This is a follow up on https://pagure.io/fedora-infra/ansible/pull-request/1668#comment-195462
I am requesting for access to staging and production instances of central postgres database. Both the database and usernames should be 'openscanhub'.
asap
Metadata Update from @zlopez: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: low-gain, low-trouble, ops
If anybody wants to work on this, here is a guide for it https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/database/#_creating_a_new_postgresql_database
This needs to be created for staging now and added to secrets, which could be used in ansible role.
It's worth noting here that if possible, we prefer to have several db users for each app. (see the document link).
ie, an admin account to do schema upgrades or maint, a regular account for normal operations and optionally a read-only user in case the app can use that for anything.
Can your app accomodate that? Or would you prefer one account? The downside of one account is then that it has all the perms on your db. Restricting admin/schema changes to an admin account makes the app more secure.
I'm sorry it's taken so long to get to this. I hope to get some time this coming week to help move your staging deployment forward.
Can your app accomodate that? Or would you prefer one account?
OpenScanHub only supports one account. The user openscanhub should have all privileges on the openscanhub database.
openscanhub
I need the database on the production instance too.
ok, too bad.
ok. I created the staging db user and database. It's openscanhub for username and db name. It should have perms on the db.
The password you can use in your playbooks is "{{ openscanhub_db_password_stg }}". If you need to access the db directly, I can get you the password...
I'd prefer to finish all the staging deployment before setting anything up there.
Shall we close this out now? or do you need anything further on the db?
Please share the exact address of the staging database, or the url I could use in a template file.
Yes, that would be helpfull... ;)
it's:
db01.stg.iad2.fedoraproject.org
username is openscanhub, password can be inserted with the "{{ openscanhub_db_password_stg }}" variable.
@kevin Would it be possible for you to send me the password over e-mail? I need that to create secrets, as mentioned in https://pagure.io/fedora-infra/ansible/pull-request/1684#comment-195969
Also, I need permissions to create secrets in my project.
EDIT: I probably do not need them directly, as I could just generate them through the template.
Yeah, they already should be avaible via variables in the private repo. ;)
{{ openscanhub_db_password_stg }} is the staging password.
This can be closed now.
Metadata Update from @svashisht: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.