Merge lp:~ahasenack/charms/precise/postgresql/postgresql-avoid-cname into lp:charms/postgresql

Proposed by Andreas Hasenack
Status: Merged
Merged at revision: 75
Proposed branch: lp:~ahasenack/charms/precise/postgresql/postgresql-avoid-cname
Merge into: lp:charms/postgresql
Diff against target: 20 lines (+10/-0)
1 file modified
hooks/ (+10/-0)
To merge this branch: bzr merge lp:~ahasenack/charms/precise/postgresql/postgresql-avoid-cname
Reviewer Review Type Date Requested Status
Stuart Bishop (community) Approve
Review via email:

Description of the change

Temporary hack for the postgresql charm to avoid using CNAME records for access control in pg_hba.conf (see bug #1250435).

The downside is that there can be repeated calls for "dig", which is a network query in the end. It could use some caching, but since the MAAS bug is bound to be fixed soon, my hope is that this hack can also be removed soon.

To post a comment you must log in.
Revision history for this message
Stuart Bishop (stub) wrote :

Looks fine for a temporary work around. dig(1) appears to be installed by default, so no need for extra packages to be added.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'hooks/'
2--- hooks/ 2013-11-03 23:31:17 +0000
3+++ hooks/ 2013-11-14 18:42:50 +0000
4@@ -417,6 +417,16 @@
5 return "%s/32" % addr
6 except socket.error:
7 # It's not an IP address.
8+ # XXX workaround for MAAS bug
9+ #
10+ # If it's a CNAME, use the A record it points to.
11+ # If it fails for some reason, return the original address
12+ try:
13+ output = run("dig +short -t CNAME %s" % addr, True).strip()
14+ except:
15+ return addr
16+ if len(output) != 0:
17+ return output.rstrip(".") # trailing dot
18 return addr
20 allowed_units = set()


People subscribed via source and target branches