[pgpool-hackers: 2988] Re: Pgpool-II 4.0 alpha2 show-stoppers

Tatsuo Ishii ishii at sraoss.co.jp
Fri Aug 24 14:34:06 JST 2018 

> Here are items we need to resolve before going to alpha2.
> 
> 1) 0000425: pgpool_setup don't work with pre PostgreSQL 10.
>    - https://www.pgpool.net/mantisbt/view.php?id=425
>    - Tatsuo already pushed fix. Let's see if buildfarm complains.
> 
> 2) 0000426: Pgpool-II contines to emit warning messages
>    - https://www.pgpool.net/mantisbt/view.php?id=426

I have looked into this a little bit. It turns out that the
specification for all "password" entries (health check streaming
replication delay check, at least) in the pgpool.conf has been changed
since 4.0. From the 4.0 manual:

-------------------------------------------------------------------------
If health_check_password is left blank Pgpool-II will first try to
get the password for health_check_user from pool_passwd file before
using the empty password.

You can also specify AES256-CBC encrypted password in
health_check_password field. To specify the AES encrypted password,
password string must be prefixed with AES after encrypting (using
aes-256-cbc algorithm) and encoding to base64.
-------------------------------------------------------------------------

Since pgpool_setup left password blank (actually not blank, but empty
string), Pgpool-II tries to retrieve health_check_user, for example,
from pool_passwd. But since pool_enable_hba = off, no entry for the
user found in pgpool_passwd. I think this behavior is strange, since
pool_passwd should only be consulted when pool_enable_hba is on.

Also I have to point out "password string must be prefixed with AES
after encrypting" is questionable spec. Since people could enter any
clear text password including prefixed with AES, there's no way to
determine if it is a clear text password or AES encrypted. If we want
to store AES encrypted password, then there should be a configuration
parameter which specifies the password format (encrypted in AES or
not).

Without the flag, the design looks too hacky.

Note that I pointed out similar thing regarding pool_passwd. I
objected to include clear text password in pool_passwd for the same
reason above.

> 3) 0000427: pg_enc emits wrong warnings
>    - https://www.pgpool.net/mantisbt/view.php?id=427
> 
> 4) Covery errors (mostly memory leaks)
>    - Usama is working on it.
> 
> 5) Clear text password should not be allowed in pool_passwd
>    https://www.pgpool.net/pipermail/pgpool-hackers/2018-August/002979.html
> 
> 6) Cert auth does not work between client and Pgpool-II
>    https://www.pgpool.net/pipermail/pgpool-hackers/2018-August/002983.html
> 
> Please add items if I missed something.
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp
> _______________________________________________
> pgpool-hackers mailing list
> pgpool-hackers at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-hackers

More information about the pgpool-hackers mailing list