When attempting to create the PgSQL database for the BareOS catalog (using the scripts that ship with BareOS), the scripts are always run as the same user that Puppet is running as (root, for most people). This means that root needs password-less access to PgSQL, which for better or worse, most of the PostgreSQL community doesn't seem to treat as normal and PostgreSQL (org) doesn't appear to recommend.
While the init catalog exec isn't written to support an alternative user, Puppet's core exec resource supports using one, and it's quite a lot more common to use the postgres user as the de facto local superadmin for PgSQL. Since there's a breaking-change release in progress already, this would be a good time to add this.
I'll try to file a PR for this later, but if I don't get to it, please don't anybody hesitate to grab this. It should be pretty quick.
When attempting to create the PgSQL database for the BareOS catalog (using the scripts that ship with BareOS), the scripts are always run as the same user that Puppet is running as (
root, for most people). This means thatrootneeds password-less access to PgSQL, which for better or worse, most of the PostgreSQL community doesn't seem to treat as normal and PostgreSQL (org) doesn't appear to recommend.While the init catalog exec isn't written to support an alternative user, Puppet's core exec resource supports using one, and it's quite a lot more common to use the
postgresuser as the de facto local superadmin for PgSQL. Since there's a breaking-change release in progress already, this would be a good time to add this.I'll try to file a PR for this later, but if I don't get to it, please don't anybody hesitate to grab this. It should be pretty quick.