[Rt-commit] rt branch 5.0/database-config-docs created. rt-5.0.2-39-g38af353f6a

BPS Git Server git at git.bestpractical.com
Tue Nov 30 15:24:19 UTC 2021


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".

The branch, 5.0/database-config-docs has been created
        at  38af353f6a320d6f489fa5e47b412987e8d67e35 (commit)

- Log -----------------------------------------------------------------
commit 38af353f6a320d6f489fa5e47b412987e8d67e35
Author: Brett Smith <brett at bestpractical.com>
Date:   Tue Nov 30 10:22:48 2021 -0500

    Document that database credentials are optional

diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index e266d0fa51..9505d21ad7 100644
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -221,7 +221,9 @@ Set($DatabasePort, "@DB_PORT@");
 
 =item C<$DatabaseUser>
 
-The name of the user to connect to the database as.
+The name of the user to connect to the database as.  You can leave this blank
+if it's not required by your database (for example, if your database
+uses peer authentication).
 
 =cut
 
@@ -229,7 +231,9 @@ Set($DatabaseUser, "@DB_RT_USER@");
 
 =item C<$DatabasePassword>
 
-The password the C<$DatabaseUser> should use to access the database.
+The password the C<$DatabaseUser> should use to access the database.  You can
+leave this blank if it's not required by your database (for example, if your
+database uses peer authentication).
 
 =cut
 

commit 83272954ff8d71ca088d03fcde2c4d9dec743f12
Author: Brett Smith <brett at bestpractical.com>
Date:   Tue Nov 30 09:32:30 2021 -0500

    Document the true meaning of a blank DatabaseHost
    
    The sentence "If you're running MySQL and on localhost, leave it blank
    for enhanced performance." can mislead readers in a few different ways.
    
    One, it implies that setting this blank is something only MySQL
    supports. However, I've confirmed that it works the same way for
    PostgreSQL. The documentation for DBD::Oracle suggests it should work
    for that too, but I haven't tested it.
    
    Two, it implies unsetting this value is *just* a performance
    optimization. However, there are many ways that database server
    configuration can mean that connecting over the local socket is very
    different than connecting over the network:
    
    * The socket may be unavailable to users running RT because of file
    permissions, security context, or because it has been disabled in the
    database server configuration.
    
    * The socket may support different connection types than the
    network. For example, in its stock configuration, PostgreSQL only
    authenticates users via the `ident` method over the socket. Password
    authentication is typically reserved for network connections.
    
    You could actually use this to do a completely passwordless RT install,
    with both MySQL and PostgreSQL. If you have an account with sufficient
    permissions to run `rt-setup-database`, and you make DatabaseUser be
    www-data/httpd, then that's sufficient to run RT. (You just need to be
    careful to run cron jobs etc. also as www-data/httpd, or also grant them
    their own database accounts with sufficient privileges.) This improves
    security because all authentication is handled by the operating system
    itself, and there's no password to leak that would let an attacker
    access the database out of band. This is a little difficult to set up
    today because rt-setup-database doesn't support creating the account
    passwordless, but if you set it up after the fact it works.

diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index aabfc5cf2a..e266d0fa51 100644
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -201,8 +201,9 @@ Set($DatabaseType, "@DB_TYPE@");
 
 =item C<$DatabaseHost>
 
-The domain name of your database server.  If you're running MySQL and
-on localhost, leave it blank for enhanced performance.
+The domain name of your database server.  If this is blank or undefined, RT
+will attempt to connect to the database using a local socket instead of the
+network.
 
 =cut
 

commit bea0ae037e629c8f3ea4c10f9f2df85cfbd0ac3f
Author: Brett Smith <brett at bestpractical.com>
Date:   Tue Nov 30 09:14:03 2021 -0500

    Add more documentation for $DatabaseRTHost config

diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index b0b0c5cc65..aabfc5cf2a 100644
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -199,18 +199,14 @@ Database driver being used; case matters.  Valid types are "mysql",
 
 Set($DatabaseType, "@DB_TYPE@");
 
-=item C<$DatabaseHost>, C<$DatabaseRTHost>
+=item C<$DatabaseHost>
 
 The domain name of your database server.  If you're running MySQL and
 on localhost, leave it blank for enhanced performance.
 
-C<DatabaseRTHost> is the fully-qualified hostname of your RT server,
-for use in granting ACL rights on MySQL.
-
 =cut
 
 Set($DatabaseHost,   "@DB_HOST@");
-Set($DatabaseRTHost, "@DB_RT_HOST@");
 
 =item C<$DatabasePort>
 
@@ -238,6 +234,20 @@ The password the C<$DatabaseUser> should use to access the database.
 
 Set($DatabasePassword, q{@DB_RT_PASS@});
 
+=item C<$DatabaseRTHost>
+
+C<DatabaseRTHost> is only used by MySQL/MariaDB.  When C<rt-setup-database>
+creates C<DatabaseUser> in a MySQL database, it will use this value as the
+account hostname.  You can set any value MySQL itself supports, including
+hostname or IP address, optionally using SQL wildcards or a netmask in
+dotted quad format to match multiple addresses.  For full details, refer to
+the MySQL Reference Manual about L<specifying account
+names|https://dev.mysql.com/doc/refman/5.7/en/account-names.html>.
+
+=cut
+
+Set($DatabaseRTHost, "@DB_RT_HOST@");
+
 =item C<$DatabaseName>
 
 The name of the RT database on your database server. For Oracle, the

-----------------------------------------------------------------------


hooks/post-receive
-- 
rt


More information about the rt-commit mailing list