From a8bb6269d78c68248057ffbd77b471fef52650d0 Mon Sep 17 00:00:00 2001 From: "Karl O. Pinc kop@karlpinc.com" Date: Thu, 13 Feb 2025 22:55:04 +0000 Subject: [PATCH] Correctly document how to bootstrap role installation on Azure Rather than mess around with the actual generated SQL and have multiple new make targets, provide instructions on what to do to make things work on Azure. This is lame, but simple. Even the actual instructions are lame, since they assume prior knowledge and are only templates. They should be sufficient for someone who works with Postgres, which is good enough for the moment. --- make_files/make_cluster.mk | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/make_files/make_cluster.mk b/make_files/make_cluster.mk index 728e94f..7104695 100644 --- a/make_files/make_cluster.mk +++ b/make_files/make_cluster.mk @@ -75,7 +75,39 @@ ## 2) Drop the "throwawaydb" database with the "az-drop-throwawaydb" ## target. ## -## 3) Skip step 1 of the "not on Azure" instructions below and +## 3) Create a 2nd "azure administrator" role, just like the role +## Azure created as the ADMINUSER in step 1. This involves +## something like the following, where the shell variables +## have the values corresponding to those used in step 1: +## +## echo "create role ${ADMINUSER}2 noinherit createrole " \ +## "createdb bypassrls;" \ +## | psql -U $ADMINUSER -h $TARGET_SERVER -d postgres +## +## The above may have difficulties logging in because the supplied +## SQL may be interpreted as a password. Supply the SQL to psql +## interactively if necessary. +## +## THE ROLE YOU CREATE MAY NEVER BE DROPPED. +## +## 4) Use the 2nd "azure administrator" role to create the "role_owner" +## role, and grant "role_owner" to the _1st_ "azure administrator". +## This looks something like: +## +## ( echo "create role role_owner nologin noinherit createrole " \ +## "createdb bypassrls;" \ +## echo "grant role_owner to $ADMINUSER with admin option ;" ) \ +## | psql -U ${ADMINUSER}2 -h $TARGET_SERVER -d postgres +## +## If you cannot login you may need to assign a password to the +## 2nd "azure administrator" role. Login as the 1st "azure +## administrator" and use psql's "\password" command. +## +## 5) Run "make db/creategroups.sql" and edit this file, commenting +## out the CREATE ROLE that creates the "role_owner" group. +## (This makes step 2, of the "Not on Azure" instructions work.) +## +## 6) Skip step 1 of the "not on Azure" instructions below and ## finish the cluster installation by starting at step 2. ## (You have an administrative user.) ## -- 2.34.1