[arvados] created: 2.5.0-3-g82ac02584
git repository hosting
git at public.arvados.org
Mon Jan 9 16:45:01 UTC 2023
at 82ac02584786a4df10c218c75dbd53b768e8599e (commit)
commit 82ac02584786a4df10c218c75dbd53b768e8599e
Author: Tom Clegg <tom at curii.com>
Date: Mon Jan 9 11:43:31 2023 -0500
19894: Update documentation re: dispatcher connecting to postgresql.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>
diff --git a/doc/admin/upgrading.html.textile.liquid b/doc/admin/upgrading.html.textile.liquid
index 5b61c41e1..4717cce81 100644
--- a/doc/admin/upgrading.html.textile.liquid
+++ b/doc/admin/upgrading.html.textile.liquid
@@ -36,6 +36,10 @@ h2(#v2_5_0). v2.5.0 (2022-12-22)
"previous: Upgrading to 2.4.4":#v2_4_4
+h3. Dispatchers require PostgreSQL database access
+
+All dispatchers (cloud, slurm, and LSF) now connect directly to the PostgreSQL database. Make sure these connections are supported by your network firewall rules, PostgreSQL connection settings, and PostgreSQL server configuration (pg_hba.conf) as shown in the "PostgreSQL install instructions":{{site.baseurl}}/install/install-postgresql.html.
+
h3. Google or OpenID Connect login restricted to trusted clients
If you use OpenID Connect or Google login, and your cluster serves as the @LoginCluster@ in a federation _or_ your users log in from a web application other than the Workbench1 and Workbench2 @ExternalURL@ addresses in your configuration file, the additional web application URLs (e.g., the other clusters' Workbench addresses) must be listed explicitly in @Login.TrustedClients@, otherwise login will fail. Previously, login would succeed with a less-privileged token.
diff --git a/doc/install/install-postgresql.html.textile.liquid b/doc/install/install-postgresql.html.textile.liquid
index a9614b9be..5bb7e422d 100644
--- a/doc/install/install-postgresql.html.textile.liquid
+++ b/doc/install/install-postgresql.html.textile.liquid
@@ -28,8 +28,10 @@ h3(#centos7). CentOS 7
~$ <span class="userinput">scl enable rh-postgresql12 bash</span></pre></notextile>
# Initialize the database
<notextile><pre># <span class="userinput">postgresql-setup initdb</span></pre></notextile>
-# Configure the database to accept password connections
+# Configure the database to accept password connections from localhost
<notextile><pre><code># <span class="userinput">sed -ri -e 's/^(host +all +all +(127\.0\.0\.1\/32|::1\/128) +)ident$/\1md5/' /var/lib/pgsql/data/pg_hba.conf</span></code></pre></notextile>
+# Configure the database to accept password connections from the local network (replace @10.9.8.0/24@ with your private network mask)
+ <notextile><pre><code># <span class="userinput">echo 'host all all 10.9.8.0/24 md5' | tee -a /var/lib/pgsql/data/pg_hba.conf</span></code></pre></notextile>
# Configure the database to launch at boot and start now
<notextile><pre># <span class="userinput">systemctl enable --now rh-postgresql12-postgresql</span></pre></notextile>
@@ -38,6 +40,8 @@ h3(#debian). Debian or Ubuntu
Debian 10 (Buster) and Ubuntu 16.04 (Xenial) and later versions include a sufficiently recent version of Postgres.
# Install PostgreSQL
- <notextile><pre># <span class="userinput">apt-get --no-install-recommends install postgresql postgresql-contrib</span></pre></notextile>
+<notextile><pre># <span class="userinput">apt-get --no-install-recommends install postgresql postgresql-contrib</span></pre></notextile>
+# Configure PostgreSQL to accept password connections from the local network (replace @10.9.8.0/24@ with your private network mask)
+<notextile><pre># <span class="userinput">echo 'host all all 10.9.8.0/24 md5' | tee -a /etc/postgresql/*/main/pg_hba.conf</span></pre></notextile>
# Configure the database to launch at boot and start now
<notextile><pre># <span class="userinput">systemctl enable --now postgresql</span></pre></notextile>
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list