maas-devel team mailing list archive

Thread
Date

Re: juju's private-address, DNS, MAAS and postgresql

To: Andreas Hasenack <andreas@xxxxxxxxxxxxx>
From: Gavin Panella <gavin.panella@xxxxxxxxxxxxx>
Date: Fri, 8 Nov 2013 13:15:02 +0000
Cc: Maas Devel <maas-devel@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CANYNYEHhgXd_2sxrKr=myx-PJsruaLMjVsKea6BV_fGXCOtWQQ@mail.gmail.com>

On 8 November 2013 12:57, Andreas Hasenack <andreas@xxxxxxxxxxxxx> wrote:
> On Fri, Nov 8, 2013 at 9:57 AM, Andreas Hasenack <andreas@xxxxxxxxxxxxx>
> wrote:
>>
>> This is the issue:
>> 2013-11-07 13:47:02 UTC FATAL:  no pg_hba.conf entry for host
>> "10.0.5.100", user "landscape", database "landscape-standalone-main", SSL
>> off
>> 2013-11-07 13:47:02 UTC DETAIL:  Client IP address resolved to
>> "10-0-5-100.maaslocal", forward lookup not checked.
>>
>
> To reproduce, deploy the following services with juju using the maas
> provider:
> juju deploy postgresql
> juju deploy postgresql-psql psql
> juju add-relation postgresql:db psql:db
>
> Now try it:
> juju ssh psql/0
> ubuntu@k8q9m:~$ psql-db-postgresql-0 -l
> psql: FATAL:  no pg_hba.conf entry for host "10.0.5.103", user "db_1_psql",
> database "postgres", SSL on
> FATAL:  no pg_hba.conf entry for host "10.0.5.103", user "db_1_psql",
> database "postgres", SSL off
> ubuntu@k8q9m:~$
>
> The postgresql/0 server will log:
> 2013-11-08 12:54:14 UTC FATAL:  no pg_hba.conf entry for host "10.0.5.103",
> user "db_1_psql", database "postgres", SSL on
> 2013-11-08 12:54:14 UTC DETAIL:  Client IP address resolved to
> "10-0-5-103.maaslocal", forward lookup not checked.
>
> Its pg_hba.conf will contain:
> # db:1 from psql/0
> host psql db_1_psql k8q9m.maaslocal md5
>
> host psql db_1_psql_schema k8q9m.maaslocal md5
> # replication:0 from postgresql/0
> host postgres juju_replication kmkxr.maaslocal md5

Some solutions I can think of:

1. MAAS could arrange that reverse look-ups return the configured
   hostname of nodes instead of the generated one (using
   generated_hostname).

2. Whatever writes pg_hba.conf could use the name from a reverse look-up
   instead of the hostname directly.

3. Whatever writes pg_hba.conf could use the IP address instead of the
   hostname directly.

4. Whatever writes pg_hba.conf could add extra rules for both of the
   above.

I'm not sure of the repurcussions of a change like #1. We chose to use
the generated name for a reason, though I can't remember exactly what it
was. Not having to regenerate the zone file everytime the hostname is
changed might have been part of it.

#2, #3 and #4 require changes to the charm, which I'll assume is easier
to do than making a change to core MAAS. I guess it's confusing to charm
authors though: a hostname is a hostname, right? It's an unexpected
wrinkle. We probably ought to fix #1, or at least justify better why
it's like that. In the meantime one of the other options ought to
unblock you.

If you agree, can you file a bug about #1?

Follow ups

Re: juju's private-address, DNS, MAAS and postgresql
From: Andreas Hasenack, 2013-11-08

References

juju's private-address, DNS, MAAS and postgresql
From: Andreas Hasenack, 2013-11-08
Re: juju's private-address, DNS, MAAS and postgresql
From: Andreas Hasenack, 2013-11-08