Description
This Improvement request (usability, performance, tech debt, etc.) affects these Traffic Control components:
- Traffic Ops
Current behavior:
The Traffic Ops db/admin
tool relies on the postgres
user requiring no password when connecting as root.
trafficcontrol/traffic_ops/app/db/admin.go
Line 307 in 02b9f04
#7142, which made Traffic Ops run as a non-root user, set PGPASSWORD
for the entire binary, which worked for Dev CDN in a Box because the password in dbconf.yml
, which this strategy set PGPASSWORD
to,
trafficcontrol/dev/traffic_ops/dbconf.yml
Line 21 in 02b9f04
happened to be "twelve12"
, the same password set for the postgres
user of the Postgres server.
trafficcontrol/docker-compose.yml
Line 46 in 02b9f04
However, once #7142 was merged, the Cache Config integration tests started failing, because its postgres
user password
is different than its traffic_ops
password (which ends up in dbconf.yml
).
trafficcontrol/cache-config/testing/docker/variables.env
Lines 35 to 36 in 02b9f04
We reverted the change to db/admin
from #7142 in #7198 to make the Cache Config integration tests pass again without knowing, at the time, why that change made them fail.
As a side note, finding the reason the Cache Config integration tests were failing was not straightforward because the errors go only to a file that is not printed to the to_server
container's output anywhere.
trafficcontrol/cache-config/testing/docker/traffic_ops/run.sh
Lines 144 to 145 in 02b9f04
New behavior:
db/admin
should not depend on thepostgres
user requiring no password when the connecting client is theroot
user locally.- In CDN in a Box for Developers, the
postgres
password should not be the same as thetraffic_ops
password, because that potentially hides issues like this one.