As a customer, I want to be able to use Azure PostgreSQL as my external PostgreSQL database for Puppet Enterprise. When attempting to use Azure PostgreSQL as an external database for PuppetDB (PE 2019.8.1), I encountered the problem that Azure requires the username for the Postgres connection to be in the username@hostname form, due to the way they publish access to PostgreSQL (as described here). I can manually modify database.ini to set the username to that format, but then you’ll see this in the logs:
clojure.lang.ExceptionInfo: Connected to database as "pe-puppetdb-migrator", not migrator "pe-puppetdb-migrator@pdb01"
|
It seems we have the same limitations as Chef has (see linked issue). This requirement from Azure stems from their architecture:
Azure Database for PostgreSQL has a gateway in front of the actual database servers that forwards connections from username@hostname to hostname as username. |
This means that once the connection is established, you will actually be connected as username, not username@hostname, and any database queries involving users should just use username (e.g. granting permissions).
|
Some issues I’ve encountered while trying to get this to work: * The docs don’t tell you to also create a pe-puppetdb-migrator user
- You can’t specify username@hostname for the xxx_regular_db_user and xxx_migration_db_user settings in pe.conf, the @hostname part gets cutoff during installation.
- I can manually re-add the @hostname back to the username in database.ini but then the queries also expect this for the connection, which they should not. And I can probably assume that another puppet run would overwrite the settings in database.ini again.
|