OpenERP client fails to connect with a restricted pg_hba.conf
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Odoo Server (MOVED TO GITHUB) |
Fix Committed
|
Wishlist
|
OpenERP's Framework R&D |
Bug Description
Using OpenERP 6.0.3 the client fails with "Could not connect to server" if the server's pg_hba.conf restricts access to 'template1'.
This bug may only affect people in a shared environment with multiple apps with their own databases hosted on the same instance of postgres. In a managed environment, it'd be expected that database access would be controlled via pg_hba.conf
Initially we had /etc/postgresql
#/etc/
host openerpdb openerp 192.168.94.21/32 md5
The openerp-server.log file showed ..
[2011-09-15 13:58:04,
Traceback (most recent call last):
File "/usr/share/
result = psycopg2.
OperationalError: FATAL: no pg_hba.conf entry for host "192.168.94.21", user "openerp", database "template1", SSL on
FATAL: no pg_hba.conf entry for host "192.168.94.21", user "openerp", database "template1", SSL off
It seems that as part of connecting to the database the applications connect to a database before enumerating the databases owned by the 'openerp' postgres user.
The immediate fix is to adjust the /etc/postgresql
#/etc/
host openerpdb openerp 192.168.94.21/32 md5
host template1 openerp 192.168.94.21/32 md5
Changed in openobject-server: | |
status: | New → Triaged |
And now for some further complications .. the above fix is than ideal. Because 'template1' are used as a template for new databases, it has been recommended to us that connecting to the 'postgres' database would be preferred to connecting to the 'template1' (or 'template0') databases. Once again this is likely to only be an issue in a shared/managed environment.
A change to '/usr/share/ pyshared/ openerp- server/ service/ web_services. py' fixes that (patch to come).
sed -i s/db_connect\ (\'template1\ '\)/db_ connect\ (\'postgres\ '\)/ /usr/share/ pyshared/ openerp- server/ service/ web_services. py
But now to make that more complicated, creating a new database requires access to the template0 .. and of course the new database would need to be enabled in the pg_hba.conf once it is created. But remember that this is bug is probably isolated to a shared environment where creating databases is a controlled process where the DBA would be working with the OpenERP user to create required databases.