setting extra_pg_conf="log_file_mode=0600" results in a traceback
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
PostgreSQL Charm |
Fix Released
|
Medium
|
Unassigned |
Bug Description
As per PostgreSQL 9.x STIG V-214152 [1], log_file_mode must be configured to 0600.
When trying to do this via `juju config landscape-
2022-01-03 20:05:46 WARNING config-changed Traceback (most recent call last):
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/
2022-01-03 20:05:46 WARNING config-changed main()
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/
2022-01-03 20:05:46 WARNING config-changed bus.dispatch(
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/
2022-01-03 20:05:46 WARNING config-changed _invoke(
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/
2022-01-03 20:05:46 WARNING config-changed handler.invoke()
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/
2022-01-03 20:05:46 WARNING config-changed self._action(*args)
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/
2022-01-03 20:05:46 WARNING config-changed update_
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/
2022-01-03 20:05:46 WARNING config-changed settings = assemble_
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/
2022-01-03 20:05:46 WARNING config-changed validate_
2022-01-03 20:05:46 WARNING config-changed File "/var/lib/
2022-01-03 20:05:46 WARNING config-changed raise ValueError("{} above maximum {}".format(v, r.maxvalue))
2022-01-03 20:05:46 WARNING config-changed AttributeError: 'pg_settings' object has no attribute 'maxvalue'
2022-01-03 20:05:46 ERROR juju.worker.
Looking into this validate_
`sudo runuser -u postgres -- psql -c "SELECT name, unit, context, vartype, min_val, max_val, enumvals, boot_val FROM pg_settings WHERE context <> 'internal';`
which results in:
log_file_mode | | sighup | integer | 0 | 511 | | 384
Confirming that the max value is 511. Upon reading the PostgreSQL documentation [3], I see that the default value for this field is 0600, though 0640 is also commonly used. While 0600 is the default, a user should still be able to hard code the default value, or the 0640 as mentioned in the documentation.
[1] https:/
[2] https:/
[3] https:/
Related branches
- Tom Haddon: Approve
- Canonical IS Reviewers: Pending requested
-
Diff: 178 lines (+27/-20)6 files modifiedlib/pg_settings_10.json (+4/-4)
lib/pg_settings_11.json (+4/-4)
lib/pg_settings_12.json (+4/-4)
lib/pg_settings_9.5.json (+4/-4)
lib/pg_settings_9.6.json (+4/-4)
reactive/postgresql/service.py (+7/-0)
- Tom Haddon: Approve
- Canonical IS Reviewers: Pending requested
-
Diff: 13 lines (+1/-1)1 file modifiedreactive/postgresql/service.py (+1/-1)
tags: | added: sts |
Changed in postgresql-charm: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Ok, so the issue here is that the value is specified as an octal (e.g. 0600) which corresponds to 384 as an integer (0600 = (0 × 8³) + (6 × 8²) + (0 × 8¹) + (0 × 8⁰) = 384). However, we're not converting from octal to integer before comparing in the code.
I think the follow up fix here should be to switch the "type" in the pg_settings json files to octal and then convert that appropriately in `validate_ postgresql_ conf`.