pg_ident mappings should live in an app-owned moments.conf, not host-named files #3
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The moments cert_cn → role mappings in
pg_ident.conf.d/were written to per-host files (<cert_cn host>.conf), shared with other apps' mappings for the same hosts (e.g.nikola.kosherinata.internal.confcarried bothmmandmoments_ro). Any other app's provisioning that rewrites its host file can clobber or drop moments access.This also bit in practice: when the worker moved from roosta to frootmig, no
frootmig...confmapping was created, and the worker crash-looped withno match in usermap "cert_cn"(masked until the frootmig host cert expiry was fixed on 2026-07-02).Fix:
script/db-perms.shmaintains a single app-ownedpg_ident.conf.d/moments.confand migrates anymoments_ro/moments_rwlines out of legacy host-named files (verbatim, so workstation mappings survive), deleting legacy files left empty.frankie.kosherinata.internal→frankie.hanzalova.internal; the old name no longer resolves) and warn-and-continue on unreachable pg hosts instead of aborting.asset/postgres/ident.conf.tmpldocuments the new convention.Applied to magrathea (primary) on 2026-07-02; frankie (standby) is tracked separately.