~alpine/devel

Re: [alpine-devel] [PATCH] testing/pgagent: new aport

Rafał Rzepecki <divided.mind@gmail.com>
Details
Message ID
<CAJu-ZiwJF5mo8P0YuAnZW0f1b0npFnSjxptHpOCbxtFkrd6j3A@mail.gmail.com>
Sender timestamp
1424914306
DKIM signature
missing
Download raw message
Hi, attaching updated patch. Let me know if you have any further comments.

wt., 16 gru 2014 o 14:47 użytkownik Natanael Copa <ncopa@alpinelinux.org>
napisał:

> On Fri, 21 Nov 2014 13:40:08 -0500
> Rafa* Rzepecki <divided.mind@gmail.com> wrote:
>
> > On Fri, Nov 21, 2014 at 2:33 AM, Natanael Copa <ncopa@alpinelinux.org>
> wrote:
> > >
> > > On Thu, 20 Nov 2014 16:23:29 -0500
> > > Rafa* Rzepecki <divided.mind@gmail.com> wrote:
> > >
> > > > http://www.pgadmin.org/docs/dev/pgagent.html
> > > > a job scheduler for PostgreSQL
> > > > ---
> ...
> > > > diff --git a/testing/pgagent/pgagent.confd
> b/testing/pgagent/pgagent.confd
> > > > new file mode 100644
> > > > index 0000000..a85be20
> > > > --- /dev/null
> > > > +++ b/testing/pgagent/pgagent.confd
> > > > @@ -0,0 +1,22 @@
> > > > +# Pool time interval
> > > > +PGA_POLL="10"
> > > > +
> > > > +# Retry period
> > > > +PGA_RETRY="30"
> > > > +
> > > > +# Log file
> > > > +PGA_LOG="/var/log/pgagent.log"
> > >
> > > Having the log file in /var/log means it needs to have root
> > > permissions. Does the agent really need to run as root?
> >
> > It doesn't and shouldn't; in fact it should run as postgres in the
> > case the scripts are used verbatim. Frankly I just copied them from
> > Gentoo without much thought :) Those things probably should get
> > reported 'upstream' once we converge on the best solution.
> >
> > Anyway, what's the preferred way to setup logging in this case? A
> > post-install script that creates a /var/log subdirectory with proper
> > permissions?
> >
> > Also, I'm not entirely sure what the user should be. If the agent is
> > running on a local postgres, it's most practical (even if not the most
> > secure) if it runs as 'postgres' user so it has superuser on the
> > database; if it's not running on the local server, the scripts aren't
> > generic enough to make it work anyway (auth needs to be set up, which
> > might be done in a number of different ways -- password, kerberos,
> > ident, ssl, etc.) so an admin would have to modify the init script
> > anyway.
>
> I think we can run it as postgresql as default and make the
> alternatives configurable.
>
> >
> > > > diff --git a/testing/pgagent/pgagent.initd
> b/testing/pgagent/pgagent.initd
> > > > new file mode 100644
> > > > index 0000000..0e37fcc
> > > > --- /dev/null
> > > > +++ b/testing/pgagent/pgagent.initd
> > > > @@ -0,0 +1,25 @@
> > > > +#!/sbin/runscript
> > > > +# Copyright 1999-2012 Gentoo Foundation
> > > > +# Distributed under the terms of the GNU General Public License v2
> > > > +# $Header: /var/cvsroot/gentoo-x86/dev-db/pgagent/files/pgagent.initd,v
> 1.1 2012/04/28 18:34:11 titanofold Exp $
> > > > +
> > > > +PGAGENTOPT="-t ${PGA_POLL} -r ${PGA_RETRY} -s ${PGA_LOG} -l
> ${PGA_LEVEL}"
> > > > +
> > > > +PGOPT="hostaddr=${PG_HOST} dbname=${PG_DBNAME} user=${PG_USER}"
> > > > +
> > > > +depend() {
> > > > +    use net
> > > > +    need postgresql
> > >
> > > Does the agent really require that a postgresql server runs on this
> > > host even if the PG_HOST is pointing to some other host?
> > >
> > > I suspect that you can actually run the agent on different host than
> the
> > > postgresql server and in that case, you don't need postgresql. It
> > > should probably say "use postgresql".
> >
> > Yes, thanks; as mentioned above it's just lifted from Gentoo verbatim.
> > I agree it should probably have use postgres, but heed the
> > aforementioned comments about how one would probably modify the script
> > anyway in anything different than the most common case.
> >
> > I'm not sure how to approach it best. Ideas are welcome :)
>
> Well, you should not need edit the scripts, only the config. Thats why
> there is a separate conf.d/ file.
>
> I would just replace the 'need postgresql' with 'use postgresql' and
> remove postgresql from depends.
>
> thanks!
>
> -nc
>
Reply to thread Export thread (mbox)