmethod_admin="ident"
    dbc_authmethod_user="ident"

Moreover my database setup above did not really to the expected result that
user dbtestpgsql for database dbtestpgsql has to use password authentication.
I have to sort this out on my local machine.  Wenn I used the "all all" setting
I was asked for a password for user dbtestpgsql which I do not know because
it is not set and thus the situation is not really better, but at least there
was a sign of password authentication method.  But as I said the "all all"
setting breaks other applications like otrs or zope and probably a lot more.

> you can also always hand-edit the config files under /etc, whose
> settings trump those of what's stored in debconf (in fact, they
> are loaded into debconf before debconf is run).
I do not realize a slightest change when I replace "ident" by "password"
for both values mentioned above.

> i believe that password does not work out of the box because postgres
> is not set up out of the box to do password based authentication.  if
> you enable password authentication in pg_hba.conf do you get any
> further?
See above.

Kind regards

          Andreas.

-- 
http://fam-tille.de

More information about the Dbconfig-common-devel mailing list