Merge lp:~ahasenack/charms/precise/postgresql/postgresql-avoid-cname into lp:charms/postgresql

Proposed by Andreas Hasenack
Status: Merged
Merged at revision: 75
Proposed branch: lp:~ahasenack/charms/precise/postgresql/postgresql-avoid-cname
Merge into: lp:charms/postgresql
Diff against target: 20 lines (+10/-0)
1 file modified
hooks/hooks.py (+10/-0)
To merge this branch: bzr merge lp:~ahasenack/charms/precise/postgresql/postgresql-avoid-cname
Reviewer Review Type Date Requested Status
Stuart Bishop (community) Approve
Review via email: mp+195283@code.launchpad.net

Description of the change

Temporary hack for the postgresql charm to avoid using CNAME records for access control in pg_hba.conf (see bug #1250435).

The downside is that there can be repeated calls for "dig", which is a network query in the end. It could use some caching, but since the MAAS bug is bound to be fixed soon, my hope is that this hack can also be removed soon.

To post a comment you must log in.
Revision history for this message
Stuart Bishop (stub) wrote :

Looks fine for a temporary work around. dig(1) appears to be installed by default, so no need for extra packages to be added.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'hooks/hooks.py'
--- hooks/hooks.py 2013-11-03 23:31:17 +0000
+++ hooks/hooks.py 2013-11-14 18:42:50 +0000
@@ -417,6 +417,16 @@
417 return "%s/32" % addr417 return "%s/32" % addr
418 except socket.error:418 except socket.error:
419 # It's not an IP address.419 # It's not an IP address.
420 # XXX workaround for MAAS bug
421 # https://bugs.launchpad.net/maas/+bug/1250435
422 # If it's a CNAME, use the A record it points to.
423 # If it fails for some reason, return the original address
424 try:
425 output = run("dig +short -t CNAME %s" % addr, True).strip()
426 except:
427 return addr
428 if len(output) != 0:
429 return output.rstrip(".") # trailing dot
420 return addr430 return addr
421431
422 allowed_units = set()432 allowed_units = set()

Subscribers

People subscribed via source and target branches