Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from ) id 1hiyjR-000402-2J for pgadmin-hackers@arkaria.postgresql.org; Thu, 04 Jul 2019 10:12:49 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.89) (envelope-from ) id 1hiyjP-0003ih-Dd for pgadmin-hackers@arkaria.postgresql.org; Thu, 04 Jul 2019 10:12:47 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from ) id 1hiyjO-0003ia-Uq for pgadmin-hackers@lists.postgresql.org; Thu, 04 Jul 2019 10:12:47 +0000 Received: from mail-wm1-x342.google.com ([2a00:1450:4864:20::342]) by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from ) id 1hiyjH-0007rD-K6 for pgadmin-hackers@lists.postgresql.org; Thu, 04 Jul 2019 10:12:45 +0000 Received: by mail-wm1-x342.google.com with SMTP id z23so5491932wma.4 for ; Thu, 04 Jul 2019 03:12:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pgadmin.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4YMmZQ1tFslbptLqM/h8M5yERGzpqj7mVnJAZiMRSQo=; b=gOuh7lT80tfqiVQvBveMMIAQ1utnRW+LNYw0cY1R5vTZI8n+zj0juX6qqF+c8BNxxN WGH9vsgHraGx4jCdzrfkqh84pzSfFRdjexCON8aNoYysvpsUGZBlTWcF8vVw+bCzEwTI 4RwIX5nAfAFL4spXXIQgN2MDBvVENwYh8VWKHnMalQhGq7mhqZkPBM0K2wjuK5HtJpMl Ys2yz3rpl/u4XRZO5N6e+ISg6wqXiOMqXVJJKqykWAlAzzvgHjXTuKajnPn96nSmCphj 2dMmoFJod/oPu/B6j4N7gvr9CZzImeekxmGS2eKn/ff1F523sqqSow/4bJ9x2zz1KA24 L+8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4YMmZQ1tFslbptLqM/h8M5yERGzpqj7mVnJAZiMRSQo=; b=MSVw5a5Lr5bToZKcU7+T8Gjq37ESi01II7F8UV7oa3680JnEKHm0PvnRwsj0sfVufs 0sx4YVnsObdWQXn/R6uetmJ0Mrkrs7mr3HW5ppsYNd7DwRuCM1Zk7pqfMt5bv0aY7MVp MZ8RcskG2RaAo/LZ7t9/ljTohWKwrHTWG69lQX13Bm9G5F19Kk+1IHfP3RnmnIvfp/AR nPAZw+XNsGVsDdcjPxDxUOFJN32AolV2xaylUfxNZtFRspWdu9UWlRpCORAy4xlAo5LV b/ARbII2Nuy02sd4TWH3bW9VWIMQnIgmLdzaLkUNXthwDwIFEhr/NG7wWazmjKLlA2Mo 1CTQ== X-Gm-Message-State: APjAAAWFIdkVjDlWPmJw2ym5rxKAkAruWjFhJTgu21Vx9DHSfRNpN3BL DsBKn2EMZy92hU9dY/dNi6EXMgDo1O3FDPO5HRULxg== X-Google-Smtp-Source: APXvYqxI1xJyt1ucOygyq+hwRmCBUvqs24Ll5YjLD9cbLNpmu0jI5QHXzZ3HVVy6h9C5FeIolDgF+UqaawPuD+lalno= X-Received: by 2002:a05:600c:20c3:: with SMTP id y3mr12400047wmm.3.1562235157047; Thu, 04 Jul 2019 03:12:37 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Dave Page Date: Thu, 4 Jul 2019 11:12:25 +0100 Message-ID: Subject: Re: passwords enabled by default To: Fahar Abbas Cc: Andrew Coleman , pgadmin-hackers Content-Type: multipart/alternative; boundary="0000000000009786bd058cd837f5" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk --0000000000009786bd058cd837f5 Content-Type: text/plain; charset="UTF-8" Great, thanks. Can you now test it in a container? I think you'll need to map the file location in the container to the host machine, and then specify the location in the container (e.g. /pgpass in the example below) when you configure the server in pgAdmin. e.g. docker run -p 80:80 \ -e "PGADMIN_DEFAULT_EMAIL=user@domain.com" \ -e "PGADMIN_DEFAULT_PASSWORD=SuperSecret" \ -v "/path/on/host/to/pgpass:/pgpass" \ -d dpage/pgadmin4 On Thu, Jul 4, 2019 at 11:00 AM Fahar Abbas wrote: > Yes Dave it's working as expected. > > On Thu, Jun 27, 2019 at 8:16 PM Dave Page wrote: > >> Fahar, can you verify that the Password File option works as expected (or >> not) in a non-containerised environment? It should *not* require PGPASSFILE >> to be set (because that's basically what it should be doing for us). >> >> Thanks. >> >> On Thu, Jun 27, 2019 at 8:27 AM Andrew Coleman >> wrote: >> >>> Recently, while testing my changes to entrypoint.sh in Docker, I noticed >>> that you cannot import or export passwords via the servers.json file. You >>> can get around this by setting the PassFile option in servers.json, but >>> that still doesn't work correctly. For me to make this work, I had to also >>> set the `PGPASSFILE` to the full path location of the pgpass file generated >>> for me by Helm. >>> >>> To clarify, I know how many servers I want to connect to and how to find >>> their passwords in Kubernetes via their secret, and I use Helm to stitch >>> all of that together into a pgpass file that psql and pgadmin4 can use to >>> connect to the servers without user intervention. >>> >>> The presence of the pgpass file and the reference to that file in the >>> servers.json was not enough to allow pgadmin4 to connect to the servers, I >>> also had to set `PGPASSFILE` in my Helm chart to make this work. >>> >>> This seems like another good ticket, no? I know where to add them and >>> I'll put a patch in place, but I could sure use a little bit of guidance on >>> the copy portion of the documentation. I know why it works for me, but >>> would anyone conceivably use this in a non-Dockerized deployment? >>> >>> Thanks, >>> Andrew >>> >> >> >> -- >> Dave Page >> Blog: http://pgsnake.blogspot.com >> Twitter: @pgsnake >> >> EnterpriseDB UK: http://www.enterprisedb.com >> The Enterprise PostgreSQL Company >> > > > -- > Fahar Abbas > QMG > EnterpriseDB Corporation > Phone Office: +92-51-835-8874 > Phone Direct: +92-51-8466803 > Mobile: +92-333-5409707 > Skype ID: *live:fahar.abbas* > Website: www.enterprisedb.com > -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company --0000000000009786bd058cd837f5 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Great, thanks. Can you now test it in a container? I think= you'll need to map the file location in the container to the host mach= ine, and then specify the location in the container (e.g. /pgpass in the ex= ample below) when you configure the server in pgAdmin. e.g.

<= div>
docker run -p 80:80 \
        -e "PGADMIN_DEFAULT_EMAIL=3Duser@domain.com" \
        -e "PGADMIN_DEFAULT_PASSWORD=3DSuperSecret" \
        -v "/path/on/host/to/pgpass:/pgpass" \
        -d dpage/pgadmin4

On Thu, Jul 4, 2019 at 11:00 AM= Fahar Abbas <fahar.abba= s@enterprisedb.com> wrote:
Yes Dave it's working as expected.

On Thu, Jun 27, 2019 at 8:16 PM Dave Page <dpage@pgadmin.org> wrote:
Fahar, c= an you verify that the Password File option works as expected (or not) in a= non-containerised environment? It should *not* require PGPASSFILE to be se= t (because that's basically what it should be doing for us).
=
Thanks.

On Thu, Jun 27, 2019 at 8:27 AM Andrew Coleman <penguincoder@gmai= l.com> wrote:
Recently, while testing my changes to entrypoint= .sh in Docker, I noticed that you cannot import or export passwords via the= servers.json file. You can get around this by setting the PassFile option = in servers.json, but that still doesn't work correctly. For me to make = this work, I had to also set the `PGPASSFILE` to the full path location of = the pgpass file generated for me by Helm.

To clari= fy, I know how many servers I want to connect to and how to find their pass= words in Kubernetes via their secret, and I use Helm to stitch all of that = together into a pgpass file that psql and pgadmin4 can use to connect to th= e servers without user intervention.

The presence = of the pgpass file and the reference to that file in the servers.json was n= ot enough to allow pgadmin4 to connect to the servers, I also had to set `P= GPASSFILE` in my Helm chart to make this work.

Thi= s seems like another good ticket, no? I know where to add them and I'll= put a patch in place, but I could sure use a little bit of guidance on the= copy portion of the documentation. I know why it works for me, but would a= nyone conceivably use this in a non-Dockerized deployment?

Thanks,
Andrew


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

Enterpr= iseDB UK: http://= www.enterprisedb.com
The Enterprise PostgreSQL Company


--
Fahar Abbas
= QMG
EnterpriseDB C= orporation
Phone Office: +92-51-835-8874
Phone Direct: +92-51-8= 466803
Mobile: +92-333-5409707
Skype ID: live:fahar.abbas
W= ebsite: www.enter= prisedb.com


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @p= gsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL = Company
--0000000000009786bd058cd837f5--