Mail archive
alpine-devel

Re: [alpine-devel] [PATCH] testing/pgagent: new aport

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Tue, 16 Dec 2014 14:47:18 +0100

On Fri, 21 Nov 2014 13:40:08 -0500
Rafa* Rzepecki <divided.mind_at_gmail.com> wrote:

> On Fri, Nov 21, 2014 at 2:33 AM, Natanael Copa <ncopa_at_alpinelinux.org> wrote:
> >
> > On Thu, 20 Nov 2014 16:23:29 -0500
> > Rafa* Rzepecki <divided.mind_at_gmail.com> wrote:
> >
> > > http://www.pgadmin.org/docs/dev/pgagent.html
> > > a job scheduler for PostgreSQL
> > > ---
...
> > > diff --git a/testing/pgagent/pgagent.confd b/testing/pgagent/pgagent.confd
> > > new file mode 100644
> > > index 0000000..a85be20
> > > --- /dev/null
> > > +++ b/testing/pgagent/pgagent.confd
> > > _at_@ -0,0 +1,22 @@
> > > +# Pool time interval
> > > +PGA_POLL="10"
> > > +
> > > +# Retry period
> > > +PGA_RETRY="30"
> > > +
> > > +# Log file
> > > +PGA_LOG="/var/log/pgagent.log"
> >
> > Having the log file in /var/log means it needs to have root
> > permissions. Does the agent really need to run as root?
>
> It doesn't and shouldn't; in fact it should run as postgres in the
> case the scripts are used verbatim. Frankly I just copied them from
> Gentoo without much thought :) Those things probably should get
> reported 'upstream' once we converge on the best solution.
>
> Anyway, what's the preferred way to setup logging in this case? A
> post-install script that creates a /var/log subdirectory with proper
> permissions?
>
> Also, I'm not entirely sure what the user should be. If the agent is
> running on a local postgres, it's most practical (even if not the most
> secure) if it runs as 'postgres' user so it has superuser on the
> database; if it's not running on the local server, the scripts aren't
> generic enough to make it work anyway (auth needs to be set up, which
> might be done in a number of different ways -- password, kerberos,
> ident, ssl, etc.) so an admin would have to modify the init script
> anyway.

I think we can run it as postgresql as default and make the
alternatives configurable.

>
> > > diff --git a/testing/pgagent/pgagent.initd b/testing/pgagent/pgagent.initd
> > > new file mode 100644
> > > index 0000000..0e37fcc
> > > --- /dev/null
> > > +++ b/testing/pgagent/pgagent.initd
> > > _at_@ -0,0 +1,25 @@
> > > +#!/sbin/runscript
> > > +# Copyright 1999-2012 Gentoo Foundation
> > > +# Distributed under the terms of the GNU General Public License v2
> > > +# $Header: /var/cvsroot/gentoo-x86/dev-db/pgagent/files/pgagent.initd,v 1.1 2012/04/28 18:34:11 titanofold Exp $
> > > +
> > > +PGAGENTOPT="-t ${PGA_POLL} -r ${PGA_RETRY} -s ${PGA_LOG} -l ${PGA_LEVEL}"
> > > +
> > > +PGOPT="hostaddr=${PG_HOST} dbname=${PG_DBNAME} user=${PG_USER}"
> > > +
> > > +depend() {
> > > + use net
> > > + need postgresql
> >
> > Does the agent really require that a postgresql server runs on this
> > host even if the PG_HOST is pointing to some other host?
> >
> > I suspect that you can actually run the agent on different host than the
> > postgresql server and in that case, you don't need postgresql. It
> > should probably say "use postgresql".
>
> Yes, thanks; as mentioned above it's just lifted from Gentoo verbatim.
> I agree it should probably have use postgres, but heed the
> aforementioned comments about how one would probably modify the script
> anyway in anything different than the most common case.
>
> I'm not sure how to approach it best. Ideas are welcome :)

Well, you should not need edit the scripts, only the config. Thats why
there is a separate conf.d/ file.

I would just replace the 'need postgresql' with 'use postgresql' and
remove postgresql from depends.

thanks!

-nc


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Tue Dec 16 2014 - 14:47:18 UTC