<html><head></head><body><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div><div>Hi,</div><div><br></div><div>I run pgpool in docker and so I regenerate all files (pgpool config file, pool_pwd, the status file /tmp/pgpool_status) when the container starts (it is a best practice in docker because the normal workflow is to remove the container when it is stopped and to not use host mounted directories especially when in a swarm context)</div><div><br></div><div>So in the entrypoint of my container I have this code snippet to generate the file from the database. The variable DBHOST is computed before earlyer in the script</div><div><br></div><div>That's the logic in shell:</div><div><br></div><div>echo "Generate pool_passwd file from ${DBHOST}"</div><div>
<p class="ydp5d285a16p1"><span class="ydp5d285a16s1">touch ${CONFIG_DIR}/pool_passwd</span></p>
<p class="ydp5d285a16p1"><span class="ydp5d285a16s1">ssh -p 222 postgres@${DBHOST} "psql -c \"select rolname,rolpassword from pg_authid;\"" | awk 'BEGIN {FS="|"}{print $1" "$2}' | grep md5 | while read f1 f2</span></p>
<p class="ydp5d285a16p1"><span class="ydp5d285a16s1">do</span></p>
<p class="ydp5d285a16p1"><span class="ydp5d285a16s1"><span class="ydp5d285a16Apple-converted-space"> </span># delete the line and recreate it</span></p>
<p class="ydp5d285a16p1"><span class="ydp5d285a16s1"><span class="ydp5d285a16Apple-converted-space"> </span>echo "setting passwd of $f1 in ${CONFIG_DIR}/pool_passwd"</span></p>
<p class="ydp5d285a16p1"><span class="ydp5d285a16s1"><span class="ydp5d285a16Apple-converted-space"> </span>sed -i -e "/^${f1}:/d" ${CONFIG_DIR}/pool_passwd</span></p>
<p class="ydp5d285a16p1"><span class="ydp5d285a16s1"><span class="ydp5d285a16Apple-converted-space"> </span>echo $f1:$f2 >> ${CONFIG_DIR}/pool_passwd</span></p>
<p class="ydp5d285a16p1"><span class="ydp5d285a16s1">done</span></p>My Docker file is here: <a href="https://github.com/saule1508/pgcluster/tree/develop/pgpool" class="">https://github.com/saule1508/pgcluster/tree/develop/pgpool</a></div><div><br></div><div><br></div><div><br></div><div><br></div><div class="ydp895d2f6dsignature">Pierre</div></div>
<div><br></div><div><br></div>
<div id="ydp7a69b5d8yahoo_quoted_9070091210" class="ydp7a69b5d8yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Wednesday, February 14, 2018, 8:57:41 PM GMT+1, Ken Young <Ken.Young@sas.com> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id="ydp7a69b5d8yiv8683998416">
<div>
<div class="ydp7a69b5d8yiv8683998416WordSection1">
<p class="ydp7a69b5d8yiv8683998416MsoNormal">Hey folks,</p>
<p class="ydp7a69b5d8yiv8683998416MsoNormal"> </p>
<p class="ydp7a69b5d8yiv8683998416MsoNormal">Is there any alternative to using the pool_passwd file to maintain the user/password list for PostgreSQL MD5 authentication? This works well for us in typical hardware scenarios. However, maintaining and updating the pool_passwd file
when new users are added or passwords are changed is more challenging in a more restrictive cloud or docker environment. Has anyone devised a best practice or better way of handling PostgreSQL user account changes for when user authentication is required?
A different authentication method, perhaps?</p>
<p class="ydp7a69b5d8yiv8683998416MsoNormal"> </p>
<p class="ydp7a69b5d8yiv8683998416MsoNormal"> </p>
<p class="ydp7a69b5d8yiv8683998416MsoNormal"><span style="font-size:22.0pt;">Ken Young</span><span></span></p>
<p class="ydp7a69b5d8yiv8683998416MsoNormal"><b><span style="font-size:10.0pt;">Ken.Young@sas.com</span></b><span style="font-size:12.0pt;">
<br>
</span><b><span style="font-size:10.0pt;">Data Management R&D</span></b><span style="font-size:12.0pt;">
<br>
</span><b><span style="font-size:10.0pt;">SAS Institute, Inc.</span></b><span style="font-size:12.0pt;">
<br>
</span><b><span style="font-size:10.0pt;">919-531-9319
</span></b><span style="font-size:12.0pt;"></span></p>
<p class="ydp7a69b5d8yiv8683998416MsoNormal"><span style="font-size:10.0pt;"><a href="http://www.sas.com/" rel="nofollow" target="_blank"><span style="color:blue;">http://www.sas.com</span></a></span><span style="font-size:12.0pt;">
</span></p>
<p class="ydp7a69b5d8yiv8683998416MsoNormal"><b><i><span style="font-size:13.5pt;">SAS...</span></i></b><b><i> The Power to Know</i></b>
</p>
<p class="ydp7a69b5d8yiv8683998416MsoNormal"> </p>
<p class="ydp7a69b5d8yiv8683998416MsoNormal"> </p>
</div>
</div>
</div>_______________________________________________<br>pgpool-general mailing list<br><a href="mailto:pgpool-general@pgpool.net" rel="nofollow" target="_blank">pgpool-general@pgpool.net</a><br><a href="http://www.pgpool.net/mailman/listinfo/pgpool-general" rel="nofollow" target="_blank">http://www.pgpool.net/mailman/listinfo/pgpool-general</a><br></div>
</div>
</div></div></body></html>